SlideShare une entreprise Scribd logo

Mastering Microservices with Kong (DevoxxUK 2019)

M
Maarten Mulders

When architecting microservice solutions, you'll often find yourself struggling with cross-cutting concerns. Think security, rate limiting, access control, monitoring, location-aware routing… Things can quickly become a nightmare. The API Gateway pattern can help you solve such problems in an elegant and uniform way. Using Kong, an open source product, you can get started today. In this session we'll look at the why and how of this approach.

Logiciels
1  sur  36
Télécharger pour lire hors ligne
OO Context What is API Management? Demo What is an API Gateway? Demo Hello, Kong Demo How does it work? Plugins Why Kong? Wrap up
W API MW API M
(source: ) “API management is the process of creating and publishing web APIs, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance. Wikipedia
MM https://pxhere.com/en/photo/1435275
R D 1R D 1 Fro n Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke ! 1. Build a few μ-services 2. Deploy them using Docker compose 3. Observations: 1. Each μ-service has a different address 2. Logic (e.g. security) is duplicated in each μ-service
W API GW API G
(source: ) “Wikipedia does not have an article with this exact name. Wikipedia
(source: ) “Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Amazon API Gateway
(source: ) “Use Azure API Management as a turnkey solution for publishing APIs to external and internal customers. Quickly create consistent and modern API gateways for existing back-end services hosted anywhere, secure and protect them from abuse and overuse, and get insights into usage and health. Azure API Management
μ-μ- https://pxhere.com/en/photo/768263
RR (e.g. nginx, Apache HTTPD, Netflix Zuul) Routing (to individual μ-services) SSL/TLS offloading Load balancing
C API GC API G Authentication Autorisation (limited) Rate limiting Logging Metering Metrics Compression IP black- / whitelisting Caching ... Aggregations and transformations → .backend-for-frontend (BFF)
R D 2R D 2 Fro n Kon Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke !
R D 2R D 2 Configuring Kong: 1. Define a service that points to an upstream. 2. Define a route for that service. 3. Define an upstream with (1..n) target. SERVICE        url: http://beer-api.upstream/                name: beer-api.service UPSTREAM        name: beer-api.upstream         SERVICE        url: http://brewery-api.upstream/                name: brewery-api.service UPSTREAM        name: brewery-api.upstream         TARGET        target: beer-api:9080                         TARGET        target: brewery-api-1:9080                weight: 10         TARGET        target: brewery-api-2:9080                weight: 20         ROUTE        paths: [ /api/beer/*, /api/brewery/*/beers ]                methods: [ GET ] ROUTE        paths: [ /api/brewery* ]                methods: [ GET ]
KK Based on Nginx Stores configuration in a database (optional since 1.1) Two interfaces: public and private
DD Kong can be deployed in various modes Standalone Clustered As Kubernetes Ingress Controller On premise, in the cloud — you choose
UU
PP
PP Open source, enterprise, 3rd party Implemented in Lua
UU In general: Example (rate limiting): curl http: kong:8001/services/<service name>/plugins data "name=<plugin name>" data "config.param=value" curl http: kong:8001/services/beer api.service/plugins data "name=rate limiting" data "config.second=6"
M M PM M P https://pxhere.com/en/photo/1039147
AA Authentication: maps credentials in request to a consumer. Consumers can have multiple credentials Upstream API receives custom HTTP headers: X-Consumer-Username and X-Consumer-ID
R D 3R D 3 Fro n Kon Be r AP Bre y AP Ne d an AP ke ! Aut t a co m us AP ke As i n g o s to co m Con r & g o s p o d b Kon Con r & g o s p o d b Kon 1. Create consumer 2. Assign key to consumer 3. Assign group to consumer 4. Secure upstream API with key-auth and ACL plugin
CC You can write your own plugins! Revelant documentation: Plugin Development Guide Plugin Development Kit
SS ├── README.md # Documentation right?! ;-) └── my plugin # Name of the plugin ├── api.lua # Administration interface for the plugin (REST) ├── daos.lua # DAO's for custom entities inside the plugin ├── handler.lua # Plugin logic, executed upon request ├── migrations # Database migrations │ ├── cassandra.lua # for Cassandra │ └── postgres.lua # for PostgreSQL └── schema.lua # Schema for plugin config
II HANDLERHANDLER local BasePlugin = require "kong.plugins.base_plugin" local MyPluginHandler = BasePlugin:extend() MyPluginHandler.PRIORITY = 1003 MyPluginHandler.VERSION = "0.2.0" function MyPluginHandler:new() MyPluginHandler.super.new(self, "my plugin") end function MyPluginHandler:access(conf) MyPluginHandler.super.access(self) kong.log.info("Hello from My Plugin!") end return MyPluginHandler
RR Plugins can be invoked at various moments: Kong startup Serving SSL-certificate Request rewriting API or consumer unknown! Before hitting upstream After receiving all response headers from upstream For each part of the response body Could be multiple chunks! After sending the last byte to the client
C : TLSC : TLS
CC Client Load Balancer    (TLS offloading)                  Request with TLS client cert           Intrusion Prevention System                     Request without TLS client cert Kong              Request without TLS client cert
K -K - Read the custom headers from the request Look up cert by subject Verify other fields Add consumer to request and send it upstream
W K WW K W
TT Cost (e.g. licences) Developer experience Documentation Flexibility / expandability Maintainability Support Functional and non-functional fit out of the box Future proof (hard to tell, though!) Replaceability / (vendor) lock-in
WW KK Kong (OS) seemed like a good choice: great feature set out of the box could buy support, if we wanted active community frequent releases good documentation
EE Changing the configuration is easy and quick Configuration using API's Imperative configuration isn't easy Declarative configuration ( , or db-less mode) Upgrading 0.13 → 0.14.1 was pretty easy Upgrading 0.14.1 → 1.1 was a bit harder, but not too much Lack of GUI might disappoint business stakeholders or can help kongverge kongfig konga kongdash
@mthmulders #MMwK QQ Sample code: Please help conference organisers: don't forget to rate this talk! POST /api/1.0/questions User-Agent: audience/1.0 Accept: application/vnd.infosupport.answer Content-Type: application/vnd.infosupport.question "So, how would you " HTTP/1.1 200 OK Content-Type: application/vnd.infosupport.answer Date: Wed, Nov 21 2018 20 00 00 GMT+1 Server: Maarten/1.0 Via: kong/1.0.0 "Well, it depends on " http://bit.ly/enterprise-beers

