![R D 2R D 2
Configuring Kong:
1. Define a service that points to an upstream.
2. Define a route for that service.
3. Define an upstream with (1..n) target.
SERVICE
url: http://beer-api.upstream/
name: beer-api.service
UPSTREAM
name: beer-api.upstream
SERVICE
url: http://brewery-api.upstream/
name: brewery-api.service
UPSTREAM
name: brewery-api.upstream
TARGET
target: beer-api:9080
TARGET
target: brewery-api-1:9080
weight: 10
TARGET
target: brewery-api-2:9080
weight: 20
ROUTE
paths: [ /api/beer/*, /api/brewery/*/beers ]
methods: [ GET ]
ROUTE
paths: [ /api/brewery* ]
methods: [ GET ]](https://image.slidesharecdn.com/masteringmicroserviceswithkongdevoxxuk2019-190509110745/75/mastering-microservices-with-kong-devoxxuk-2019-15-2048.jpg?cb=1669287727)
Mastering Microservices with Kong (DevoxxUK 2019)
•2 likes•304 views
Download to read offline
Report
When architecting microservice solutions, you'll often find yourself struggling with cross-cutting concerns. Think security, rate limiting, access control, monitoring, location-aware routing… Things can quickly become a nightmare. The API Gateway pattern can help you solve such problems in an elegant and uniform way. Using Kong, an open source product, you can get started today. In this session we'll look at the why and how of this approach.
Recommended
More Related Content
What's hot
What's hot(20)
Similar to Mastering Microservices with Kong (DevoxxUK 2019)
Similar to Mastering Microservices with Kong (DevoxxUK 2019)(20)
More from Maarten Mulders
More from Maarten Mulders(20)
Recently uploaded
Recently uploaded(20)
Mastering Microservices with Kong (DevoxxUK 2019)
- 2. OO Context What is API Management? Demo What is an API Gateway? Demo Hello, Kong Demo How does it work? Plugins Why Kong? Wrap up
- 3. W API MW API M
- 4. (source: ) “API management is the process of creating and publishing web APIs, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance. Wikipedia
- 6. R D 1R D 1 Fro n Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke ! 1. Build a few μ-services 2. Deploy them using Docker compose 3. Observations: 1. Each μ-service has a different address 2. Logic (e.g. security) is duplicated in each μ-service
- 7. W API GW API G
- 8. (source: ) “Wikipedia does not have an article with this exact name. Wikipedia
- 9. (source: ) “Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Amazon API Gateway
- 10. (source: ) “Use Azure API Management as a turnkey solution for publishing APIs to external and internal customers. Quickly create consistent and modern API gateways for existing back-end services hosted anywhere, secure and protect them from abuse and overuse, and get insights into usage and health. Azure API Management
- 12. RR (e.g. nginx, Apache HTTPD, Netflix Zuul) Routing (to individual μ-services) SSL/TLS offloading Load balancing
- 13. C API GC API G Authentication Autorisation (limited) Rate limiting Logging Metering Metrics Compression IP black- / whitelisting Caching ... Aggregations and transformations → .backend-for-frontend (BFF)
- 14. R D 2R D 2 Fro n Kon Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke !
