Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mastering Microservices with Kong (CodeMotion 2019)

69 views

Published on

Slides for my CodeMotion talk on Kong

Published in: Software
  • Be the first to comment

  • Be the first to like this

Mastering Microservices with Kong (CodeMotion 2019)

  1. 1. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 1/36
  2. 2. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 2/36 OO Context What is API Management? Demo What is an API Gateway? Demo Hello, Kong Demo How does it work? Plugins Why Kong? Wrap up
  3. 3. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 3/36 W API MW API M
  4. 4. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 4/36 (source: ) “API management is the process of creating and publishing web APIs, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance. Wikipedia
  5. 5. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 5/36 MM https://pxhere.com/en/photo/1435275
  6. 6. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 6/36 R D 1R D 1 Fro n Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke ! 1. Build a few μ-services 2. Deploy them using Docker compose 3. Observations: 1. Each μ-service has a different address 2. Logic (e.g. security) is duplicated in each μ-service
  7. 7. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 7/36 W API GW API G
  8. 8. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 8/36 (source: ) “Wikipedia does not have an article with this exact name. Wikipedia
  9. 9. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 9/36 (source: ) “Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Amazon API Gateway
  10. 10. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 10/36 (source: ) “Use Azure API Management as a turnkey solution for publishing APIs to external and internal customers. Quickly create consistent and modern API gateways for existing back-end services hosted anywhere, secure and protect them from abuse and overuse, and get insights into usage and health. Azure API Management
  11. 11. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 11/36 μ-μ- https://pxhere.com/en/photo/768263
  12. 12. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 12/36 RR (e.g. nginx, Apache HTTPD, Netflix Zuul) Routing (to individual μ-services) SSL/TLS offloading Load balancing
  13. 13. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 13/36 C API GC API G Authentication Autorisation (limited) Rate limiting Logging Metering Metrics Compression IP black- / whitelisting Caching ... Aggregations and transformations → .backend-for-frontend (BFF)
  14. 14. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 14/36 R D 2R D 2 Fro n Kon Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke !
  15. 15. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 15/36 R D 2R D 2 1. Configure Kong: 1. Define a service that points to an upstream. 2. Define a route for that service. 3. Define an upstream with (1..n) target. SERVICE        url: http://beer-api.upstream/                name: beer-api.service UPSTREAM        name: beer-api.upstream         SERVICE        url: http://brewery-api.upstream/                name: brewery-api.service UPSTREAM        name: brewery-api.upstream         TARGET        target: beer-api:9080                         TARGET        target: brewery-api-1:9080                weight: 10         TARGET        target: brewery-api-2:9080                weight: 20         ROUTE        paths: [ /api/beer/*, /api/brewery/*/beers ]                methods: [ GET ] ROUTE        paths: [ /api/brewery* ]                methods: [ GET ]
  16. 16. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 16/36 KK Based on Nginx Stores configuration in a database (optional since 1.1) Two interfaces: public and private
  17. 17. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 17/36 DD Kong can be deployed in various modes Standalone Clustered As Kubernetes Ingress Controller On premise, in the cloud — you choose
  18. 18. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 18/36 UU
  19. 19. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 19/36 PP
  20. 20. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 20/36 PP Open source, enterprise, 3rd party Implemented in Lua
  21. 21. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 21/36 UU In general: Example (rate limiting): curl http: kong:8001/services/<service name>/plugins data "name=<plugin name>" data "config.param=value" curl http: kong:8001/services/beer api.service/plugins data "name=rate limiting" data "config.second=6"
  22. 22. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 22/36 M M PM M P https://pxhere.com/en/photo/1039147
  23. 23. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 23/36 AA Authentication: maps credentials in request to a consumer. Consumers can have multiple credentials Upstream API receives custom HTTP headers: X-Consumer-Username and X-Consumer-ID
  24. 24. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 24/36 R D 3R D 3 Fro n Kon Be r AP Bre y AP Ne d an AP ke ! Aut t a co m us AP ke As i n g o s to co m Con r & g o s p o d b Kon Con r & g o s p o d b Kon 1. Create consumer 2. Assign key to consumer 3. Assign group to consumer 4. Secure upstream API with key-auth and ACL plugin
  25. 25. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 25/36 CC You can write your own plugins! Revelant documentation: Plugin Development Guide Plugin Development Kit
  26. 26. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 26/36 SS ├── README.md # Documentation right?! ;-) └── my plugin # Name of the plugin ├── api.lua # Administration interface for the plugin (REST) ├── daos.lua # DAO's for custom entities inside the plugin ├── handler.lua # Plugin logic, executed upon request ├── migrations # Database migrations │ ├── cassandra.lua # for Cassandra │ └── postgres.lua # for PostgreSQL └── schema.lua # Schema for plugin config
  27. 27. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 27/36 II HANDLERHANDLER local BasePlugin = require "kong.plugins.base_plugin" local MyPluginHandler = BasePlugin:extend() MyPluginHandler.PRIORITY = 1003 MyPluginHandler.VERSION = "0.2.0" function MyPluginHandler:new() MyPluginHandler.super.new(self, "my plugin") end function MyPluginHandler:access(conf) MyPluginHandler.super.access(self) kong.log.info("Hello from My Plugin!") end return MyPluginHandler
  28. 28. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 28/36 RR Plugins can be invoked at various moments: Kong startup Serving SSL-certificate Request rewriting API or consumer unknown! Before hitting upstream After receiving all response headers from upstream For each part of the response body Could be multiple chunks! After sending the last byte to the client
  29. 29. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 29/36 C : TLSC : TLS
  30. 30. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 30/36 CC Client Load Balancer    (TLS offloading)                  Request with TLS client cert           Intrusion Prevention System                     Request without TLS client cert Kong              Request without TLS client cert
  31. 31. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 31/36 K -K - Read the custom headers from the request Look up cert by subject Verify other fields Add consumer to request and send it upstream
  32. 32. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 32/36 W K WW K W
  33. 33. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 33/36 TT Cost (e.g. licences) Developer experience Documentation Flexibility / expandability Maintainability Support Functional and non-functional fit out of the box Future proof (hard to tell, though!) Replaceability / (vendor) lock-in
  34. 34. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 34/36 WW KK Kong (OS) seemed like a good choice: great feature set out of the box could buy support, if we wanted active community frequent releases good documentation
  35. 35. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 35/36 EE Changing the configuration is easy and quick Configuration using API's Imperative scripting is hard to understand later on declarative configuration, , or db-less mode Upgrading 0.13 → 0.14.1 was pretty easy Lack of GUI might disappoint business stakeholders or can help kongverge kongfig konga kongdash
  36. 36. 03/04/2019 mastering-microservices localhost:3000/?print-pdf#/ 36/36@mthmulders Amsterdam 2019 QQ Sample code: → Help conference organisers: don't forget to rate this talk! POST /api/1.0/questions User-Agent: audience/1.0 Accept: application/vnd.infosupport.answer Content-Type: application/vnd.infosupport.question "So, how would you " HTTP/1.1 200 OK Content-Type: application/vnd.infosupport.answer Date: Wed, Nov 21 2018 20 00 00 GMT+1 Server: Maarten/1.0 Via: kong/1.0.0 "Well, it depends on " http://bit.ly/enterprise-beers

×