Recommandé

Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)
Maarten Mulders
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
Chris Mague
 
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
apidays
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with Kong
Nebulaworks
 
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
ScyllaDB
 
Manage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API GatewayManage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API Gateway
Thibault Charbonnier
 

Recommandé

Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)Mastering Microservices with Kong (CodeMotion 2019)
Mastering Microservices with Kong (CodeMotion 2019)
Maarten Mulders
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
Chris Mague
 
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
APIdays Singapore 2019 - Blowing Up the Monolith: Adopting a Modern API Strat...
apidays
 
Kuberntes Ingress with Kong
Kuberntes Ingress with KongKuberntes Ingress with Kong
Kuberntes Ingress with Kong
Nebulaworks
 
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
Scylla Summit 2018: Kong & Cassandra/Scylla for distributed APIs and Microser...
ScyllaDB
 
Manage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API GatewayManage your APIs and Microservices with an API Gateway
Manage your APIs and Microservices with an API Gateway
Thibault Charbonnier
 
Kong API
Kong APIKong API
Kong API
Patrick Pierson
 
API Gateway study
API Gateway studyAPI Gateway study
API Gateway study
Rafael Gonzaga
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
Gatekeeper: API gateway
Gatekeeper: API gatewayGatekeeper: API gateway
Gatekeeper: API gateway
ChengHui Weng
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
Thibault Charbonnier
 
Flexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with KongFlexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with Kong
Sven Bernhardt
 
API Gateway: Nginx way
API Gateway: Nginx wayAPI Gateway: Nginx way
API Gateway: Nginx way
inovia
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
Using NGINX and NGINX Plus as a Kubernetes IngressUsing NGINX and NGINX Plus as a Kubernetes Ingress
Using NGINX and NGINX Plus as a Kubernetes Ingress
Kevin Jones
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13
Thibault Charbonnier
 
Kong ingress controller kubernetes ingress on steroids
Kong ingress controller kubernetes ingress on steroidsKong ingress controller kubernetes ingress on steroids
Kong ingress controller kubernetes ingress on steroids
LibbySchulze
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
NGINX, Inc.
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API Gateway
Ambassador Labs
 