- 15. R D 2R D 2 Configuring Kong: 1. Define a service that points to an upstream. 2. Define a route for that service. 3. Define an upstream with (1..n) target. SERVICE url: http://beer-api.upstream/ name: beer-api.service UPSTREAM name: beer-api.upstream SERVICE url: http://brewery-api.upstream/ name: brewery-api.service UPSTREAM name: brewery-api.upstream TARGET target: beer-api:9080 TARGET target: brewery-api-1:9080 weight: 10 TARGET target: brewery-api-2:9080 weight: 20 ROUTE paths: [ /api/beer/*, /api/brewery/*/beers ] methods: [ GET ] ROUTE paths: [ /api/brewery* ] methods: [ GET ]
- 16. KK Based on Nginx Stores configuration in a database (optional since 1.1) Two interfaces: public and private
- 17. DD Kong can be deployed in various modes Standalone Clustered As Kubernetes Ingress Controller On premise, in the cloud — you choose
- 18. UU
- 19. PP
- 20. PP Open source, enterprise, 3rd party Implemented in Lua
- 21. UU In general: Example (rate limiting): curl http: kong:8001/services/<service name>/plugins data "name=<plugin name>" data "config.param=value" curl http: kong:8001/services/beer api.service/plugins data "name=rate limiting" data "config.second=6"
- 22. M M PM M P https://pxhere.com/en/photo/1039147
- 23. AA Authentication: maps credentials in request to a consumer. Consumers can have multiple credentials Upstream API receives custom HTTP headers: X-Consumer-Username and X-Consumer-ID
- 24. R D 3R D 3 Fro n Kon Be r AP Bre y AP Ne d an AP ke ! Aut t a co m us AP ke As i n g o s to co m Con r & g o s p o d b Kon Con r & g o s p o d b Kon 1. Create consumer 2. Assign key to consumer 3. Assign group to consumer 4. Secure upstream API with key-auth and ACL plugin
- 25. CC You can write your own plugins! Revelant documentation: Plugin Development Guide Plugin Development Kit
- 26. SS ├── README.md # Documentation right?! ;-) └── my plugin # Name of the plugin ├── api.lua # Administration interface for the plugin (REST) ├── daos.lua # DAO's for custom entities inside the plugin ├── handler.lua # Plugin logic, executed upon request ├── migrations # Database migrations │ ├── cassandra.lua # for Cassandra │ └── postgres.lua # for PostgreSQL └── schema.lua # Schema for plugin config
- 27. II HANDLERHANDLER local BasePlugin = require "kong.plugins.base_plugin" local MyPluginHandler = BasePlugin:extend() MyPluginHandler.PRIORITY = 1003 MyPluginHandler.VERSION = "0.2.0" function MyPluginHandler:new() MyPluginHandler.super.new(self, "my plugin") end function MyPluginHandler:access(conf) MyPluginHandler.super.access(self) kong.log.info("Hello from My Plugin!") end return MyPluginHandler
- 28. RR Plugins can be invoked at various moments: Kong startup Serving SSL-certificate Request rewriting API or consumer unknown! Before hitting upstream After receiving all response headers from upstream For each part of the response body Could be multiple chunks! After sending the last byte to the client
- 29. C : TLSC : TLS
- 30. CC Client Load Balancer (TLS offloading) Request with TLS client cert Intrusion Prevention System Request without TLS client cert Kong Request without TLS client cert
- 31. K -K - Read the custom headers from the request Look up cert by subject Verify other fields Add consumer to request and send it upstream
- 32. W K WW K W
- 33. TT Cost (e.g. licences) Developer experience Documentation Flexibility / expandability Maintainability Support Functional and non-functional fit out of the box Future proof (hard to tell, though!) Replaceability / (vendor) lock-in
- 34. WW KK Kong (OS) seemed like a good choice: great feature set out of the box could buy support, if we wanted active community frequent releases good documentation
- 35. EE Changing the configuration is easy and quick Configuration using API's Imperative configuration isn't easy Declarative configuration ( , or db-less mode) Upgrading 0.13 → 0.14.1 was pretty easy Upgrading 0.14.1 → 1.1 was a bit harder, but not too much Lack of GUI might disappoint business stakeholders or can help kongverge kongfig konga kongdash
- 36. @mthmulders #MMwK QQ Sample code: Please help conference organisers: don't forget to rate this talk! POST /api/1.0/questions User-Agent: audience/1.0 Accept: application/vnd.infosupport.answer Content-Type: application/vnd.infosupport.question "So, how would you " HTTP/1.1 200 OK Content-Type: application/vnd.infosupport.answer Date: Wed, Nov 21 2018 20 00 00 GMT+1 Server: Maarten/1.0 Via: kong/1.0.0 "Well, it depends on " http://bit.ly/enterprise-beers