GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jeroenr → api-gateway

jeroenr / api-gateway

Licence: other
Api Gateway for a microservices deployment

Programming Languages

scala
5932 projects

Labels

dockerkubernetesmicroservicesmicroserviceapi-gatewaymicroservices-architectureapi-serviceservice-registrykubernetes-api

Projects that are alternatives of or similar to api-gateway

node-carotte-amqp
An amqplib wrapper for microservices
Stars: ✭ 27 (-12.9%)
Mutual labels:  microservice, microservices-architecture
Dubbo Go Pixiu
Based on the proxy gateway service of dubbo-go, it solves the problem that the external protocol calls the internal Dubbo cluster. At present, it supports HTTP and gRPC[developing].
Stars: ✭ 124 (+300%)
Mutual labels:  microservice, api-gateway
Microservices Architecture Guidelines
Designing a Microservices Architecture
Stars: ✭ 86 (+177.42%)
Mutual labels:  microservice, microservices-architecture
Devis
A microservices framework for Node.js
Stars: ✭ 72 (+132.26%)
Mutual labels:  microservice, microservices-architecture
Express Gateway
A microservices API Gateway built on top of Express.js
Stars: ✭ 2,583 (+8232.26%)
Mutual labels:  microservice, api-gateway
Hands On Microservices With Python
Hands-on Microservices with Python [ video], published by Packt
Stars: ✭ 73 (+135.48%)
Mutual labels:  microservice, microservices-architecture
Php Ddd Example
🐘🎯 Hexagonal Architecture + DDD + CQRS in PHP using Symfony 5
Stars: ✭ 1,960 (+6222.58%)
Mutual labels:  microservice, microservices-architecture
Altair
Lightweight and Robust API Gateway written in Go
Stars: ✭ 34 (+9.68%)
Mutual labels:  microservice, api-gateway
Tenso
Tenso is an HTTP REST API framework
Stars: ✭ 167 (+438.71%)
Mutual labels:  microservice, api-gateway
Tree Gateway
This is a full featured and free API Gateway
Stars: ✭ 160 (+416.13%)
Mutual labels:  microservice, api-gateway
Microservices Prototype
Stars: ✭ 72 (+132.26%)
Mutual labels:  microservice, microservices-architecture
serverless-node-sequelize-rds-rest-api
Serverless rest api application with Node.js to perform simple CRUD operation using MYSQL database hosted on AWS RDS with Sequelize ORM
Stars: ✭ 43 (+38.71%)
Mutual labels:  api-gateway, microservices-architecture
Microservices Example
Example of a microservices architecture on the modern stack of Java technologies
Stars: ✭ 66 (+112.9%)
Mutual labels:  microservice, microservices-architecture
Spring Boot Microservices
This repo is part of a tutorial about writing microservices using Spring Boot
Stars: ✭ 79 (+154.84%)
Mutual labels:  microservice, microservices-architecture
Up
Up focuses on deploying "vanilla" HTTP servers so there's nothing new to learn, just develop with your favorite existing frameworks such as Express, Koa, Django, Golang net/http or others.
Stars: ✭ 8,439 (+27122.58%)
Mutual labels:  microservice, api-gateway
Barong
Barong auth server
Stars: ✭ 100 (+222.58%)
Mutual labels:  microservice, microservices-architecture
Fusio
Open source API management platform
Stars: ✭ 946 (+2951.61%)
Mutual labels:  microservice, api-gateway
Practical Clean Ddd
A simplified and effortless approach to get started with Domain-driven Design, Clean Architecture, CQRS, and Microservices patterns
Stars: ✭ 28 (-9.68%)
Mutual labels:  microservice, microservices-architecture
Go Micro Boilerplate
The boilerplate of the GoLang application with a clear microservices architecture.
Stars: ✭ 147 (+374.19%)
Mutual labels:  microservice, microservices-architecture
Krakend Ce
KrakenD Community Edition. Make your binary of KrakenD API Gateway
Stars: ✭ 245 (+690.32%)
Mutual labels:  microservice, api-gateway
View All Similar Projects ➔

Api Gateway Build Status License

The Api Gateway is the entry point of a microservice infrastructure (see api gateway pattern). The main problem it solves is "How do the clients of a Microservices-based application access the individual services?". It handles the first layer of authentication and routes the incoming requests (like a reverse proxy) to the corresponding service, based on the mapping in its service registry.

Contributions

This is a young but very active project and absolutely needs your help. Good ways to contribute include:

  • Raising bugs and feature requests
  • Fixing bugs
  • Improving the performance
  • Adding to the documentation

Requirements

  • Sbt 0.13.*

Running

$ sbt run

By default this will start the gateway interface on http://localhost:8080/api and the management interface on http://localhost:8081

Configuration

Most of the configurable options are available as environment variables. Below is a list with default values:

  • API_PREFIX=api
  • AUTH_HOST=localhost
  • AUTH_PORT=7070
  • K8S_API_HOST=localhost
  • K8S_API_PORT=8001
  • K8S_API_TOKEN=

For a Kubernetes configuration example see the sample descriptor file.

