Services Internal and External communications
Detailed
Excellent question β this is a key topic for SRE and DevSecOps interviews. Letβs break it down clearly and practically:
𧩠1. Overview: Microservices Communication in EKS
In EKS (Elastic Kubernetes Service), microservices typically run as separate pods and need to communicate securely and reliably. Enterprise setups use a layered architecture for service discovery, traffic routing, security, and observability.
ποΈ 2. Common Communication Patterns in Enterprises
Service-to-Service (EastβWest traffic)
Internal communication between microservices (e.g., orders β payments)
- Kubernetes DNS (ClusterIP Services)- Istio / Linkerd (Service Mesh)- mTLS for encryption
Ingress (NorthβSouth traffic)
External traffic coming from the internet into the cluster
- AWS ALB / NLB- Ingress Controller (Nginx, Istio Gateway, Kong, Traefik)- WAF or API Gateway (AWS API Gateway / Kong / Apigee)
Egress
Outbound traffic from the cluster to external APIs or databases
- Istio Egress Gateway- NAT Gateway or VPC Endpoints- NetworkPolicies for control
Async / Event-driven
Decoupled communication for background jobs or events
- Kafka / RabbitMQ / SQS / SNS- EventBridge- Redis Streams
𧱠3. Common Enterprise EKS Communication Architecture (Mid-Level Setup)
Hereβs what youβd typically see:
βββββββββββββββββββββββββββββββββ
β External Users β
ββββββββββββββ¬βββββββββββββββββββ
β
ββββββββΌβββββββ
β AWS ALB/NLB β β (Ingress)
ββββββββ¬βββββββ
β
ββββββββββββββΌβββββββββββββ
β Ingress Controller (e.g.β
β Nginx / Istio Gateway) β
ββββββββββββββ¬βββββββββββββ
β
ββββββββββββΌββββββββββββ
β Service Mesh (Istio β
β / Linkerd Sidecars) β
ββββββββββββ¬ββββββββββββ
β
ββββββββββββββββΌβββββββββββββββ
β β β
βββββββΌβββββ ββββββΌβββββ ββββββΌβββββ
β orders β β payment β β users β β (Microservices)
βββββββ¬βββββ ββββββ¬βββββ ββββββ¬βββββ
β β β
β (mTLS, L7 routing, β
β retries, tracing) β
β β β
βββββΌββββββββββββββββββββββββββββΌββββ
β Internal Databases / Message Bus β
β (RDS / DynamoDB / Kafka / Redis) β
ββββββββββββββββββββββββββββββββββββββπ 4. Security & Access Control
Network
AWS VPC, private subnets, Security Groups
Pod-to-Pod
NetworkPolicy, Istio mTLS, Authz Policies
API Layer
JWT/OAuth2, API Gateway authentication
Secrets
AWS Secrets Manager / KMS, sealed-secrets
π 5. Observability Stack (Typical Enterprise Setup)
Metrics
Prometheus + Grafana
Tracing
Jaeger / Tempo / X-Ray
Logging
EFK (Elasticsearch + Fluentbit + Kibana) or CloudWatch
Alerts
Alertmanager / PagerDuty / Opsgenie
π§ 6. Example Communication Flow
Letβs say a user places an order:
User β
ALBβIngress Controllerβorders-serviceorders-servicecallspayment-servicevia Service Mesh (Istio handles retries, timeout, and mTLS)payment-servicepublishes an event to Kafka/SQSnotification-serviceconsumes the event and sends an emailTraces and metrics go to Prometheus + Grafana + Jaeger
βοΈ 7. Common Tools Stack for Mid-Level Enterprises
Kubernetes Platform
EKS (managed control plane)
Networking / Ingress
AWS ALB + Nginx / Istio Gateway
Service Mesh
Istio / Linkerd
API Gateway (Optional)
AWS API Gateway / Kong
Messaging
Kafka / RabbitMQ / SQS
Observability
Prometheus, Grafana, Jaeger
Security
IAM, IRSA, KMS, mTLS, NetworkPolicies
Would you like me to diagram this as a visual architecture (image) β showing how microservices, Istio, Ingress, and observability components connect inside EKS? Itβll help you explain easily in interviews.
Last updated