SlideShare a Scribd company logo

Kong API Gateway

Download as ODP, PDF
C
Chris Mague

Kong API Gateway is a solution that proxies APIs to address problems like lack of visibility into API usage and inability to stop abusive consumers. It provides features like authentication, security controls, rate limiting, request transformation, and logging to various outputs. It is open source, uses trusted technologies, and has considerations around additional components, latency, and plugin customization. Improvements could include better monitoring and moving more to response rate limiting.

1 of 47
1 Kong API Gateway Chris Mague / Shokunin 04/12/2017
2 Today's Talk  The Problems  The Solution  The Technical Solution  The Caveats  The Improvements
3 The Problems We need to get an handle on the API consumers
4 The Problems We need to stop bad consumers from DOSing our API
5 The Problems We need to better visibility into API usage
6 The Problems We need real time information
7 Solution Add a proxy in front of our APIs
8 Technical Solution
9 Features - Authentication - Basic Auth - KeyAuth - Oauth/Oauth2 - LDAP - JWT
10 Features - Security - ACLs - CORS - Dynamic SSL - IP Blacklists - Bot Detection
11 Features - Control - Rate Limiting - Response Rate Limiting - Request size limiting
12 Features - Transforms - Request Transformer - Response Transformer - Correlation ID
13 Features - Visibility - Logs over TCP/UDP/HTTP - Syslog - StatsD - DataDog - Runscope (Perf/Mon) - Galileo (BI for API)
14 Considerations - Open source - Built on trusted technology - Easy to extend - No licensing costs - Clusters - Caches - Easy to automate
15 Architecture
16 Internal
17 Cluster Architecture
18 Let’s Get Started
19 Spin Up testing environment git clone https://github.com/shokunin/postgres-kong.git
20 Setup an Example API curl -i -X POST --url http://localhost:8001/apis/ --data 'name=example-api' --data 'hosts=example.com' --data 'upstream_url=http://httpbin.org'
21 Test It $ curl -s -v -o /dev/null -H "Host: example.com" localhost:8000 > Host: example.com > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < < Via: kong/0.10.1 < X-Kong-Upstream-Latency: 330 < X-Kong-Proxy-Latency: 0
22 Setup the Authentication using Key-Auth plugin curl -X POST http://localhost:8001/apis/example-api/plugins --data "name=key-auth" --data "config.hide_credentials=false"
23 Setup a Consumer curl -X POST http://localhost:8001/consumers/ --data "username=customera" --data "custom_id=customer1"
24 Create an API Key for that Consumer $ curl -s -X POST http://localhost:8001/consumers/customera/key-auth -d '' |jq { "created_at": 1491969396000, "consumer_id": "a3cf9a17-99d4-4ba4-9a9e-7deef5a92565", "key": "9e6e653339d2491fa8783d562f727c86", "id": "71720951-0fe8-4ceb-b7fc-a80948198e32" }
25 Test It $ curl -s -v -H "Host: example.com" localhost:8000 > GET / HTTP/1.1 > Host: example.com > < HTTP/1.1 401 Unauthorized < Server: kong/0.10.1 < {"message":"No API key found in headers or querystring"}
26 Our API now requires a key
27 Test it with a key $ curl -s -o /dev/null -v -H "apikey: 2a71fe89200d47f18dbd19790c9245d1" -H "Host: example.com" localhost:8000 > GET / HTTP/1.1 > Host: example.com > apikey: 2a71fe89200d47f18dbd19790c9245d1 > < HTTP/1.1 200 OK < Via: kong/0.10.1 < X-Kong-Upstream-Latency: 193 < X-Kong-Proxy-Latency: 50
28 Upstream Gets This Information
29 Get information about consumer $ curl -s localhost:8001/consumers/customera |jq { "custom_id": "customer1", "username": "customera", "created_at": 1491969689000, "id": "01ef7f1b-e8c6-4551-8564-c43d7cd91081" }
30 Revoke a Consumer $ curl -s -X DELETE localhost:8001/consumers/customera $ curl -s localhost:8001/consumers/customera |jq { "message": "Not found" }
31 Re-Test $ curl -s -o /dev/null -v -H "apikey: 2a71fe89200d47f18dbd19790c9245d1" -H "Host: example.com" localhost:8000 > GET / HTTP/1.1 > Host: example.com > apikey: 2a71fe89200d47f18dbd19790c9245d1 > < HTTP/1.1 403 Forbidden < Server: kong/0.10.1
32 Rate Limiting 2 Ways to Rate Limit - Rate Limiting - Response Rate Limiting
33 Enable Rate Limiting curl -X POST http://localhost:8001/apis/example-api/plugins --data "name=rate-limiting" --data "config.second=1" --data "config.minute=10" --data "config.limit_by=consumer" --data "config.policy=redis" --data "config.redis_host=redis" --data "config.redis_port=6380"
34 Rate Limiting If the limit_by cannot be determined Kong falls back to the IP address WARNING
35 Test it $ curl -s -o /dev/null -v -H "apikey: `cat /tmp/key`" -H "Host: example.com" localhost:8000 * > GET / HTTP/1.1 > Host: example.com > apikey: 7abe611da2a640bb9492571568e1066f > < HTTP/1.1 200 OK < X-RateLimit-Limit-second: 1 < X-RateLimit-Remaining-second: 0 < X-RateLimit-Limit-minute: 10 < X-RateLimit-Remaining-minute: 9 < Via: kong/0.10.1 < X-Kong-Upstream-Latency: 215 < X-Kong-Proxy-Latency: 300
36 Test it $ curl -s -o /dev/null -v -H "apikey: `cat /tmp/key`" -H "Host: example.com" localhost:8000 ) > GET / HTTP/1.1 > Host: example.com > apikey: 7abe611da2a640bb9492571568e1066f > < HTTP/1.1 429 < X-RateLimit-Limit-second: 1 < X-RateLimit-Remaining-second: 0 < X-RateLimit-Limit-minute: 10 < X-RateLimit-Remaining-minute: 3 < Server: kong/0.10.1
37 What’s Actually Stored in Redis? 127.0.0.1:6380> keys "*" 1) "ratelimit:API_ID:CONSUMER_ID:1492038000000:hour" 2) "ratelimit:API_ID:CONSUMER_ID:1483228800000:year" 3) "ratelimit:API_ID:CONSUMER_ID:1491004800000:month" 4) "ratelimit:API_ID:CONSUMER_ID:1491955200000:day"
38 Rate Limit 127.0.0.1:6380> GET "ratelimit:API_ID:CONSUMER_ID:1492041300000:minute" "4" 127.0.0.1:6380> TTL "ratelimit:API_ID:CONSUMER_ID:1492041300000:minute" (integer) 10
39 Visibility Who is doing what on my API?
40 Kong Feature – Custom NGINX config
41 Detailed Log Information
42 Real Time Stats Using Statsd $ curl -X POST http://localhost:8001/apis/example-api/plugins --data "name=statsd" --data "config.host=192.168.0.220" --data "config.port=8125" --data "config.timeout=1000"
43 Dashboard Example
44
45 The Caveats - Extra moving parts - Learning Lua is a good idea - Extra latency - GUIs available but need work
46 The Improvements - More custom plugins for better visibility - Better monitoring (latency spikes/DB usage/Redis Usage) - Move more to Response Rate Limiting
47 Thanks - Mashape, Inc - Zillow Group - Jason Smith - Zane Williamson

