Kong is an open source distributed API gateway under the cloud native architecture of Mashape. Its performance and scalability are excellent among similar components. There are a number of plugins available and Kong can extend existing features with plugins.

Main contents of this paper:

  • What is a cloud native Gateway?
  • Kong is introduced
  • The basic architecture of Kong
  • Use Kong to build the service gateway
  • Several common plug-in applications
  • The practice of customizing plug-ins

This article is long, and the second half of the content will be introduced in the next article, so please pay attention.

What is a cloud native Gateway

What is cloud native

The title of this article is: API Gateway Practices in cloud Native Architectures. First of all, let’s talk about the specific definition of cloud native.

Pivotal is the originator of Cloud native application, and has launched the Pivotal Cloud Foundry Cloud native application platform and Spring open source Java development framework, becoming a pioneer and pathfinder in Cloud native application architecture. Matt Stine of Pivotal’s definition of cloud native application architecture offers a few key features:

  • Accord with 12 factor application
  • Microservices Oriented architecture
  • Self-service Agile architecture
  • Api-based collaboration
  • Resistance of vulnerability

With the development of technology, the concept of cloud native is constantly improving. The definition of cloud native will change in the future. This article refers to the definition of CNCF V1.0:

Cloud native technologies enable organizations to build and run applications that can scale flexibly in new dynamic environments such as public, private and hybrid clouds. Cloud native technologies include containers, service grids, microservices, immutable infrastructure, and declarative apis.

Therefore, one of the most important features of a cloud native gateway is its ability to quickly integrate into a continuously published cloud native environment.

Why do YOU need an API gateway?

When using a singleton application architecture, the client (Web or mobile) makes a REST call to the back-end application to retrieve the data. The load balancer routes requests to one of N identical application instances. The application then queries the various database tables and returns the responses to the client. In the microservice architecture, a single application is divided into multiple microservices. If all the microservices are directly exposed to the outside world, various security problems are bound to occur.

Clients can directly send requests to each microservice, and the main problems are as follows:

  • Client requirements do not match the fine-grained apis exposed by each microservice.
  • Some services use protocols that are not Web friendly. Thrift binary RPC may be used, or the AMQP messaging protocol may be used.
  • Microservices are difficult to refactor. If two services are merged, or a service is split into two or more services, this kind of refactoring becomes very difficult.

The direct exposure of each service on the server side to the client invocation is bound to cause various problems. At the same time, the individual services on the server side are poorly extensible and scalable. The API gateway is a fundamental component in the microservices architecture, located below the access layer and above the business services layer. These functions are suitable for implementation in the API gateway as described earlier.

Open source components for service gateways include Netflix Zuul, Spring Cloud Gateway, Kong, Traefik, NGINX, and Service Gateway type Envoy. The Spring Cloud Gateway, a new programmable Gateway, has been introduced in previous articles. This article mainly introduces the modern micro service gateway Kong. In the introduction of Kong’s official website, the first feature is Kong’s cloud native property: regardless of platform, Kong can run from bare machine to Kubernetes. This article is based on Kong 1.2.1, and the custom plug-in part will involve part of Lua coding, which is suitable for server-side developers and o&M personnel.

Kong is introduced

Mashape’s open source high performance and high availability API gateway and API services management — KONG (based on NGINX) features the ability to extend existing functionality through plug-ins (written in Lua) that are executed during the lifecycle of the API request response cycle. At the same time, KONG itself provides basic functions including HTTP basic authentication, key authentication, CORS, TCP, UDP, file logging, API request traffic limiting, request forwarding and NGINX monitoring. Currently, Kong manages over 15,000 apis on Mashape, supporting billions of requests per month for 200,000 developers.

  1. When we decide to micro-service the application, the question of how the application client interacts with the micro-service comes along. After all, the increase in the number of services directly leads to the difficulty of deployment authorization, load balancing, communication management, analysis and change.

    The API GATEWAY provides access restriction, security, traffic control, analysis monitoring, logging, request forwarding, compositing, and protocol transformation capabilities that free developers to focus on specific logic code. Instead of spending time figuring out how to link apps to other microservices.

