Backend and Frontend in same kubernetes yaml file?

0
votes

I am digging into nginx, Kubernetes and SSL as I am trying to deploy my web app onto Kubernetes via Google Kubernetes Engine (GKE).

A little about my project:

  • My frontend is a React web application
  • My backend is a Node Express API service

They are on separate repos (ex: frontend repo and backend repo)

I am planning on using nginx to serve my frontend and proxy requests to my backend.

My question is...

Would it be possible to have both my backend and frontend within the same Kubernetes config yaml file, and if possible, is this best practice to do so?

How I see it is...

In my nginx.conf file, I will have a server section that has a proxy_pass to something like localhost:8000, which is the port of the backend. I would assume this would work if both are within the same container and local network.

I would then probably have a load balancer that points to nginx.

Any help or advice is appreciated! I hope this makes sense (still very new to this)!

2
nginxkubernetesdeploymentproxygoogle-kubernetes-engine
What do you exactly mean by "backend and Frontend in same kubernetes yaml file" ? Do you want them to be managed by a single Deployment ? This is not a good idea. Within the same container ? Even worse. Although it might seem technically possible but you should avoid such design of your app. Two separate Deployments you can put in a single file if you like and separate them with --- so when you run kubectl apply -f deployments.yaml both of them are deployed at once. Then you can define a single ingress resource as the answer below suggests.mario
Hi Mario, thanks for the advice. So, best practice would probably be to have two deployments (lets say one frontend deployment.yaml and one backend deployment.yaml. Merging it into one deployments.yaml file is possible. Another question I have then is.. the comment below suggests Ingress, so I'm curious if having two load balancers would also work as well or if Ingress is suited better for this scenario? Thanks!kennycodes

2 Answers

1
votes

Let's start from the beginning. There is too much to say on this topic to put everything in the comments, so let's move it to an answer. If something below isn't entirely clear, don't hesitate to ask.

First of all you need to start from your application architecture and try to determine how it is supposed to work, what part should be able to communicate with another one.

Microservices approach in design of applications is entire broad topic and would deserve rather separate article than attempt to explain it in a single answer. But in a nutshell, all it is about is decoupling the application into separate parts where each of them have a distinct functionality and can be developed, deployed and updated separately. Those elements can be closely related, they can even totally depend on one another but at the same time they are separate entities.

Kubernetes by its very nature encourages you to follow the above approach. If you read more about Pods, you will see that they are perfectly made for this purpose, for being a kind of wrapper for single microservice. This is a simplification to some extent, but I believe it reflects the essence of the matter. In real production environment you can have a set of Pods managed by higher abstraction such as Deployment, but note that even if you have 3 or more replicas of a single Pod it still represents the same single microservice, only scaled horizontaly e.g. to be able to handle bigger load or more requests.

Separate sets of Pods representing different microservices can communicate with each other and be exposed to external world thanks to Services.

As you can read in kubernetes docs, an Ingress is:

An API object that manages external access to the services in a cluster, typically HTTP. Ingress may provide load balancing, SSL termination and name-based virtual hosting.

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

    internet
        |
   [ Ingress ]
   --|-----|--
   [ Services ]

You should ask yourself if you really want to expose to the external world both your frontend and backend Pods. Typically you don't want to do it. Backend by its very definition should act as a... well... as a backend of your app :) It is not supposed to be reachable directly by external users but only via frontend part of the application so it shouldn't be exposed via Ingress. Only after the frontend part of your app receives a request from external user, it makes its own request to the backend, retrives some data processed by the backend app and then passes it to the end user. User doesn't make direct requests to your backend app.

You can expose via Ingress different parts of your application using different paths (like in the example given in another answer), which can be backed by different microservices running in different sets of Pods but still they should be frontend parts of your app, NOT backend.

Backend Pods is something that you usually expose only within your kubernetes cluster, to make it available to other components of your app. For that purpose simple Service of type ClusterIP (which is by the way the default type, automatically chosen when the type: field is not specified) is the way to go.

I would encourage you to read more about different Service types and what they are used for.

You may also want to take a look at the following articles. I believe they will make the whole concept even clearer:

Connecting Applications with Services

Connect a Front End to a Back End Using a Service

As to merging different kubernetes objects definitions to a single yaml file like in this example, where you can see Service and Deployment defined in a single yaml file and separated with --- is just a convention and I wouldn't pay too much attention to it. If it makes your work more convenient, you can use it.

As to your additional question in the comment:

I'm curious if having two load balancers would also work as well or if Ingress is suited better for this scenario?

I hope after reading the whole answer it's already much clearer. Note that typically an Ingress also uses loadbalancer under the hood. If you only want to expose externally your frontend app without using different paths which are backed by separate microservices, you may not even need an Ingress. LoadBalancer Service would be totally enough for what you want to accomplish. Remember that you also use it to expose your app to the external world. If you expose something only within your cluster, that shouldn't be reachable from outside, use simple ClusterIP Service instead.

LoadBalancer: Exposes the Service externally using a cloud provider’s load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.

I hope this answered your question.

0
votes

I would say use nginx ingress controller as an implementation of ingress. And you can have ingress rules for both frontend and backend in the same ingress.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /frontend
        backend:
          serviceName: frontend
          servicePort: 80
        path: /backend
        backend:
          serviceName: backend
          servicePort: 80