Pulling the docker image

$ docker pull jeroenrosenberg/api-gateway

Building a docker image

This project is using the Docker plugin of the Sbt Native Packager to generate a docker image using:

$ sbt docker:publishLocal

Then you can simply publish your docker image to your favorite docker repository. For instance for the Google Container Registry:

$ docker tag com.github.jeroenr/api-gateway eu.gcr.io/my-docker-registry/api-gateway
$ gcloud docker push eu.gcr.io/my-docker-registry/api-gateway

Deploying in Kubernetes

Since the Api gateway currently relies on the Kubernetes API for service discovery the first thing we would need is an access token. The easiest way to do this would be through service accounts. After that you need descriptor files for the Kubernetes deployment and service. Below is a quick walkthrough the steps. I assume you're familiar with Kubernetes' terminology and the kubectl commandline tool.

Create service account

The steps below will create a service account and associated secret to be used by the Api gateway pod.

$ kubectl create serviceaccount my-service-account
serviceaccount "my-service-account" created

Great, now a new service account has been created and under the hood also an associated secret which we can retrieve by:

$ kubectl get serviceaccounts my-service-account -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  # ...
secrets:
- name: my-service-account-token-1yvwg

As you can see in our example the generated secret is called "my-service-account-token-1yvwg". Depending on where you pull your docker image from you might also need to create another secret with credentials for the docker registry to be used as an image pull secret.

Now we can setup our K8s deployment and service descriptor. Here's an example config. Important to configure is:

  • The container image path (e.g. eu.gcr.io/my-docker-registry/api-gateway)
  • The image pull secret for the container registry (e.g. my-docker-registry-secret)
  • The secretKeyRef.name for the K8S_API_TOKEN env variable (e.g. my-service-account-token-1yvwg)
  • The AUTH_HOST and AUTH_PORT env variables to point to your backing authentication service

As a final step we can now create the k8s deployment and service:

$ kubectl apply -f k8s-descriptor.yaml
deployment "api-gateway" created
service "api-gateway-svc" created

Cool, now we're running the Api gateway in Kubernetes!

Deploying on other platforms

Currently the Api gateway relies on the services endpoint from the Kubernetes API to poll for service updates (see Automatic Service discovery section). If you want to deploy the Api gateway on a different platform you would have to:

  • Mock this endpoint and manually update the service registry (see (#manually-updating-the-service-registry). You could also rely on something like Consul and write a sync script.
  • Make a PR to add a flag in the configuration to disable automatic service discovery
  • Make a PR to support different pluggable service discovery modules
  • The k8s namespaces to watch for service updates. This can be configured through JVM params (e.g. -Dintegration.kubernetes.namespaces.0=my-env to only handle service updates on the 'my-env' namespace)

Features

Authentication

As mentioned the Api gateway is the first layer of the authentication flow. If a request is made to a secured route (i.e. a route which maps to a service with the flag "secured" set) it will request a JWT access token from an authentication service (e.g. https://github.com/cupenya/auth-service which retrieves a user claim based on a reference token in a domain cookie and generates a JWT token for this claim). If a valid JWT token is returned the call is forwarded to the corresponding service and the JWT token is passed in the request header as an Oauth bearer token for further authorization to be done by the backing service.

If no valid JWT token is returned the error response will be forwarded to the caller. This could happen when for instance the user session has expired. The user could then "login" again using the "/auth/login" endpoint as follows:

$ curl -X POST \
  http://localhost:8080/auth/login \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json'
  -d '{
    "username": "my-user",
    "password": "my-pass"
}'

This call is just forwarded to the authentication service.

Here's a Postman collection with all available Api calls

Automatic Service discovery

The Api gateway supports service discovery through the Kubernetes API using the k8s-svc-discovery module. It's polling the /api/v1/services endpoint for service and updates the routing / mapping based on the service metadata.

Manually updating the service registry

There's also a dashboard Api which can be used to manually update the service registry. For instance to add a service:

$ curl -X POST \
  http://localhost:8081/services \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json'
  -d '{
	"name": "my-user-service",
	"host": "localhost",
	"resource": "users",
	"port": 9090,
	"secured": false
}'

This will add a reverse proxy mapping from http://{api-gateway-host}:{api-gateway-port}/{api-gateway-prefix}/users to http://localhost:9090/users. If no 'port' is specified it will default to 80. The flag 'secured' determines whether the Api gateway performs authentication checks and passes on the authentication info to the corresponding service. See Authentication section for more information.

Here's a Postman collection with all available Api calls

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].