Flexible, hybrid API-led software architectures with Kong

© OPITZ CONSULTING 2020
¢¢¢ Digitale Service Manufaktur
Sven Bernhardt, Chief Architect / Integration
Evangelist
Flexible, hybrid API-led
software architectures
with Kong

© OPITZ CONSULTING 2020 Flexible, hybrid API-led software architectures with Kong
That’s me
Sven Bernhardt
Cloud-Native enthusiast, API & integration geek. Always curious how new
technologies and concepts can help to make things more valuable and
efficient.
Proud father of a son, soccer fan and player. Loves listening to good hand-
made music (Heavy Metal) and attending festivals.
¢ Chief Architect / Integration Evangelist
@OPITZ CONSULTING Deutschland GmbH
¢ Oracle ACE Director
@sbernhardt
https://svenbernhardt.wordpress.com/
Seite 2

© OPITZ CONSULTING 2020 Seite 3
Agenda
1
2
3
4
5
Why API-led?
API Management with Kong
Kong Deployment options
Demo
Summary
Flexible, hybrid API-led software architectures with Kong

Why API-led?
1

API-led architectures enables access to business
capabilities in a secure, comprehensible way
¢ Provides a standard-based interface for accessing the functionality
¢ Decouples Consumer and Provider
¢ Implements cross-cutting concerns, declared as policies
¢ AuthN/AuthZ
¢ Throttling/Rate Limit
¢ Routing
¢ Caching
¢ …
¢ Policy enforcement done by a specific runtime component
µService
API
API Exposure
Seite 5

APIs further agility and help to create new digital
products and services
Source: Enterprise API Management, Luis Weir, 2019
Seite 6

Standard(On-
Prem)
DigitalProduct
Monolith
DigitalProduct
Business Domain
Shared Application Platform
Shared Services (Foundation)
Hybrid, flexible Infrastructure
Standard(On-
Prem)
StandardSaaS
Business DomainBusiness Domain
Digital Product
Overall vision: Business-driven product-centric
application world
Flexible, hybrid API-led software architectures with Kong Seite 7

IT system landscapes nowadays are hybrid,
heterogenous and often consists of data silos
¢ Hybrid: Apps are starting to be distributed across both Cloud and on-
premises
¢ Heterogenous:
¢ Monolithic systems
¢ Legacy applications (Mainframe-based)
¢ Custom “standard” software (like custom ERP solutions, etc.)
¢ Commerical off-the-shelf solutions (COTS)
¢ Software as a Service solutions (SaaS)
¢ Cloud-native apps
¢ Function-based apps (FaaS)
Source: https://tinyurl.com/yyx3yzg9
Seite 8

API Management with Kong
2

Kong Gateway architecture
¢ Kong Microservice API Gateway
¢ Lightweight
¢ Scalable
¢ Modular
¢ Infrastructure-agnostic
¢ Deployed on top of reliable technologies
¢ NGINX
¢ PostgreSQL or Apache Cassandra
¢ Extensible using Plugins and other Open Source
compnents
¢ API-driven: Fully configurable using a REST API
Source: https://tinyurl.com/yxvhp6ej
Seite 10

Kong API Platform components
Source: https://tinyurl.com/yyksp3pa
Seite 11

Kong basics
µService
2
µService
1Client 1
Client 2
Client 3 COTS
GET
POST, PUT, DELETE
GET, POST, PUT, DELETE
Clients
Services
Routes
Backend
apps
Seite 12

Kong basics
µService
2
µService
1
Route Service
Client 1
µService
2
Route
Client 2
Plugins
Upstream
Consum
er
Seite 13

Kong persistence
¢ Types of data stored by Kong Gateway
¢ Configuration data, for Services, Routes, Plugins or Cluster configuration
¢ API usage data
¢ Different persistence options depending on data classification and use
case
Configuration &
API Usage data
Configuration &
API Usage data
API Usage data
Seite 14

Even more lightweight with Kong DB-less mode
¢ Kong can run without a database (DB-less mode since Kong 1.1)
¢ Configuration is managed declaratively using a respective file
¢ Benefits:
¢ Reduced number of dependencies
¢ Good fit for automation in CI/CD scenarios
¢ More flexible deployment option for Kong Gateway
¢ Restrictions:
¢ Features in Kong Enterprise that requires DB (Dev Portal, Brain, Immunity, etc.)
¢ Not all Plugins are fully compatible with DB-less mode (Further details see here)
Seite 15

