A To-do application deployed on Elastic Kubernetes Service (EKS).
The architecture of this application is designed to mimic a real world web application development, such that each microservice is deployed in a container as a pod within a Kubernetes Cluster and each microservice is written a different framework. The microservice distribution is as follows:
- Frontend: VueJs
- Todos API: NodeJs
- Auth API: GoLang
- Database: Redis
- Queue: Python3
- Users API: SrpingBoot
- Network Operator: Calico
- Ingress Controller: Kubernetes-NGINX
Each container is stored in Elastic Container Registry (ECR) and EKS pulls the container images from the ECR and deploys them as pods in k8s. The entire deployment strategy is constructed and deployed behind AWS' CDN infrastructure, and all the incoming requests are handled by the AWS' network Load Balancer. Also, NGINX ingress controller is configured as a deployment controller to route the incoming traffic data within the Kubernetes Pods.
All microservices are governed by Network policies and RBAC to enforce security and access control within the application. For example, the frontend pod is accessible to all incoming requests, but front end pod can only communicate with Auth API and Todos API. Also Users API can only communicate to the Auth API, and Todos API can only communicate to the redis server.
This is enforced by keeping in mind the security design principle of Least Privilege.
The application uses JWT tokens for managing authentication and authorization. These tokens are stored within the databsae for authenticated users. Each pod has it's own documentation for the working and debugging refer to the folder documentation for each pod.