Recommended

Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Kong API
Kong APIKong API
Kong API
Patrick Pierson
 
Gatekeeper: API gateway
Gatekeeper: API gatewayGatekeeper: API gateway
Gatekeeper: API gateway
ChengHui Weng
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Basic Kong API Gateway
Basic Kong API GatewayBasic Kong API Gateway
Basic Kong API Gateway
SukoomPornsuksiri1
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 

Recommended

Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Kong API
Kong APIKong API
Kong API
Patrick Pierson
 
Gatekeeper: API gateway
Gatekeeper: API gatewayGatekeeper: API gateway
Gatekeeper: API gateway
ChengHui Weng
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Basic Kong API Gateway
Basic Kong API GatewayBasic Kong API Gateway
Basic Kong API Gateway
SukoomPornsuksiri1
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
Shiu-Fun Poon
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
VMware Tanzu
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
SmartBear
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
Janani Velmurugan
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
Albert Lombarte
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
AvinashUpadhyaya3
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
Kunal Hire
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with Kong
Nebulaworks
 
REST APIs and MQ
REST APIs and MQREST APIs and MQ
REST APIs and MQ
Matt Leming
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
Prabath Siriwardena
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
Johannes Ridderstedt
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
Apigee | Google Cloud
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
Martin Etmajer
 
Service Discovery In Kubernetes
Service Discovery In KubernetesService Discovery In Kubernetes
Service Discovery In Kubernetes
Knoldus Inc.
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Deployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorDeployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise Integrator
WSO2
 
Grafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsGrafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for Logs
Marco Pracucci
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Puppet
 
Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Mасштабирование микросервисов на Go, Matt Heath (Hailo)Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Ontico
 