Kong management and configuration
¢ Admin API (REST)
¢ Easy to use and to integrate in CI/CD pipelines
¢ Only needs HTTP CLI tool like CURL or HTTPie
¢ Konga Admin UI
¢ Leverages Admin API functionality
¢ Allows Kong basic administration
¢ Open Source
¢ Kong Manager
¢ Leverages Admin API functionality
¢ Allows Kong administration and API Usage tracking
¢ Commercial version (Kong Enterprise)
Seite 16

Deployment options
3

Classic deployment model
¢ Usually we don’t start on a green field!
¢ Applications deployed directly on Bare Metal server
¢ Applicatoins deploed in virtualized environments
¢ Model:
¢ Deployment on Bare Metal
¢ Deployment on Virtual Machines (Vagrant)
¢ Dockerized Deployment
¢ Scenarios:
¢ Mainly Legacy/COTS applications
¢ Kong as Edge Gateway in DMZ
VM / Bare Metal Host COTS
Legacy
Client
ESB
External/ Internet DMZ Internal
Seite 18

Distributed deployment model
¢ API Gateway is like a door to enterprises
to provide digital products and service
to consumers
¢ Shouldn’t be Single point of failure (High
Availability is mandatory)
¢ Model:
¢ Kong Cluster using PostgreSQL
¢ Kong Cluster using Cassandra
¢ Scenarios:
¢ Single DC setups
VM / Bare
Metal Host
VM / Bare
Metal Host
VM / Bare
Metal Host
VM / Bare
Metal Host
Loadbalancer
Loadbalancer
DC 1
Seite 19

Distributed deployment model
¢ API Gateway is like a door to enterprises to
provide digital products and service to
consumers
¢ Shouldn’t be Single point of failure (High
Availability is mandatory)
¢ Model:
¢ Kong Cluster using PostgreSQL
¢ Kong Cluster using Cassandra
¢ Scenarios:
¢ Multi DC setups
VM / Bare
Metal Host
VM / Bare
Metal Host
VM / Bare
Metal Host
VM / Bare
Metal Host
DC 1
DC 2
Loadbalancer
Seite 20

Have you heard of something called „Kubernetes“?
¢ Kubernetes is the new de-facto
application platform
¢ Container orchestration platform
developed by Google
¢ Abstracts Infrastructure, Network &
Storage
¢ Cloud technologies enable infinite
scalability and elasticity on a
infrastructure level
Seite 21

Kong and Kubernetes (Microgateway)
¢ API Gateway should run as close as possbile
to the services to secure
¢ Run Kong in a Kubernetes-native fashion
¢ Kong can be run in a Microgateway-style on
Kubernetes
¢ Run multiple Kong replicas
¢ Kong service is exposed using
¢ Load Balancer (K8s Service of type Loadbalancer)
¢ Kubernetes Ingress
¢ Use external DB or use DB-less mode
¢ Configuration is done using REST API
µSvc1
µSvc 2
PostgresSQL Cluster
Client
Seite 22

Kong and Kubernetes (Kubernetes Ingress)
¢ API Gateway should run as close as possbile
to the services to secure
¢ Run Kong in a Kubernetes-native fashion
¢ Kong can be run as Kubernetes Ingress1
¢ Extends Kubernetes using Custom Resource
Definitions (CRDs)
¢ KongPlugins
¢ KongConsumers
¢ KongCredentials
¢ KongIngress
¢ Uses Kubernetes etcd for Kong configuration data
¢ Note restrictions because of DB-less mode
µSvc1
µSvc 2
Client
1)
Open Source: Kong Ingress Controller
Enterprise. Kong for Kubernetes Enterprise
Seite 23

Benefits and limitations of Kong deployded in Ingress
mode
¢ Kubernetes-native management of Kong resources
¢ Avoid another level of abstraction
¢ Kong in Microgateway mode needs to be exposed from Kubernetes Cluster
¢ Less dependencies because no database is involved
¢ Kong in ingress mode also has its limitations:
¢ Plugin incompatibility
¢ Kong Enterprise:
¢ Kong Manager read-only
¢ Kong Dev Portal not available
¢ No support for additional Enterprise features like Kong Brain or Immunity
Seite 24

Hybrid architecture to connect Cloud and On-premises
¢ The world is hybrid!
¢ Multi-Cloud will be default, not an
exception!
¢ Run Kong in hybrid mode
¢ Control Plane (CP), where configuration is
managed and the Admin API is served
from
¢ Data Plane (DP), which serves traffic for
the proxy
On-premises
CP
DP
DP
DP
Seite 25

