API Gateway
Meet... Evil Corp!


Quick rebranding
IoT is trendy...

...so let's do our own...
...with this glorious architecture!

1k devices sold later

1M devices sold later

The horrible truth


The horrible truth

Enter API Gateway

Unified SSL termination

Unified SSL termination
- Automatic renewal
- No duplication of keys on servers
- Lower resource usage for applications
- SNI
Unified logging

Unified logging
- Single format
- Smart parsing of logs (i.e. for auto-scaling, error recovery etc.)
- Request tracking (Correlation ID)
- Easy outsourcing (DataDog)
Single authentication

Single authentication
- Stateless authentication
- Great support for standards like OAuth or JWT
- Applications receive already verified user ID as HTTP header
- Much smaller attack vector
Advanced rate limiting

Advanced rate limiting
- Interconnected statistics
- Site-wide rate limiting
- Dynamic (smart) filters
- Global kill switch
Common cache

One more big reason

How you think it's working

How it's really working

* Twitter's Wheel of Doom

The Proper Way™


The Proper Way™

So where is the place for Kubernetes?
Quick look at cluster

Access only through LB

API Gateway as main service

Ingressing other services

Each with multiple pods

What if whole zone goes down?

Multi-zone API Gateway

Want to learn more?
- getkong.org (best API Gateway)
- design patterns for microservices (by Microsoft)
- microservices.io (also section about API Gateway)
- slides.com/imanel/api-gateway (this presentation)
Questions?
Thanks!

API Gateway
By Bernard Potocki
API Gateway
- 1,344