如何不暴露我的后端微服务,使用 API 网关?

huangapple go评论57阅读模式
英文:

How can i not expose my backend microservice using api gateway?

问题

我有一个部署在K8s集群中的应用程序,该应用程序的前端和后端都是公开的,有没有办法不公开后端?我考虑过API网关,它是否可以满足我的请求,如果可以,如何实现?如果不行,有什么替代方案吗?

谢谢您提前。我尝试了Kong网关,但效果不是很好。

英文:

I have an app that is deployed in k8s cluster and the frontend and the backend of the app are exposed, is there a way to not expose the backend ? i thought about the api gateway is it going to fulfills my requests if yes how ? and if not what's the alternatives ??

Thank you in advance

I tried the gateway kong and it did not work out very well

答案1

得分: 1

以下是翻译的部分:

通常,大多数应用程序具有前端部分,用于提供HTML以及任何静态资源,如图像、CSS和JavaScript(例如ReactJS等单页应用程序)。
如果您有一些SPA,那么您可能会有一个后端API,使用Node / Python / PHP / Java之类的语言编写,用于向前端应用程序提供动态数据。

如果您的前端和后端都暴露在互联网上,这是可以接受的并且符合预期。

如果您的后端没有暴露在互联网上,那么前端将无法加载动态数据。

话虽如此,您提到您正在使用或至少尝试使用API网关。通常,您不会直接将后端暴露在互联网上。相反,您将API网关暴露在互联网上,API网关充当反向代理到后端的角色。

要在Kubernetes中实现此目标,通常会为您的API网关创建一个服务类型负载均衡器。并为后端配置一个服务类型集群IP。

ClusterIP:在集群内部IP上公开服务。选择此值使服务仅能从集群内部访问。这是如果不显式为服务指定类型,则使用的默认值。您可以使用Ingress或Gateway API将服务公开给公众。

英文:

Your question requires more detail for me to be certain, however I will take a stab at pointing you in the right direction.

Typically, most apps have a frontend which serves the HTML, and any static assets such as images, css and javascript (like a single page app such as ReactJS)
If you have some SPA, then you will likely have a backend API written in something like Node / Python / PHP / Java to serve your frontend app with dynamic data.

If your frontend and backend are exposed to the internet, this is OK and expected.

If your backend was not exposed to the internet, then it would be impossible for your frontend to load dynamic data.

That said, you mentioned that you are using or at least tried to use an API Gateway. Typically, you would not expose your backend directly to the internet. Rather, you would expose your API Gateway to the internet, with the API Gateway acting as a reverse proxy to your backend.

In order to achieve this (in Kubernetes), you would typically create a Service type Load Balancer for your API Gateway. And configure a Service type Cluster IP for your backend.

> ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default that is used if you don't explicitly specify a type for a Service. You can expose the service to the public with an Ingress or the Gateway API.

huangapple
  • 本文由 发表于 2023年2月6日 17:46:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/75359653.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定