Benefits and limitations of Kong hybrid mode
¢ Separation into CP and DP brings the following advantages:
¢ Deployment flexibility
¢ Increased reliability
¢ Traffic reduction
¢ Increased security
¢ Ease of management
¢ Hybrid mode also has its limitations:
¢ Configuration inflexibility
¢ Plugin incompatibility
¢ Custom Plugins need to be deployed on both the CP and the DP
Seite 26

Demo
4

© OPITZ CONSULTING 2020 Flexible, hybrid API-led software architectures with Kong Seite 28
Demo scenario
¢ Create Kong API definition
¢ Service
¢ Route
¢ Add plugins and a consumer
¢ Key-Auth
¢ Rate limit
¢ Kong administration is done using
¢ Kong Admin API
¢ Konga Admin UI
¢ decK
Demo-Code: https://github.com/svenbernhardt/kong-simple-demo
Client Demo
Svc
Konga

Kong decK
¢ Simple CLI tool
¢ Helps to manage Kong configurations in a declarative way
¢ Main purpose:
¢ Sync configuration o a running Kong cluster
¢ Diff configurations to discover manual changes
¢ Backup the current configuration
¢ Ideally to support CI/CD requirements and build automation
¢ More about decK: https://tinyurl.com/y27hf85q
Seite 29

Summary
5

© OPITZ CONSULTING 2020 Flexible, hybrid API-led software architectures with Kong Seite 31
Key takeaways
¢ Kong is a modern next-gen API platform that help to gain agility
¢ Flexible and lightweight
¢ Scalable
¢ Extensible
¢ Ease-of-use with respect to
¢ Monitoring
¢ Configuration
¢ Operations
¢ Kong API Gateway is capable to tackle different challenges and address
multiple use cases
¢ Hybrid
¢ Multi Cloud
¢ On-premise

With great power, comes great responsibility - Avoid API
sandwich architectures
Seite 32
Source: https://tinyurl.com/y5zxgjz4

Q & A

¢¢¢ Digitale Service Manufaktur
@OC_WIRE
OPITZCONSULTING
opitzconsulting
opitz-consulting-bcb8-1009116
WWW.OPITZ-CONSULTING.COM
Thanks for your attention!
Sven Bernhardt
Chief Architect / Integration Evangelist | Oracle ACE Director
OPITZ CONSULTING Deutschland GmbH
Kirchstrasse 6, 51647 Gummersbach, Germany
Phone: +49 172 2193529
Mail: sven.bernhardt@opitz-consulting.com
@sbernhardt
https://svenbernhardt.wordpress.com
Seite 34

API Management and Big Data
¢ Project Purpose: Implement a Big Data platform for
¢ Data collection and processing
¢ Data analysis
¢ Type of data:
¢ Unstructured data (Binary Data)
¢ Structured data (Metadata, configuration data)
¢ Main purpose of API Management
¢ AuthN/AuthZ for accessing the data stored in the platform
¢ Track API usage
¢ Integrate with other business departments
Seite 35

Admin
App
Analytics
App 1
Analytics
App 2
Landing
Zone Data Pipeline /
Data Ingestion
Metadata
Store
Content
Store
Rawdata
Store
Big Data Platform
DataLake
Data Access
APIexposure
APIexposure
APIexposure
Streaming & Stream processing
DataSources(unstructured,
structured)
DataSources
(event-based) Presenta
tion &
Analytics
Analytics
App 3
API exposure
Decoding &
ProcessingJava
36

Example flow for accessing data from an arbitrary client
Data
Service
Client
OpenLDAP
Server
User and
group data
OpenID
Connect Token
Call Out to
Upstream
Svc
Retriev file
reference
Retrieve file
Query file by
criteria
AuthN:
• API Key
• OpenID Connect
AuthZ:
• LDAP groups (API Resource-level protection)
Seite 37

Development approach
¢ APIs are developed using an API design-first approach
¢ API contracts are published to Kong Developer portal
¢ API Backend services are developed in Spring Boot
¢ Build and deployment is done using Jenkins
¢ Checkout and Build service
¢ API artifacts are managed using decK
Seite 38

Flexible, hybrid API-led software architectures with Kong

More Related Content

What's hot (20)

Similar to Flexible, hybrid API-led software architectures with Kong (20)

More from Sven Bernhardt (20)

Recently uploaded (20)

Flexible, hybrid API-led software architectures with Kong