How do make my microservices only accessible by the api gateway

Question

I would like to know how I can protect my Nodejs microservices so only the API gateway can access it. Currently the microservices are exposed on a unique port on my machine and can be access directly without passing through the gateway. That defeats the purpose of the gateway to serve as the only entry point in the system for secure and authorized information exchange.

The microservices and the gateway are currently built with Nodejs and express.

The plan is to eventually deploy it on the cloud (digital ocean). I'd appreciate any response. Thanks.

Answer 1

Kubernetes can solve this problem.

Kubernetes manages containers where each container can be a micro service. While connecting your micro services to your gateway server, you can choose to only allow foreign connections to your gateway server. You would have a load balancer / nginx in your kubernetes cluster that redirects request to your gateway server.

Kubernetes has many other features such as:

• service discovery: each of your micro service's IP could potentially change on restart/deployment unless you have static IP for all ur services. service discovery solves this problem.
• high availability & horizontal scaling & zero downtime: you can configure to have several replicas for each of your service. So when one of the service goes down there still are other replicas alive to deal with the remaining requests. This also helps with CICD. With something like github action, you can make a smooth CICD pipeline. When you deploy a new docker image(update a micro service), kubernetes will launch a new container first and then kill the old container. So you have zero down time.

If you are working with micro services, you should definitely have a deep dive into kubernetes.