API Gateway
Meet... Evil Corp!
Quick rebranding
IoT is trendy...
...so let's do our own...
...with this glorious architecture!
1k devices sold later
1M devices sold later
The horrible truth
The horrible truth
Enter API Gateway
Unified SSL termination
Unified SSL termination
- Automatic renewal
- No duplication of keys on servers
- Lower resource usage for applications
- SNI
Unified logging
Unified logging
- Single format
- Smart parsing of logs (i.e. for auto-scaling, error recovery etc.)
- Request tracking (Correlation ID)
- Easy outsourcing (DataDog)
Single authentication
Single authentication
- Stateless authentication
- Great support for standards like OAuth or JWT
- Applications receive already verified user ID as HTTP header
- Much smaller attack vector
Advanced rate limiting
Advanced rate limiting
- Interconnected statistics
- Site-wide rate limiting
- Dynamic (smart) filters
- Global kill switch
Common cache
One more big reason
How you think it's working
How it's really working
* Twitter's Wheel of Doom
The Proper Way™
The Proper Way™
So where is the place for Kubernetes?
Quick look at cluster
Access only through LB
API Gateway as main service
Ingressing other services
Each with multiple pods
What if whole zone goes down?
Multi-zone API Gateway
Want to learn more?
- getkong.org (best API Gateway)
- design patterns for microservices (by Microsoft)
- microservices.io (also section about API Gateway)
- slides.com/imanel/api-gateway (this presentation)
Questions?
Thanks!
