Question

Can I get nginx to call another microservice inside of AKS k8s prior to it routing to the requested api? - the goal being to speed up requests (fewer hops) and simplify build and deployment (fewer services).

Explanation

In our currently deployed Azure AKS (Kubernetes) cluster, we have an additional service I was hoping to replace with nginx. It's a routing microservice that calls out to a identity API prior to doing the routing.

The reason is a common one I'd imagine, we recieve some kind of authentication token via some pre-defined header(s) (the standard Authorization header, or sometimes some bespoke ones used for debug tokens, and impersonation), we call from the routing API into the identity API with those pre-defined headers and get a user identity object in return.

We then pass on this basic user identity object into the microservices so they have quick and easy access to the user and roles.

A brief explanation would be:

• Nginx receives a request, off-loads SSL and route to the requested service.
• Routing API takes the authorization headers and makes a call to the Identity API.
• Identity API validations the authorization information and returns either an authorization error (when auth fails), or a serialized user identity object.
• Router API either returns there and then, for failure, or routes to the requested microservice (by cracking the request path), and attaches the user identity object as a header.
• Requested microservice can then turn that user identity object into a Claims Principal in the case of .NET Core for example.

There are obviously options for merging the Router.API and the UserIdentity.API, but keeping the separation of concerns seems like a better move. I'd just to remove the Route.API, in-order to maintain that separation, but get nginx to do that work for me.