Living on the Edge: API Gateways - Entwicklertag · 2018. 2. 22. · Living on the Edge: API...

Living on the Edge:

API Gateways

NovaTec Consulting GmbH

Frankfurter Entwicklertag 21. Februar 2018

Christian Schwörer

[email protected] Constantin Weißer

[email protected]

Microservices without an API Gateway

Living on the Edge: API Gateways NovaTec Consulting GmbH

Single Page Application

Images User

Mobile App

Challenges: • Same Origin Policy • Cross cutting concerns:

• Authentication • SSL-Termination • (Security-)Header • …

• Protecting internal endpoints • Microservice Evolution, Migrations

Comments

Microservices with an API Gateway


Single Page Application

Images User

Mobile App

Challenges: • Same Origin Policy ✓ • Cross cutting concerns:

• Authentication ✓ • SSL-Termination ✓ • (Security-)Header ✓ • …

• Protecting internal endpoints ✓ • Microservice Evolution, Migrations ✓

Comments

API Gateway

Simple Scenario


Images

User

Comments

AP

I Gat

eway

Client Cookie: customer-Id

Authorization-Header




Reverse Proxy

Reverse Proxy

Living on the Edge: API Gateways NovaTec Consulting GmbH R

eve

rse

Pro

xy

Client

• The core functionality of any API Gateway • In simple situations and in the beginning often covers all requirements • Very easy …

• to set up • to scale • to provide high availability

Single endpoint

Internal (not exposed)


server { listen 443; listen [::]:443; # .... location /users { proxy_pass http://localhost:8081; } location /comments { proxy_pass http://localhost:8082; } location /images { proxy_pass http://localhost:8083; } }

Simple nginx configuration


Amazon API Gateway

Amazon API Gateway


• Manage deployments, authorization, authentication, monitoring, … as a Service

Amazon API Gateway


• Exports • Canary for moving things into production

Amazon API Gateway


• API Gateway as fully managed solution

• Manage endpoints, integrations, documentation, …

• High availability, scalability without effort

• Mind the latency for non-AWS integrations!


Netflix Zuul


• Zuul is a JVM based router and server side load balancer by Netflix

• Spring Cloud has created an embedded Zuul proxy

• Based on Spring Boot

• Deeply rooted in the microservice ecosystem

Netflix Zuul


Client

(Micro-)Service

Netflix Zuul

pre filters routing filters post filters

Design of Zuul

HTTP Request HTTP Response


@SpringBootApplication @EnableZuulProxy class ZuulEdgeServiceApplication fun main(args: Array<String>) { run( ZuulEdgeServiceApplication:: class.java, *args) }

Creating an edge service with Zuul

Spring Boot start class ZuulEdgeServiceApplication.kt

server: port: 8888 zuul: routes: users: path: /users/** url: http://localhost:8081/users/ comments: path: /comments/** url: http://localhost:8082/comments images: path: /images/** url: http://localhost:8083/images/

Configuration file application.yml


@Component class AuthorizationFilter : ZuulFilter() { override fun run(): Any? { val ctx = RequestContext.getCurrentContext() val value = WebUtils.getCookie(ctx.request, "customer-Id")?.value ?: "" if (value.isNotEmpty()) { ctx.addZuulRequestHeader(HttpHeaders.AUTHORIZATION, value) return null } else { ctx.responseStatusCode = HttpStatus.BAD_REQUEST.value() ctx.setSendZuulResponse(false) throw ZuulRuntimeException( ZuulException("Cookie 'customer-Id' missing.", HttpStatus.BAD_REQUEST.value(), null)) } }

…

Implementing a „pre filter“

Zuul filter class AuthorizationFilter.kt (1/2)


… override fun filterType(): String { return FilterConstants.PRE_TYPE } override fun shouldFilter(): Boolean { return true } override fun filterOrder(): Int { return 0 } }

Implementing a „pre filter“

Zuul filter class AuthorizationFilter.kt (2/2)


Spring Cloud Gateway


• Built on top of the reactive Spring ecosystem: • Based on Spring 5, Project Reactor and Spring Boot 2.0

• Easily usable predefined filters

• Simple way to create custom filters

• Predicates and filters are specific to routes

• Configuration • Via configuration file (application.yml) • Via fluent routes API DSL

Spring Cloud Gateway


@SpringBootApplication class SpringCloudGatewayApplication {

@Bean fun customRouteLocator(builder: RouteLocatorBuilder, authFilter: AuthorizationFilterFactory): RouteLocator = builder.routes { route(id = "users") { path("/users") uri("http://localhost:8081/users") filters { filter(authFilter.apply(EMPTY_TUPLE)) } }

… }

@Bean fun authorizationFilterFactory(): AuthorizationFilterFactory { return AuthorizationFilterFactory() }

Start class with Spring Cloud Gateway


class AuthorizationFilterFactory : GatewayFilterFactory {

override fun apply(args: Tuple): GatewayFilter {

return GatewayFilter { exchange, chain -> val cookie = exchange.request.cookies.getFirst("customer-Id")

if (cookie?.value.isNullOrEmpty()) { exchange.response.statusCode = HttpStatus.BAD_REQUEST exchange.response.setComplete() } else { val request = exchange.request .mutate() .header(HttpHeaders.AUTHORIZATION, cookie.value) .build() chain.filter(exchange.mutate().request(request).build()) } } }

Implementing a custom FilterFactory

Filter factory class AuthorizationFilterFactory.kt

What you gain…


• Centralized, controllable entry into microservice environment

• Simplicity for clients

• One endpoint • Internal changes can often be concealed • Potential client-specific optimization

• One location to handle SSL

• Cross-functional message manipulation

… and the downsides


• Additional services additional management effort

• Single Point of Failure by choice

• Must be highly available • Also think of redeployment! • Must scale

• Adds to overall latency

• Defines and limits communication capabilities

• HTTP 2 • Non-blocking/endless streams • …

What you can use


• Plenty of implementations

• Varying level of control … and effort

Control + Effort

Links


• https://github.com/csh0711/edge-services

• https://blog.novatec-gmbh.de

• https://www.nginx.com/resources/wiki/

• https://aws.amazon.com/api-gateway/

• https://cloud.spring.io/spring-cloud-netflix/

• https://cloud.spring.io/spring-cloud-gateway/

Living on the Edge: API Gateways - Entwicklertag · 2018. 2. 22. · Living on the Edge: API...

Documents

Transcript of Living on the Edge: API Gateways - Entwicklertag · 2018. 2. 22. · Living on the Edge: API...