A Cassandra driver from and for the Lua community
A Cassandra driver from and for the Lua communityA Cassandra driver from and for the Lua community
A Cassandra driver from and for the Lua community
Thibault Charbonnier
 
Microservices in GO lang
Microservices in GO langMicroservices in GO lang
Microservices in GO lang
SHAKIL AKHTAR
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
Aine Long
 
TADSummit Dangerous demo: Oracle
TADSummit Dangerous demo: OracleTADSummit Dangerous demo: Oracle
TADSummit Dangerous demo: Oracle
Alan Quayle
 
Building a Service Mesh with Envoy (Kubecon May 2018)
Building a Service Mesh with Envoy (Kubecon May 2018)Building a Service Mesh with Envoy (Kubecon May 2018)
Building a Service Mesh with Envoy (Kubecon May 2018)
Douglas Jones
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
NGINX, Inc.
 
The Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYC
The Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYCThe Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYC
The Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYC
Ambassador Labs
 
Analyzing NGINX Logs with Datadog
Analyzing NGINX Logs with DatadogAnalyzing NGINX Logs with Datadog
Analyzing NGINX Logs with Datadog
NGINX, Inc.
 
Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019
Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019
Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019
Codemotion
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIs
Joe Cropper
 

Contenu connexe

Tendances

Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
Flexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with KongFlexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with Kong
Sven Bernhardt
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
NGINX, Inc.
 
Analyzing NGINX Logs with Datadog
Analyzing NGINX Logs with DatadogAnalyzing NGINX Logs with Datadog
Analyzing NGINX Logs with Datadog
NGINX, Inc.
 

Tendances (20)

Kong API
Kong APIKong API
Kong API
 
API Gateway study
API Gateway studyAPI Gateway study
API Gateway study
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
Gatekeeper: API gateway
Gatekeeper: API gatewayGatekeeper: API gateway
Gatekeeper: API gateway
 
Developing a user-friendly OpenResty application
Developing a user-friendly OpenResty applicationDeveloping a user-friendly OpenResty application
Developing a user-friendly OpenResty application
 
Flexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with KongFlexible, hybrid API-led software architectures with Kong
Flexible, hybrid API-led software architectures with Kong
 
API Gateway: Nginx way
API Gateway: Nginx wayAPI Gateway: Nginx way
API Gateway: Nginx way
 
Using NGINX and NGINX Plus as a Kubernetes Ingress
Using NGINX and NGINX Plus as a Kubernetes IngressUsing NGINX and NGINX Plus as a Kubernetes Ingress
Using NGINX and NGINX Plus as a Kubernetes Ingress
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13
 
Kong ingress controller kubernetes ingress on steroids
Kong ingress controller kubernetes ingress on steroidsKong ingress controller kubernetes ingress on steroids
Kong ingress controller kubernetes ingress on steroids
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
 
Ambassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API GatewayAmbassador Kubernetes-Native API Gateway
Ambassador Kubernetes-Native API Gateway
 
A Cassandra driver from and for the Lua community
A Cassandra driver from and for the Lua communityA Cassandra driver from and for the Lua community
A Cassandra driver from and for the Lua community
 
Microservices in GO lang
Microservices in GO langMicroservices in GO lang
Microservices in GO lang
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
 
TADSummit Dangerous demo: Oracle
TADSummit Dangerous demo: OracleTADSummit Dangerous demo: Oracle
TADSummit Dangerous demo: Oracle
 
Building a Service Mesh with Envoy (Kubecon May 2018)
Building a Service Mesh with Envoy (Kubecon May 2018)Building a Service Mesh with Envoy (Kubecon May 2018)
Building a Service Mesh with Envoy (Kubecon May 2018)
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
 
The Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYC
The Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYCThe Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYC
The Simply Complex Task of Implementing Kubernetes Ingress - Velocity NYC
 
Analyzing NGINX Logs with Datadog
Analyzing NGINX Logs with DatadogAnalyzing NGINX Logs with Datadog
Analyzing NGINX Logs with Datadog
 

Similaire à Mastering Microservices with Kong (DevoxxUK 2019)

MesosCon - Be a microservices hero
MesosCon - Be a microservices heroMesosCon - Be a microservices hero
MesosCon - Be a microservices hero
Dragos Dascalita Haut
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and servers
Tatsuhiko Miyagawa
 
