How to deploy frontend and backend ECS services? - amazon-web-services

I am new to ECS. I have an Apollo React web app client and an Apollo Express server API. I have deployed React client (:80) successfully via ECS Getting Started. Also configured HTTPS and it can be accessed at https://my-application/
Now I am trying to deploy API server (:8081). I created a new task definition and created a new service by following this tutorial - https://www.youtube.com/watch?v=3Kr_455zMk4
I chose 80:HTTP for Production listener port and same load balancer name with React client, created a new target group: ecs-default-cluster-server-api. Path pattern: /server-api* and 1 for Evaluation order. However it does not work for me.
I want to deploy server API at https://api.my-application/ or any other suitable path. How do I do it?

Related

Can I use AWS Elastic Beanstalk to host a Spring Boot application

I have a front-end and a back-end.
Front end is made using HTML,CSS,and ajax calls to fetch the backend data.
The backend is a Spring Boot application.
For the front end I do not have a middleware as it is plain HTML,so I am hosting it using nginx on aws. The backend is Spring Boot and runs on tomcat(default), how do I host these on aws and connect the front and backend.
Do I need an EC2 instance or something like elastic beanstalk is preferred.
To answer your question - yes using Elastic Beanstalk to host your Spring BOOT application is a valid way to deploy it on AWS. I have a similar app that returns JSON data - as shown below. I have separate React app that consumes this Spring BOOT Rest API.
You asked how to connect the front end and back end. It is typically done via Restful Get or Post requests. For example, I can connect to my Spring Boot Rest API in React using a lib like Axios.

Cannot connect frontend app{Angular} to Backend{SpringBoot} in kubernetes

I am trying to containerize my angular+java app in Kubernetes cluster. I have a frontend deployment and a backend deployment in my k8 cluster. My database is in AWS{RDS}. But i am confused that what API-URL should i give in my Frontend code so that it can get connected to my backend app in k8 cluster.
For e.g :-
In local system i use something like {localhost:8080/api/customers} in my Frontend code but what should i change it to at the time of deploying in Kubernetes cluster.
I have a Kubernetes cluster setup with 1 master and 2 slave nodes, I created a deployment of my backend app and exposed it through Cluster Ip, and than i gave this cluster ip and port in my frontend application.
After that i pushed the image to docker hub and than created a k8 deployment for it, but still its not working.
My main ask is what URL and Port should i mention in my Frontend application target URL so that it can find hit my java APIs.
The front end angular application is running inside the browser of a user. This is outside of the kubernetes Cluster and you therefore can not use the kubernetes Service Name as api endpoint.
You need to make the spring boot api accessible from outside of kubernetes, usually using an ingress or load balancer. You use this external ip or host name as api url in the angular application.
if your two applications run in the same kubernetes cluster so you would have to call your backend service like this: svcname:port for example
http://login:8080/login
This assuming the pods for your frontend are on the same Kubernetes namespace. If they are on a different namespace you would call something like this:
http://login.<namespace>.svc.cluster.local:5555/login
Exposing my back-end service to a Load Balancer, and than using that Load Balancer endpoint in my Front-end application worked for me.

How to make frontend application talk to backend applications without creating ingress for the backend

I have deployed a kubernetes cluster using kops. The current cluster uses an nginx ingress controller which creates a classic load balancer in AWS. I have some backend applications that talk to the frontend application and some backend services that just talk to each other. The problem is that that the only way currently to make the frontend app talk to the backend apps is by creating an ingress for the backend apps since the frontend sends requests via the domain name since it doesn't understand the internal service names. For backends, it is fine since they can talk internally just by using the service name and their respective port. How can I achieve this without having to create ingress for backends. Is it possible to do that using an Application load balancer or do I need to have an API gateway for that? How do I achieve this architecture? Adding an architecture diagram to show what I want to achieve. Any help is appreciated.
From your "architecture diagramm" it looks like all your applications are within the cluster. So no need for ingress. You can just use kubernetes services.
Your frontend app should be able to call the endpoints of the backend services otherwise you made something wrong in the configuration of the frontend service.
If you have no chance to change the URL which the frontend app calls for backend services, you can use for example a kubernetes service with CNAME and redirect to your internal services.
You dont need ingress to connect backend from frontend.
assuming both backend and frontend pods are running in the same kubernetes cluster. frontend service can connect backend service using service dns
backend-service.<namespace>.svc.cluster.local

Kubernetes front end deployment timing out when requesting api deployment

Let me start this by saying I am fairly new to k8s. I'm using kops on aws.
I currently have 3 deployments on a cluster.
FrontEnd nginx image serving an angular web app. One pod. External service.
socket.io server. Internal service. (this is a chat application, and we decided to separate this server from our api. Was this a good idea?)
API that is requested by both the socket.io server and the web application. Internal Service (should it be external?)
The socket.io deployment and API seem to be able to communicate through the cluster ips and corresponding services I have set up for the deployments; however, the webapp times out when querying the API.
From the web app, I am querying the API using the API's cluster IP address. Should I be requesting a different address?
Additionally, what is the best way to configure these addresses in my files without having to change the addresses in the files each time I create a new deployment? (the cluster ip addresses change every time you tare down and recreate the deployment)
If I understood correctly your frontend web application depends on API server, so that it sends requests to it. In such case, your API service should be available from outside of the cluster. It means it should be exposed as the NodePort or LoadBalancer service type.
P.S. you can refer to service using ClusterIP only inside of the cluster.

How can I enable API request and MongoDB access only for the app server?

We are working on an app whose Front-end has been decoupled from the back end.
We have 2 project packages. The first project package acts as the front-end for the app and interacts with the 2nd package which acts as the back-end via API.
Front-end is built with:
React
Redux
Back-end is built with:
ExpressJS
MongoDB
We have deployed the app successfully on the AWS EC2 instance but I am doubtful about the security inbound measure we have applied for the packages. Both the packages are deployed on the same ec2 instance.
The front end of the app can be accessed with https://xxx.xxx.x.xxx:8080. Under the security group, under inbound rules, I added the source as anywhere for port 8080 under the custom TCP rule.
I did the same for port 3000 reserved for the back-end API server and port 27017 reserved for MongoDB.
What I actually wanna do is only let the front-end package running on port 8080 talk to the API server and the API server in turn talks to MongoDB.
I do not want everyone to have access to the backend server and MongoDB except for the front-end app server.
Note that I have already used the JWT token to secure the API. This one is to add an extra layer of security.
How can I limit the access to only the Front-end app server?
Thanks in anticipation.
Sorry, are you accessing your MongoDB directly from the frontend? I hope no...
So you should configure firewall on your server (firewalld or iptables) to block Mongo and all other internal ports from access from web.