  2. Among many API GATEWAY frameworks, Mashape’s high performance and high availability API GATEWAY and API service management layer — Kong (based on NGINX) is particularly prominent. It can extend existing functions through plug-ins. These plug-ins (written in Lua) are executed during the lifecycle of the API request response cycle. At the same time, KONG itself provides HTTP basic authentication, key authentication, CORS, TCP, UDP, file logging, API request traffic limiting, request forwarding, NGINX monitoring and other basic functions. Currently, Kong manages over 15,000 apis on Mashape, supporting billions of requests per month for 200,000 developers.

The basic architecture of Kong

Kong is Mashape open source high-performance high availability API gateway and API service management, a high availability service gateway written based on the Nginx_Lua module. Since Kong is based on Nginx, it can be extended to multiple Kong servers. Requests are evenly distributed to each Server through pre-configured load balancing configuration to cope with a large number of network requests.

Photo credit: Kong

Kong has three main components:

  • Kong Server: Nginx-based Server used to receive API requests.
  • Apache Cassandra/PostgreSQL: Used to store operational data.
  • Kong Dashboard: The official recommended UI management tool, of course, you can also use restfull to manage the Admin API.

Kong uses a plug-in mechanism for functionality customization, where a set of plug-ins (which can be 0 or N) is executed during the lifecycle of the API request response cycle. The plug-in is written using Lua, and its basic functions include HTTP basic authentication, key authentication, CROSS-origin Resource Sharing (CORS), TCP, UDP, file logging, API request flow limiting, request forwarding, and Nginx monitoring.

The Kong gateway has the following features:

  • Scalability: Horizontal scaling is easy by simply adding more servers, which means your platform can handle any request with a lower load;
  • Modularity: Can be extended by adding new plug-ins that can be easily configured through the RESTful Admin API;
  • Run on any infrastructure: The Kong Gateway can run anywhere. You can deploy Kong in a cloud or internal network environment, including single or multiple data center Settings, and public, private, or invite-only APIs.

The term

An introduction to the terms commonly used in Kong, which will be used frequently in the following practices.

  • Route: forwards requests to Service according to Hostname and PATH.
  • “Services: a collection of upstreams, the forwarding target of a Route”
  • Consumer: user of API, recording user information;
  • Plugin: a plug-in that can be global or bound to a Service, Router, or Consumer.
  • Certificate: Certificate configured in HTTPS.
  • Sni: the binding of domain name and Certificate, specifying the HTTPS Certificate corresponding to a domain name.
  • Upstream: the Upstream object is used to represent the virtual host name and load balance requests when multiple services are available.
  • Target: Backend service that ultimately processes requests.

Use Kong to build the service gateway

Requests from clients are first processed by the micro service gateway. Some common functions take effect at the gateway, namely plug-ins in Kong, and then requests are forwarded to the corresponding Backend service, as shown in the following figure.

Image source: https://konghq.com/blog/kong-1-0-ga/

Install the practice

Currently with the latest version 1.2 of Kong, Kong can be installed in a variety of ways. The following installation methods are officially supported:

Photo credit: Kong

In addition to the official installation methods, there are other installation methods provided by the community. For details, see konghq.com/install/.

For convenience, the author installed it based on docker. The images, dependencies, and parameters defined in docker-comemage.yml are as follows:

version: "3.7"
services:
  kong:
    image: Kong: 1.1.2
    environment:
     - "KONG_DATABASE=postgres"
     - "KONG_PG_HOST=kong-database"
     - "KONG_CASSANDRA_CONTACT_POINTS=kong-database"
     - "KONG_PROXY_ACCESS_LOG=/dev/stdout"
     - "KONG_ADMIN_ACCESS_LOG=/dev/stdout"
     - "KONG_PROXY_ERROR_LOG=/dev/stderr"
     - "KONG_ADMIN_ERROR_LOG=/dev/stderr"
     - "KONG_ADMIN_LISTEN = 0.0.0.0:8001, 0.0.0.0:8444 SSL"
    ports:
     - 8000: 8000
     - 8443: 8443
     - 8001: 8001
     - 8444: 8444
    networks:
     - kong-net
    depends_on:
      - kong-database
  konga:
    image: pantsel/konga
    environment:
     - "TOKEN_SECRET=blueskykong.com"
     - "NODE_ENV=production"
    ports:
     - 8080: 1337
    networks:
     - kong-net