Istio Playground
Istio PlaygroundIstio Playground
Istio Playground
QAware GmbH
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 

Similaire à Mastering Microservices with Kong (DevoxxUK 2019) (20)

Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019
Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019
Maarten Mulders - Mastering Microservices with Kong - Codemotion Amsterdam 2019
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIs
 
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless OverviewOpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
OpenShift Meetup - Tokyo - Service Mesh and Serverless Overview
 
Deep Dive into SpaceONE
Deep Dive into SpaceONEDeep Dive into SpaceONE
Deep Dive into SpaceONE
 
Introduction to CloudStack API
Introduction to CloudStack APIIntroduction to CloudStack API
Introduction to CloudStack API
 
Using JHipster for generating Angular/Spring Boot apps
Using JHipster for generating Angular/Spring Boot appsUsing JHipster for generating Angular/Spring Boot apps
Using JHipster for generating Angular/Spring Boot apps
 
MesosCon - Be a microservices hero
MesosCon - Be a microservices heroMesosCon - Be a microservices hero
MesosCon - Be a microservices hero
 
Plack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and serversPlack perl superglue for web frameworks and servers
Plack perl superglue for web frameworks and servers
 
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Istio Playground
Istio PlaygroundIstio Playground
Istio Playground
 
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM BluemixDeploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
Deploy and Access WebSphere Liberty and StrongLoop REST Endpoints on IBM Bluemix
 
Application Server-less Web Applications - Serverless Toronto Meetup
Application Server-less Web Applications - Serverless Toronto Meetup Application Server-less Web Applications - Serverless Toronto Meetup
Application Server-less Web Applications - Serverless Toronto Meetup
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Design Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John Hardy
 
Remote Config REST API and Versioning
Remote Config REST API and VersioningRemote Config REST API and Versioning
Remote Config REST API and Versioning
 
NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!
 
WSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayWSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - Microgateway
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
 

Plus de Maarten Mulders

Making Maven Marvellous (Java.il)
Making Maven Marvellous (Java.il)Making Maven Marvellous (Java.il)
Making Maven Marvellous (Java.il)
Maarten Mulders
 
Making Maven Marvellous (JavaZone)
Making Maven Marvellous (JavaZone)Making Maven Marvellous (JavaZone)
Making Maven Marvellous (JavaZone)
Maarten Mulders
 
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
Maarten Mulders
 

Plus de Maarten Mulders (20)

What's cooking in Maven? (Devoxx FR)
What's cooking in Maven? (Devoxx FR)What's cooking in Maven? (Devoxx FR)
What's cooking in Maven? (Devoxx FR)
 
Making Maven Marvellous (Devnexus)
Making Maven Marvellous (Devnexus)Making Maven Marvellous (Devnexus)
Making Maven Marvellous (Devnexus)
 
Making Maven Marvellous (Java.il)
Making Maven Marvellous (Java.il)Making Maven Marvellous (Java.il)
Making Maven Marvellous (Java.il)
 
Making Maven Marvellous (JavaZone)
Making Maven Marvellous (JavaZone)Making Maven Marvellous (JavaZone)
Making Maven Marvellous (JavaZone)
 
Dapr: Dinosaur or Developer's Dream? (v1)
Dapr: Dinosaur or Developer's Dream? (v1)Dapr: Dinosaur or Developer's Dream? (v1)
Dapr: Dinosaur or Developer's Dream? (v1)
 
Dapr: Dinosaur or Developer Dream? (J-Fall)
Dapr: Dinosaur or Developer Dream? (J-Fall)Dapr: Dinosaur or Developer Dream? (J-Fall)
Dapr: Dinosaur or Developer Dream? (J-Fall)
 
SSL/TLS for Mortals (Devoxx UK)
SSL/TLS for Mortals (Devoxx UK)SSL/TLS for Mortals (Devoxx UK)
SSL/TLS for Mortals (Devoxx UK)
 
React in 40 minutes (Voxxed Days Romania)
React in 40 minutes (Voxxed Days Romania) React in 40 minutes (Voxxed Days Romania)
React in 40 minutes (Voxxed Days Romania)
 
React in 40 minutes (JCON)
React in 40 minutes (JCON) React in 40 minutes (JCON)
React in 40 minutes (JCON)
 
