I have an EKS cluster with several microservices (A, B and C). I followed the "Getting Started Guide" and having a dedicated VPC with worker nodes inside. In the front I have a Load Balancer accepting and routing HTTPS traffic from the Internet. That LB supposed to terminate TLS. I planning to use Istio for traffic management (e.g. as API gateway).
In addition, I have another group of web servers, deployed on the same AWS account and part of the same system. It supposed to be accessible from the Internet as well, but this time it should have Load Balancer accepting TCP traffic. These web servers shall be able to send REST calls to one of the services deployed on EKS (let's say, "A").
The catch: service "A" is internal service and its API shall be accessible internally only (e.g. it should not be exposed to the Internet), while services B and C does exposed to the Internet.
What is the simplest and securest way to achieve what I need?
You can create a Kubernetes service of type 'ClusterIP' for micro-service A. Micro-service B and C can be exposed as LoadBalancer. With this B & C will be exposed. Service A can be accessed internally within K8s Cluster. Hope this helps.