Living on the Edge: API Gateways - Entwicklertag · 2018. 2. 22. · Living on the Edge: API...
Transcript of Living on the Edge: API Gateways - Entwicklertag · 2018. 2. 22. · Living on the Edge: API...
Living on the Edge:
API Gateways
NovaTec Consulting GmbH
Frankfurter Entwicklertag 21. Februar 2018
Christian Schwörer
[email protected] Constantin Weißer
Microservices without an API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Single Page Application
Images User
Mobile App
Challenges: • Same Origin Policy • Cross cutting concerns:
• Authentication • SSL-Termination • (Security-)Header • …
• Protecting internal endpoints • Microservice Evolution, Migrations
Comments
Microservices with an API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Single Page Application
Images User
Mobile App
Challenges: • Same Origin Policy ✓ • Cross cutting concerns:
• Authentication ✓ • SSL-Termination ✓ • (Security-)Header ✓ • …
• Protecting internal endpoints ✓ • Microservice Evolution, Migrations ✓
Comments
API Gateway
Simple Scenario
Living on the Edge: API Gateways NovaTec Consulting GmbH
Images
User
Comments
AP
I Gat
eway
Client Cookie: customer-Id
Authorization-Header
Authorization-Header
Authorization-Header
Living on the Edge: API Gateways NovaTec Consulting GmbH
Reverse Proxy
Reverse Proxy
Living on the Edge: API Gateways NovaTec Consulting GmbH R
eve
rse
Pro
xy
Client
• The core functionality of any API Gateway • In simple situations and in the beginning often covers all requirements • Very easy …
• to set up • to scale • to provide high availability
Single endpoint
Internal (not exposed)
Living on the Edge: API Gateways NovaTec Consulting GmbH
server { listen 443; listen [::]:443; # .... location /users { proxy_pass http://localhost:8081; } location /comments { proxy_pass http://localhost:8082; } location /images { proxy_pass http://localhost:8083; } }
Simple nginx configuration
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Manage deployments, authorization, authentication, monitoring, … as a Service
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Exports • Canary for moving things into production
Amazon API Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
• API Gateway as fully managed solution
• Manage endpoints, integrations, documentation, …
• High availability, scalability without effort
• Mind the latency for non-AWS integrations!
Living on the Edge: API Gateways NovaTec Consulting GmbH
Netflix Zuul
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Zuul is a JVM based router and server side load balancer by Netflix
• Spring Cloud has created an embedded Zuul proxy
• Based on Spring Boot
• Deeply rooted in the microservice ecosystem
Netflix Zuul
Living on the Edge: API Gateways NovaTec Consulting GmbH
Client
(Micro-)Service
Netflix Zuul
pre filters routing filters post filters
Design of Zuul
HTTP Request HTTP Response
Living on the Edge: API Gateways NovaTec Consulting GmbH
@SpringBootApplication @EnableZuulProxy class ZuulEdgeServiceApplication fun main(args: Array<String>) { run( ZuulEdgeServiceApplication:: class.java, *args) }
Creating an edge service with Zuul
Spring Boot start class ZuulEdgeServiceApplication.kt
server: port: 8888 zuul: routes: users: path: /users/** url: http://localhost:8081/users/ comments: path: /comments/** url: http://localhost:8082/comments images: path: /images/** url: http://localhost:8083/images/
Configuration file application.yml
Living on the Edge: API Gateways NovaTec Consulting GmbH
@Component class AuthorizationFilter : ZuulFilter() { override fun run(): Any? { val ctx = RequestContext.getCurrentContext() val value = WebUtils.getCookie(ctx.request, "customer-Id")?.value ?: "" if (value.isNotEmpty()) { ctx.addZuulRequestHeader(HttpHeaders.AUTHORIZATION, value) return null } else { ctx.responseStatusCode = HttpStatus.BAD_REQUEST.value() ctx.setSendZuulResponse(false) throw ZuulRuntimeException( ZuulException("Cookie 'customer-Id' missing.", HttpStatus.BAD_REQUEST.value(), null)) } }
…
Implementing a „pre filter“
Zuul filter class AuthorizationFilter.kt (1/2)
Living on the Edge: API Gateways NovaTec Consulting GmbH
… override fun filterType(): String { return FilterConstants.PRE_TYPE } override fun shouldFilter(): Boolean { return true } override fun filterOrder(): Int { return 0 } }
Implementing a „pre filter“
Zuul filter class AuthorizationFilter.kt (2/2)
Living on the Edge: API Gateways NovaTec Consulting GmbH
Spring Cloud Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Built on top of the reactive Spring ecosystem: • Based on Spring 5, Project Reactor and Spring Boot 2.0
• Easily usable predefined filters
• Simple way to create custom filters
• Predicates and filters are specific to routes
• Configuration • Via configuration file (application.yml) • Via fluent routes API DSL
Spring Cloud Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
@SpringBootApplication class SpringCloudGatewayApplication {
@Bean fun customRouteLocator(builder: RouteLocatorBuilder, authFilter: AuthorizationFilterFactory): RouteLocator = builder.routes { route(id = "users") { path("/users") uri("http://localhost:8081/users") filters { filter(authFilter.apply(EMPTY_TUPLE)) } }
… }
@Bean fun authorizationFilterFactory(): AuthorizationFilterFactory { return AuthorizationFilterFactory() }
Start class with Spring Cloud Gateway
Living on the Edge: API Gateways NovaTec Consulting GmbH
class AuthorizationFilterFactory : GatewayFilterFactory {
override fun apply(args: Tuple): GatewayFilter {
return GatewayFilter { exchange, chain -> val cookie = exchange.request.cookies.getFirst("customer-Id")
if (cookie?.value.isNullOrEmpty()) { exchange.response.statusCode = HttpStatus.BAD_REQUEST exchange.response.setComplete() } else { val request = exchange.request .mutate() .header(HttpHeaders.AUTHORIZATION, cookie.value) .build() chain.filter(exchange.mutate().request(request).build()) } } }
Implementing a custom FilterFactory
Filter factory class AuthorizationFilterFactory.kt
What you gain…
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Centralized, controllable entry into microservice environment
• Simplicity for clients
• One endpoint • Internal changes can often be concealed • Potential client-specific optimization
• One location to handle SSL
• Cross-functional message manipulation
… and the downsides
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Additional services additional management effort
• Single Point of Failure by choice
• Must be highly available • Also think of redeployment! • Must scale
• Adds to overall latency
• Defines and limits communication capabilities
• HTTP 2 • Non-blocking/endless streams • …
What you can use
Living on the Edge: API Gateways NovaTec Consulting GmbH
• Plenty of implementations
• Varying level of control … and effort
Control + Effort
Links
Living on the Edge: API Gateways NovaTec Consulting GmbH
• https://github.com/csh0711/edge-services
• https://blog.novatec-gmbh.de
• https://www.nginx.com/resources/wiki/
• https://aws.amazon.com/api-gateway/
• https://cloud.spring.io/spring-cloud-netflix/
• https://cloud.spring.io/spring-cloud-gateway/