React in 50 minutes (Bucharest Software Craftsmanship Community)
React in 50 minutes (Bucharest Software Craftsmanship Community)React in 50 minutes (Bucharest Software Craftsmanship Community)
React in 50 minutes (Bucharest Software Craftsmanship Community)
 
React in 50 Minutes (JNation)
React in 50 Minutes (JNation) React in 50 Minutes (JNation)
React in 50 Minutes (JNation)
 
SSL/TLS for Mortals (JavaLand)
SSL/TLS for Mortals (JavaLand) SSL/TLS for Mortals (JavaLand)
SSL/TLS for Mortals (JavaLand)
 
Making Maven Marvellous (J-Fall)
Making Maven Marvellous (J-Fall)Making Maven Marvellous (J-Fall)
Making Maven Marvellous (J-Fall)
 
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
Building a DSL with GraalVM (Oracle Groundbreaker APAC Virtual Tour)
 
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
SSL/TLS for Mortals (Oracle Groundbreaker EMEA Virtual Tour)
 
SSL/TLS for Mortals (UtrechtJUG)
SSL/TLS for Mortals (UtrechtJUG)SSL/TLS for Mortals (UtrechtJUG)
SSL/TLS for Mortals (UtrechtJUG)
 
Building a DSL with GraalVM (javaBin online)
Building a DSL with GraalVM (javaBin online)Building a DSL with GraalVM (javaBin online)
Building a DSL with GraalVM (javaBin online)
 
SSL/TLS for Mortals (Lockdown Lecture)
SSL/TLS for Mortals (Lockdown Lecture)SSL/TLS for Mortals (Lockdown Lecture)
SSL/TLS for Mortals (Lockdown Lecture)
 
React in 50 Minutes (OpenValue)
React in 50 Minutes (OpenValue) React in 50 Minutes (OpenValue)
React in 50 Minutes (OpenValue)
 
React in 50 Minutes (DevNexus)
React in 50 Minutes (DevNexus) React in 50 Minutes (DevNexus)
React in 50 Minutes (DevNexus)
 

Dernier

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 

Dernier (20)

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 

Mastering Microservices with Kong (DevoxxUK 2019)