More Related Content

What's hot

API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
VMware Tanzu
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
SmartBear
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
Janani Velmurugan
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
Albert Lombarte
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
AvinashUpadhyaya3
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
Kunal Hire
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with Kong
Nebulaworks
 
REST APIs and MQ
REST APIs and MQREST APIs and MQ
REST APIs and MQ
Matt Leming
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
Prabath Siriwardena
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
Johannes Ridderstedt
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
Apigee | Google Cloud
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
Martin Etmajer
 
Service Discovery In Kubernetes
Service Discovery In KubernetesService Discovery In Kubernetes
Service Discovery In Kubernetes
Knoldus Inc.
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Deployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorDeployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise Integrator
WSO2
 
Grafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsGrafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for Logs
Marco Pracucci
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 

What's hot (20)

API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
 
02 api gateway
02 api gateway02 api gateway
02 api gateway
 
KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
 
Kong Workshop.pdf
Kong Workshop.pdfKong Workshop.pdf
Kong Workshop.pdf
 
Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservices
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with Kong
 
REST APIs and MQ
REST APIs and MQREST APIs and MQ
REST APIs and MQ
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
 
Monitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on KubernetesMonitoring, Logging and Tracing on Kubernetes
Monitoring, Logging and Tracing on Kubernetes
 
Service Discovery In Kubernetes
Service Discovery In KubernetesService Discovery In Kubernetes
Service Discovery In Kubernetes
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
Deployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorDeployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise Integrator
 
Grafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for LogsGrafana Loki: like Prometheus, but for Logs
Grafana Loki: like Prometheus, but for Logs
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
 

Similar to Kong API Gateway

Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Puppet
 
Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Mасштабирование микросервисов на Go, Matt Heath (Hailo)Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Ontico
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API Examples
Bobby Curtis
 
L’odyssée d’une requête HTTP chez Scaleway
L’odyssée d’une requête HTTP chez ScalewayL’odyssée d’une requête HTTP chez Scaleway
L’odyssée d’une requête HTTP chez Scaleway
Scaleway
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack API
Krunal Jain
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIs
Joe Cropper
 
ececloud Architecture for GWU's ECE 289 Class
ececloud Architecture for GWU's ECE 289 Classececloud Architecture for GWU's ECE 289 Class
ececloud Architecture for GWU's ECE 289 Class
Robert Daniel
 
ececloud Architecture for GWU\'s ECE 289 Class
ececloud Architecture for GWU\'s ECE 289 Classececloud Architecture for GWU\'s ECE 289 Class
ececloud Architecture for GWU\'s ECE 289 Class
Robert Daniel
 
Bootstrapping multidc observability stack
Bootstrapping multidc observability stackBootstrapping multidc observability stack
Bootstrapping multidc observability stack
Bram Vogelaar
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
Manage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API GatewayManage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API Gateway
Thibault Charbonnier
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
Aman Kohli
 
Introduction to the Archivematica API (September 2018)
Introduction to the Archivematica API (September 2018)Introduction to the Archivematica API (September 2018)
Introduction to the Archivematica API (September 2018)
Artefactual Systems - Archivematica
 
MesosCon - Be a microservices hero
MesosCon - Be a microservices heroMesosCon - Be a microservices hero
MesosCon - Be a microservices hero
Dragos Dascalita Haut
 
Behavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using CucumberBehavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using Cucumber
KMS Technology
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEM
Jakub Wadolowski
 
API gateway setup
API gateway setupAPI gateway setup
API gateway setup
sivachandra mandalapu
 
Php version 7
Php version 7Php version 7
Php version 7
RANVIJAY GAUR
 
[MBF2] Webinar API Orange Partner #1
[MBF2] Webinar API Orange Partner #1[MBF2] Webinar API Orange Partner #1
[MBF2] Webinar API Orange Partner #1
BeMyApp
 
Altitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeAltitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the Edge
Fastly
 

Similar to Kong API Gateway (20)

Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
 
Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Mасштабирование микросервисов на Go, Matt Heath (Hailo)Mасштабирование микросервисов на Go, Matt Heath (Hailo)
Mасштабирование микросервисов на Go, Matt Heath (Hailo)
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API Examples
 
L’odyssée d’une requête HTTP chez Scaleway
L’odyssée d’une requête HTTP chez ScalewayL’odyssée d’une requête HTTP chez Scaleway
L’odyssée d’une requête HTTP chez Scaleway
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack API
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIs
 
ececloud Architecture for GWU's ECE 289 Class
ececloud Architecture for GWU's ECE 289 Classececloud Architecture for GWU's ECE 289 Class
ececloud Architecture for GWU's ECE 289 Class
 
ececloud Architecture for GWU\'s ECE 289 Class
ececloud Architecture for GWU\'s ECE 289 Classececloud Architecture for GWU\'s ECE 289 Class
ececloud Architecture for GWU\'s ECE 289 Class
 
