D2 Example of API traffic

example.d2

aws cname: "AWS CNAME" {
  description: |md
    api.example.com with an imperva dns
  |
}

imperva: "WAF" {
  description: |md
    WAF to protect against bots, attacks
    Forward traffic to APIGEE        
  |
}

apigee: "API Gateway" {
  description: |md
    API Gateway with routing, configuration, proxies, policies
  |
}

aws alb: "Application Load Balancer" {
  description: |md
    An external facing public ALB with a security group
    configured to only allow APIGEE IP traffic
  |
}

aws target group: "Target Group" {
  description: |md
    Contains a set of servers configured with request rules
    to route traffic to the appropriate servers that can handle the incoming request
  |
}

reverse proxy: "Nginx/Apache" {
  rules: {
    "/path1" -> "eks cluster A ingress"
    "/path2/(.*)" -> "eks cluster B ingress"
    "/some-other-path" -> "aws ec2 IP"
    "/some/other-path" -> "aws elastic container service"
  }
}

aws ec2: {
  description: |md
    This could be an IIS ASP.NET Hosted application  
    listening on port 443/80 to handle the request
  |
}

aws eks ingress: {
  description: |md
    An `Ingress` manifest definition is defined for each `k8s deployment`  
    The `k8s ingress controller` matches on an `k8s ingress` based on `host and path`  
    The matched `k8s ingress` is associated to the `K8s service` manifest which is used to `forward
    traffic` to the appropriate `pod` by using a `selector` on the defined `k8s service`  
    The `K8s Pod` acts as an individual machine with an IP, and can have multiple `containers`
  |
}

k8s namespace: {
  grid-columns: 1
  network policies: {
    description: |md
      contains `rules` around `IPs`, `Ports` for `ingress` and `egress` traffic
      This enables pods to reach out to external systems, such as databases, or other services
    |
    egress rules: {
      allow / disallow
    }
    ingress rules: {
      allow / disallow
    }
  }
  ingress: {
    rule path: {
      "/path2/*"
    }
    domain host: {
      "api.example.com"
    }
  }
  service: {
    description: |md
      The service is used to expose the pod
    |
    port: {
      443
    }
    targetPort: {
      443
    }
    selector: {
      my-app
    }
  }
  pod: {
    selector: {
      my-app
    }
    container a: {
      port: {
        443
      }
      forward: {
        localhost: 80
      }
    }
    container b: {
      port: {
        80
      }
      description: |md
        handles the request
      |
      web server: {
        /path2/customers/
        /path2/orders/
        /path2/items/
      }
    }
  }
  ingress -> service
  service -> pod
  pod.container a -> pod.container b
}

nosql: {
  /customers
  /orders
}

postgres: {
  schema items: {
    id
    name
    description
    qty
    price
  }
}

aws cname -> imperva
imperva -> apigee
apigee -> aws alb
aws alb -> aws target group
aws target group -> reverse proxy
reverse proxy -> aws ec2
reverse proxy -> aws eks ingress -> k8s namespace

k8s namespace -> nosql
k8s namespace -> postgres

# k8s namespace.pod.container b.web server./path2/customers/ -> nosql
# k8s namespace.pod.container b.web server./path2/orders/ -> nosql
# k8s namespace.pod.container b.web server./path2/items/ -> postgres