  • 1.
  • 2. OO Context What is API Management? Demo What is an API Gateway? Demo Hello, Kong Demo How does it work? Plugins Why Kong? Wrap up
  • 3. W API MW API M
  • 4. (source: ) “API management is the process of creating and publishing web APIs, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance. Wikipedia
  • 6. R D 1R D 1 Fro n Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke ! 1. Build a few μ-services 2. Deploy them using Docker compose 3. Observations: 1. Each μ-service has a different address 2. Logic (e.g. security) is duplicated in each μ-service
  • 7. W API GW API G
  • 8. (source: ) “Wikipedia does not have an article with this exact name. Wikipedia
  • 9. (source: ) “Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Amazon API Gateway
  • 10. (source: ) “Use Azure API Management as a turnkey solution for publishing APIs to external and internal customers. Quickly create consistent and modern API gateways for existing back-end services hosted anywhere, secure and protect them from abuse and overuse, and get insights into usage and health. Azure API Management
  • 12. RR (e.g. nginx, Apache HTTPD, Netflix Zuul) Routing (to individual μ-services) SSL/TLS offloading Load balancing
  • 13. C API GC API G Authentication Autorisation (limited) Rate limiting Logging Metering Metrics Compression IP black- / whitelisting Caching ... Aggregations and transformations → .backend-for-frontend (BFF)
  • 14. R D 2R D 2 Fro n Kon Be r AP Bre y AP /api/beers/{id} /api/brewery/{id}/beers Ne d an AP ke ! /api/brewery/ /api/brewery/{id} Ne d an AP ke !
  • 15. R D 2R D 2 Configuring Kong: 1. Define a service that points to an upstream. 2. Define a route for that service. 3. Define an upstream with (1..n) target. SERVICE        url: http://beer-api.upstream/                name: beer-api.service UPSTREAM        name: beer-api.upstream         SERVICE        url: http://brewery-api.upstream/                name: brewery-api.service UPSTREAM        name: brewery-api.upstream         TARGET        target: beer-api:9080                         TARGET        target: brewery-api-1:9080                weight: 10         TARGET        target: brewery-api-2:9080                weight: 20         ROUTE        paths: [ /api/beer/*, /api/brewery/*/beers ]                methods: [ GET ] ROUTE        paths: [ /api/brewery* ]                methods: [ GET ]
  • 16. KK Based on Nginx Stores configuration in a database (optional since 1.1) Two interfaces: public and private
  • 17. DD Kong can be deployed in various modes Standalone Clustered As Kubernetes Ingress Controller On premise, in the cloud — you choose
  • 18. UU
  • 19. PP
  • 20. PP Open source, enterprise, 3rd party Implemented in Lua
  • 21. UU In general: Example (rate limiting): curl http: kong:8001/services/<service name>/plugins data "name=<plugin name>" data "config.param=value" curl http: kong:8001/services/beer api.service/plugins data "name=rate limiting" data "config.second=6"
  • 22. M M PM M P https://pxhere.com/en/photo/1039147
  • 23. AA Authentication: maps credentials in request to a consumer. Consumers can have multiple credentials Upstream API receives custom HTTP headers: X-Consumer-Username and X-Consumer-ID
  • 24. R D 3R D 3 Fro n Kon Be r AP Bre y AP Ne d an AP ke ! Aut t a co m us AP ke As i n g o s to co m Con r & g o s p o d b Kon Con r & g o s p o d b Kon 1. Create consumer 2. Assign key to consumer 3. Assign group to consumer 4. Secure upstream API with key-auth and ACL plugin
  • 25. CC You can write your own plugins! Revelant documentation: Plugin Development Guide Plugin Development Kit
  • 26. SS ├── README.md # Documentation right?! ;-) └── my plugin # Name of the plugin ├── api.lua # Administration interface for the plugin (REST) ├── daos.lua # DAO's for custom entities inside the plugin ├── handler.lua # Plugin logic, executed upon request ├── migrations # Database migrations │ ├── cassandra.lua # for Cassandra │ └── postgres.lua # for PostgreSQL └── schema.lua # Schema for plugin config
  • 27. II HANDLERHANDLER local BasePlugin = require "kong.plugins.base_plugin" local MyPluginHandler = BasePlugin:extend() MyPluginHandler.PRIORITY = 1003 MyPluginHandler.VERSION = "0.2.0" function MyPluginHandler:new() MyPluginHandler.super.new(self, "my plugin") end function MyPluginHandler:access(conf) MyPluginHandler.super.access(self) kong.log.info("Hello from My Plugin!") end return MyPluginHandler
  • 28. RR Plugins can be invoked at various moments: Kong startup Serving SSL-certificate Request rewriting API or consumer unknown! Before hitting upstream After receiving all response headers from upstream For each part of the response body Could be multiple chunks! After sending the last byte to the client
  • 29. C : TLSC : TLS
  • 30. CC Client Load Balancer    (TLS offloading)                  Request with TLS client cert           Intrusion Prevention System                     Request without TLS client cert Kong              Request without TLS client cert
  • 31. K -K - Read the custom headers from the request Look up cert by subject Verify other fields Add consumer to request and send it upstream
  • 32. W K WW K W
  • 33. TT Cost (e.g. licences) Developer experience Documentation Flexibility / expandability Maintainability Support Functional and non-functional fit out of the box Future proof (hard to tell, though!) Replaceability / (vendor) lock-in
  • 34. WW KK Kong (OS) seemed like a good choice: great feature set out of the box could buy support, if we wanted active community frequent releases good documentation
  • 35. EE Changing the configuration is easy and quick Configuration using API's Imperative configuration isn't easy Declarative configuration ( , or db-less mode) Upgrading 0.13 → 0.14.1 was pretty easy Upgrading 0.14.1 → 1.1 was a bit harder, but not too much Lack of GUI might disappoint business stakeholders or can help kongverge kongfig konga kongdash
  • 36. @mthmulders #MMwK QQ Sample code: Please help conference organisers: don't forget to rate this talk! POST /api/1.0/questions User-Agent: audience/1.0 Accept: application/vnd.infosupport.answer Content-Type: application/vnd.infosupport.question "So, how would you " HTTP/1.1 200 OK Content-Type: application/vnd.infosupport.answer Date: Wed, Nov 21 2018 20 00 00 GMT+1 Server: Maarten/1.0 Via: kong/1.0.0 "Well, it depends on " http://bit.ly/enterprise-beers