So we have a cluster with namespaces representing different domains. Services in one namespace cannot directly talk to services in another namespaces unless routed through a load balancer. ( goes outside cluster and comes back) We are designing service mesh for the cluster and a api gateway both of which will be in the cluster. So service mesh allows authorization and authentication, wouldn't it be appropriate to allow intradomain communication between services . Is it an antipattern to Domain driven design . Should these calls to intra domain services go always through a API gateway.
1 Answer 1
The gateway will be transparent to the code, so this is really a deployment/networking/resilience thing.
Say you install all your microservices on one box. instead of hitting a load balancer they go direct to localhost.
As long as you have enough CPU to run all the services at a low rate, this is fine. If the box goes down, all the services go down, so you never have a service that can't call another service. *assuming the individual services don't crash.
You can scale this up by having lots of boxes, each with all the services on, with a load balancer on the entry point, and still be fine.
However..... this only really works when you deploy all the services together. Say you wanted to upgrade service B alone. If its behind its own LB you can do a zero downtime, green/blue deployment, using the LB to manage the incoming connections and route them to the correct version.
The idea of a microservice architecture is that you can add/upgrade/orchestrate the various services independently of each other to a degree, and putting each on its own set of load balanced boxes helps you achieve this at the expense of network traffic.
Explore related questions
See similar questions with these tags.