Bootstrapping multidc observability stack
Bootstrapping multidc observability stackBootstrapping multidc observability stack
Bootstrapping multidc observability stack
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Manage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API GatewayManage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API Gateway
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
 
Introduction to the Archivematica API (September 2018)
Introduction to the Archivematica API (September 2018)Introduction to the Archivematica API (September 2018)
Introduction to the Archivematica API (September 2018)
 
MesosCon - Be a microservices hero
MesosCon - Be a microservices heroMesosCon - Be a microservices hero
MesosCon - Be a microservices hero
 
Behavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using CucumberBehavior Driven Development and Automation Testing Using Cucumber
Behavior Driven Development and Automation Testing Using Cucumber
 
(Re)discover your AEM
(Re)discover your AEM(Re)discover your AEM
(Re)discover your AEM
 
API gateway setup
API gateway setupAPI gateway setup
API gateway setup
 
Php version 7
Php version 7Php version 7
Php version 7
 
[MBF2] Webinar API Orange Partner #1
[MBF2] Webinar API Orange Partner #1[MBF2] Webinar API Orange Partner #1
[MBF2] Webinar API Orange Partner #1
 
Altitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the EdgeAltitude San Francisco 2018: Programming the Edge
Altitude San Francisco 2018: Programming the Edge
 

