API Gateway

Meet... Evil Corp!

Quick rebranding

IoT is trendy...

...so let's do our own...

...with this glorious architecture!

1k devices sold later

1M devices sold later

The horrible truth

The horrible truth

Enter API Gateway

Unified SSL termination

Unified SSL termination

  • Automatic renewal                                           
  • No duplication of keys on servers                                       
  • Lower resource usage for applications                                                       
  • SNI

Unified logging

Unified logging

  • Single format                                                           
  • Smart parsing of logs (i.e. for auto-scaling, error recovery etc.)                                                           
  • Request tracking (Correlation ID)                   
  • Easy outsourcing (DataDog)

Single authentication

Single authentication

  • Stateless authentication                                                 
  • Great support for standards like OAuth or JWT                                                                                  
  • Applications receive already verified user ID as HTTP header                                                                  
  • Much smaller attack vector

Advanced rate limiting

Advanced rate limiting

  • Interconnected statistics                                                
  • Site-wide rate limiting                                                         
  • Dynamic (smart) filters                                                    
  • Global kill switch

Common cache

One more big reason

How you think it's working

How it's really working

* Twitter's Wheel of Doom

The Proper Way

The Proper Way

So where is the place for Kubernetes?

Quick look at cluster

Access only through LB

API Gateway as main service

Ingressing other services

Each with multiple pods

What if whole zone goes down?

Multi-zone API Gateway

Want to learn more?

  • getkong.org (best API Gateway)                                   
  • design patterns for microservices (by Microsoft)                                                                        
  • microservices.io (also section about API Gateway)                                                                          
  • slides.com/imanel/api-gateway (this presentation)