I'm using k8s to deploy my app which has 3 parts. The main website (landing page), App component 1 (by admins only) and App Component 2 (for paid users). I've recently come across a pattern where there is a main external load balancer, and an ingress for each part of the app. Eg:
LB
-> Ingress1 -> Main App
-> Ingress2 -> App Component 1 (only accessible by admins)
-> Ingress3 -> App Component 2 (only accessible by paid users)
Is it common to have an architecture like this? Could someone point me to a few good examples (using k8s) which are deploying apps like this. Thanks in advance!
The most common way that we can follow is to create a single ingress which will forward a traffic based on path. For example,
paths:
- path: /app1/
backend:
serviceName: app_1
servicePort: 80
- path: /app2/
backend:
serviceName: app_2
servicePort: 80
So "serviceName" is any service name created in k8s(LB/NodePort/ClusterIP). Finally use this created ingress in external LB/ App GW to forward your external traffic to your application.
GKE does not support using Ingress or Load Balancers as backends for other Load Balancers. Instead, you can do one of the following:
Create an ingress for each entry point (this is more expensive)
Create a single Ingress using multiple paths (one for each backend). This will route traffic based on the URL entered. This is likely your best and most cost efficient solution. For security, you can incorporate Cloud Armor to ensure that users only access paths they should be accessing.
Create an Ingress to expose your main application, then use service type LoadBalancers to expose the paid portal and the Admin portal. These will work as layer 4 (so you will need to have a DNS record to point the admin and paid URLs to the appropriate IP). You can configure the Load Balancer spec.loadBalancerSourceRanges field to only allow specific IP ranges to restrict access to the admin portal
On another note, there is little benefit in your layout to have a Load Balancer in front of the Ingresses since you aren't looking to balance traffic between the 3 ingresses. You want all traffic hitting the ingresses and then being directed to the right backend and balanced between serving pods.