Recently uploaded

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

Kong API Gateway

  • 1. 1 Kong API Gateway Chris Mague / Shokunin 04/12/2017
  • 2. 2 Today's Talk  The Problems  The Solution  The Technical Solution  The Caveats  The Improvements
  • 3. 3 The Problems We need to get an handle on the API consumers
  • 4. 4 The Problems We need to stop bad consumers from DOSing our API
  • 5. 5 The Problems We need to better visibility into API usage
  • 6. 6 The Problems We need real time information
  • 7. 7 Solution Add a proxy in front of our APIs
  • 9. 9 Features - Authentication - Basic Auth - KeyAuth - Oauth/Oauth2 - LDAP - JWT
  • 10. 10 Features - Security - ACLs - CORS - Dynamic SSL - IP Blacklists - Bot Detection
  • 11. 11 Features - Control - Rate Limiting - Response Rate Limiting - Request size limiting
  • 12. 12 Features - Transforms - Request Transformer - Response Transformer - Correlation ID
  • 13. 13 Features - Visibility - Logs over TCP/UDP/HTTP - Syslog - StatsD - DataDog - Runscope (Perf/Mon) - Galileo (BI for API)
  • 14. 14 Considerations - Open source - Built on trusted technology - Easy to extend - No licensing costs - Clusters - Caches - Easy to automate
  • 19. 19 Spin Up testing environment git clone https://github.com/shokunin/postgres-kong.git
  • 20. 20 Setup an Example API curl -i -X POST --url http://localhost:8001/apis/ --data 'name=example-api' --data 'hosts=example.com' --data 'upstream_url=http://httpbin.org'
  • 21. 21 Test It $ curl -s -v -o /dev/null -H "Host: example.com" localhost:8000 > Host: example.com > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < < Via: kong/0.10.1 < X-Kong-Upstream-Latency: 330 < X-Kong-Proxy-Latency: 0
  • 22. 22 Setup the Authentication using Key-Auth plugin curl -X POST http://localhost:8001/apis/example-api/plugins --data "name=key-auth" --data "config.hide_credentials=false"
  • 23. 23 Setup a Consumer curl -X POST http://localhost:8001/consumers/ --data "username=customera" --data "custom_id=customer1"
  • 24. 24 Create an API Key for that Consumer $ curl -s -X POST http://localhost:8001/consumers/customera/key-auth -d '' |jq { "created_at": 1491969396000, "consumer_id": "a3cf9a17-99d4-4ba4-9a9e-7deef5a92565", "key": "9e6e653339d2491fa8783d562f727c86", "id": "71720951-0fe8-4ceb-b7fc-a80948198e32" }
  • 25. 25 Test It $ curl -s -v -H "Host: example.com" localhost:8000 > GET / HTTP/1.1 > Host: example.com > < HTTP/1.1 401 Unauthorized < Server: kong/0.10.1 < {"message":"No API key found in headers or querystring"}
  • 26. 26 Our API now requires a key
  • 27. 27 Test it with a key $ curl -s -o /dev/null -v -H "apikey: 2a71fe89200d47f18dbd19790c9245d1" -H "Host: example.com" localhost:8000 > GET / HTTP/1.1 > Host: example.com > apikey: 2a71fe89200d47f18dbd19790c9245d1 > < HTTP/1.1 200 OK < Via: kong/0.10.1 < X-Kong-Upstream-Latency: 193 < X-Kong-Proxy-Latency: 50
  • 28. 28 Upstream Gets This Information
  • 29. 29 Get information about consumer $ curl -s localhost:8001/consumers/customera |jq { "custom_id": "customer1", "username": "customera", "created_at": 1491969689000, "id": "01ef7f1b-e8c6-4551-8564-c43d7cd91081" }
  • 30. 30 Revoke a Consumer $ curl -s -X DELETE localhost:8001/consumers/customera $ curl -s localhost:8001/consumers/customera |jq { "message": "Not found" }
  • 31. 31 Re-Test $ curl -s -o /dev/null -v -H "apikey: 2a71fe89200d47f18dbd19790c9245d1" -H "Host: example.com" localhost:8000 > GET / HTTP/1.1 > Host: example.com > apikey: 2a71fe89200d47f18dbd19790c9245d1 > < HTTP/1.1 403 Forbidden < Server: kong/0.10.1
  • 32. 32 Rate Limiting 2 Ways to Rate Limit - Rate Limiting - Response Rate Limiting
  • 33. 33 Enable Rate Limiting curl -X POST http://localhost:8001/apis/example-api/plugins --data "name=rate-limiting" --data "config.second=1" --data "config.minute=10" --data "config.limit_by=consumer" --data "config.policy=redis" --data "config.redis_host=redis" --data "config.redis_port=6380"
  • 34. 34 Rate Limiting If the limit_by cannot be determined Kong falls back to the IP address WARNING
  • 35. 35 Test it $ curl -s -o /dev/null -v -H "apikey: `cat /tmp/key`" -H "Host: example.com" localhost:8000 * > GET / HTTP/1.1 > Host: example.com > apikey: 7abe611da2a640bb9492571568e1066f > < HTTP/1.1 200 OK < X-RateLimit-Limit-second: 1 < X-RateLimit-Remaining-second: 0 < X-RateLimit-Limit-minute: 10 < X-RateLimit-Remaining-minute: 9 < Via: kong/0.10.1 < X-Kong-Upstream-Latency: 215 < X-Kong-Proxy-Latency: 300
  • 36. 36 Test it $ curl -s -o /dev/null -v -H "apikey: `cat /tmp/key`" -H "Host: example.com" localhost:8000 ) > GET / HTTP/1.1 > Host: example.com > apikey: 7abe611da2a640bb9492571568e1066f > < HTTP/1.1 429 < X-RateLimit-Limit-second: 1 < X-RateLimit-Remaining-second: 0 < X-RateLimit-Limit-minute: 10 < X-RateLimit-Remaining-minute: 3 < Server: kong/0.10.1
  • 37. 37 What’s Actually Stored in Redis? 127.0.0.1:6380> keys "*" 1) "ratelimit:API_ID:CONSUMER_ID:1492038000000:hour" 2) "ratelimit:API_ID:CONSUMER_ID:1483228800000:year" 3) "ratelimit:API_ID:CONSUMER_ID:1491004800000:month" 4) "ratelimit:API_ID:CONSUMER_ID:1491955200000:day"
  • 38. 38 Rate Limit 127.0.0.1:6380> GET "ratelimit:API_ID:CONSUMER_ID:1492041300000:minute" "4" 127.0.0.1:6380> TTL "ratelimit:API_ID:CONSUMER_ID:1492041300000:minute" (integer) 10
  • 39. 39 Visibility Who is doing what on my API?
  • 40. 40 Kong Feature – Custom NGINX config
  • 42. 42 Real Time Stats Using Statsd $ curl -X POST http://localhost:8001/apis/example-api/plugins --data "name=statsd" --data "config.host=192.168.0.220" --data "config.port=8125" --data "config.timeout=1000"
  • 44. 44
  • 45. 45 The Caveats - Extra moving parts - Learning Lua is a good idea - Extra latency - GUIs available but need work
  • 46. 46 The Improvements - More custom plugins for better visibility - Better monitoring (latency spikes/DB usage/Redis Usage) - Move more to Response Rate Limiting
  • 47. 47 Thanks - Mashape, Inc - Zillow Group - Jason Smith - Zane Williamson