    depends_on:
      - kong-database
  kong-database:
    image: Postgres: 9.6
    ports:
      - "5432:5432"
    environment:
      - POSTGRES_USER=kong
      - POSTGRES_DB=kong
    networks:
      - kong-net
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /data/data/postgresql:/var/lib/postgresql/data

networks:
  kong-net:
    external: true
Copy the code

As shown above, docker-comemage. yml starts three container services: Kong, Konga, and Kong-database. The communication between these three containers needs to add a network segment, put the containers in the same network segment, and modify the relevant links to the container name to access:

docker network create kong-net
Copy the code

Konga is the Dashboard of Kong, a JS-based client management tool, and the exposed port is 8080. Kong-database is kong’s database service that stores configuration information. Postgres is used here. Note that before starting the Kong container, you need to keep the Docker container of the database running and perform the following operations to initialize the database:

docker run --rm \
     --network=kong-net \
     -e "KONG_DATABASE=postgres" \
     -e "KONG_PG_HOST=kong-database" \
     kong:latest kong migrations bootstrap
Copy the code

Once the database is successfully initialized, start the docker-comemage.yml service again. We see that Kong maps multiple ports. By default, Kong listens on:

  • 8000: This port is used by Kong to listen for HTTP requests coming from clients and forward the requests to the host server. (Kong forwards to the real background service address according to the configured rules)
  • 8443: This port is used by Kong to listen for incoming HTTPS requests from clients. It is similar to the function of port 8000, forwarding HTTPS requests. You can disable it by modifying the configuration file;
  • 8001: Admin API. Through this port, managers can configure Kong’s listening service. Plug-in Settings, API additions, deletions, modifications, and load balancing are all managed through port 8001.
  • 8444: Through this port, the administrator can monitor HTTPS requests.

With all the containers started, let’s verify:

Curl -i http://localhost:8001/ HTTP/1.1 200 OK Date: Sat, 20 Jul 2019 08:39:08 GMT Content-Type: Application /json; Charset = UTF-8 Connection: keep-alive access-Control-allow-Origin: * Server: kong/1.1.2 Content-Length: 5785...Copy the code

If the preceding information is displayed, the installation is correct and Kong can be used normally. Visit http://localhost:8080 To access Konga’s management interface, you need to create an administrator account and password for the first login.

For more information, see the installation documentation on the official website. Now that Kong and the administration tools are installed, it’s time to get into the API Gateway practice.

Create a service

As we explained in the terminology section, a service is an abstraction of an upstream service, which can be an application or a concrete interface. Kong provides the management interface. We can create the management interface directly by requesting 8001 or through the installed management interface. The effect is the same.

curl -i -X POST \
--url http://localhost:8001/services/ \
--data 'name=aoho-blog' \
--data 'url=http://blueskykong.com/'
Copy the code

We create a service called aoho-blog and specify the forwarding address as http://blueskykong.com. You can see the following records on the management page:

Create routing

Once the service is created, we need to create a concrete API route. Routing is a forwarding rule for requests, which are forwarded according to Hostname and PATH.

curl -i -X POST \
--url http://localhost:8001/services/aoho-blog/routes \
--data 'hosts[]=blueskykong.com' \
--data 'paths[]=/api/blog'
Copy the code

Aoho-blog creates a route to/API /blog, and you can see the corresponding record in the admin interface:

With the route created, we can access/API /blog.

Kong processes proxy requests through port 8000 by default. A successful response means that Kong forwards the request from http://localhost:8000 to the configured URL and forwards the response to us. Note that if the address exposed by the API is not the same as the address defined by Host (blueskykong.com), then you need to add Headers to the request. Kong performs this operation according to the Header: Host specified in the request.

summary

This article mainly introduces concepts related to cloud native and cloud native gateway, and then specifically introduces the features and basic architecture of Kong, the protagonist of this article. It focuses on how to use Kong to build a service gateway. There are many plugins available from the Kong official and community. The common use of plugins in Kong and how to customize your own Kong plugins will be explained below.

Recommended reading

API Gateway practices in cloud native architecture

Subscribe to the latest articles, welcome to follow my official account