We have a set of microservices deployed on a Kubernetes cluster which serves API. Also we have a Single Page web app - which is accessed for both pre-logic and post-login scenarios. i.e. some of the requests coming to web app are anauthorized.
App the APIs go through Apigee which is deployed on a separate zone.
What are the security risks in exposing webapp (on Kubernetes cluster) to internet via WAF (please note that webapp servers unauthorised public pages as well)
Given #1 is a security risk, what if exposing a react-js SPA (html, css and js) via Apigee?
- 2A. Will that reduce/ eliminate the security risk in #1?
- 2B. Is it a valid architectural pattern to expose html, css and js via an API Gateway like Apigee?
