If this feature request related to a problem? Please describe.
We require a robust and secure method to deploy and expose our backend application on Amazon EKS. This is necessary to handle requests originating from our Next.js frontend, which operates outside the Kubernetes subnet, ensuring smooth communication and data flow between the frontend and backend services.
Alternatives Considered If Applicable
We considered using an internal Kubernetes service without external exposure, but due to the architecture of our Next.js frontend needing to send requests directly to the backend from the client-side, this approach would not meet our requirements.
Rationale
Deploying the backend on Amazon EKS and exposing it securely will leverage Kubernetes' powerful features such as load balancing, auto-scaling, and self-healing. It will also ensure that our backend can handle requests securely from the internet, essential for supporting client-side functionalities in our Next.js application.
Implementation Ideas
Develop a Docker container for the backend application ensuring it meets security and performance standards.
Use Kubernetes for orchestration, managing the deployment with Helm for ease of updates and rollbacks.
Expose the backend through an Application Load Balancer, which will handle SSL termination and route external requests to the correct service.
Implement strict network policies and security groups to only allow traffic from specific sources, particularly safeguarding routes that will be accessed from the frontend.
Utilize AWS WAF for further protection against common web exploits that could affect availability, security, or consume excessive resources.
Additional Context
The backend needs to be robustly secured as it will be exposed to the internet. This setup is also a step towards our goal of a fully scalable and microservice-oriented architecture, which will allow more granular scaling and updating of services.
Ivan-E-Johnson
commented
3 months ago
If this feature request related to a problem? Please describe.
We require a robust and secure method to deploy and expose our backend application on Amazon EKS. This is necessary to handle requests originating from our Next.js frontend, which operates outside the Kubernetes subnet, ensuring smooth communication and data flow between the frontend and backend services.
Alternatives Considered If Applicable
We considered using an internal Kubernetes service without external exposure, but due to the architecture of our Next.js frontend needing to send requests directly to the backend from the client-side, this approach would not meet our requirements.
Rationale
Deploying the backend on Amazon EKS and exposing it securely will leverage Kubernetes' powerful features such as load balancing, auto-scaling, and self-healing. It will also ensure that our backend can handle requests securely from the internet, essential for supporting client-side functionalities in our Next.js application.
Implementation Ideas
Additional Context
The backend needs to be robustly secured as it will be exposed to the internet. This setup is also a step towards our goal of a fully scalable and microservice-oriented architecture, which will allow more granular scaling and updating of services.