API Manage with Google ESP + Google Endpoints + Ingress in Kubernetes

API MANAGEMENT

WHAT IS EXTENSIBLE SERVICE PROXY (ESP)?

WHAT IS GOOGLE CLOUD ENDPOINT SERVICE ?

Ref : https://cloud.google.com/endpoints/docs/openapi/architecture-overview

MANAGE HELLO-WORLD APP WITH GOOGLE ENDPOINTS

hello-world API management

If your cluster runs on google cloud platform, you can refer to this descriptive tutorial from Google.

swd

First, we need a cluster. I have created my test Kubernetes environment on top of Amazon Web Services EC2 servers using KOPs. Refer this to be familiar with setting up a Kubernetes cluster in AWS.

Then install the required software as described in this tutorial.

CONFIGURING ENDPOINTS

gcloud endpoints services deploy hello-world-open-api.yaml

You have to redeploy hello-world-open-api.yaml file when you make changes to that file. Once completed you will get a service configuration ID and the service name as,

Service Configuration [2018–07–20r0] uploaded for service [hello-world.endpoints.PROJECT-ID.cloud.goog]
Google endpoint console

DEPLOY BACK-END & SETUP SERVICE CREDENTIALS

Create new service account

Navigate to Service Accounts in GCP Console and create a new Service Account. Then rename the downloaded credential json file as service-account-creds.json .

Then create a Kubernetes secret referring service-account-creds.json .

kubectl create secret generic service-account-creds \
--from-file=service-account-creds.json

Then update --service and --version ,

args: [ 
"--http_port", "8080",
"--backend", "hello-world:80",
"--service", "hello-world.endpoints.PROJECT-ID.cloud.goog", "--version", "2018-07-18r1",
"--service_account_key", "/etc/nginx/creds/service-account-creds.json"
]

Deploy the Kubernetes deployment executing,

kubectl create -f gcp-endpoint-deployment.yaml

Create Kubernetes services executing,

kubectl create -f gcp-endpoint-service.yaml

Navigate to GCP API & Service console and create a new API key to manage api.

Check the service with API Key,

curl -X GET 'http://host/api/?key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

You will get a response when key is valid, otherwise you get a GCP endpoint error which manage your API with unnecessary traffic.

{
"code": 3,
"message": "API key not valid. Please pass a valid API key.",
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "service_control"
}
]
}

TRAFFIC ROUTING WITH INGRESS CONTROLLER & API MANAGEMENT WITH GCP ESP + ENDPOINTS AS A SIDECAR

When we want to achieve API management as well as securing internal services, we can use the same approach (use of Kubernetes Ingress Controller) along with Google Extensible Service Proxy (ESP) as a sidecar on each exposed service POD.

Request routing with API manage with ESP

Please refer the previous guidelines when setting up Google Endpoint, service accounts, and API keys.

Here I have used same application with a slight modification of response message as Application A and Application B. So I am referring the same hello-world-open-api.yaml as the application endpoint set up since both applications refers the same endpoint configurations. You can have different Google Endpoints with your apps.

Create routing rules on ISTIO layer executing,

istioctl create -f routing-istio-ingress-route-rules.yaml

Deploy Kubernetes deployments executing,

kubectl create -f routing-istio-ingress-deployment.yaml

Create services executing,

kubectl create -f outing-istio-ingress-service.yaml

Create ingress controller executing,

kubectl create -f routing-istio-ingress-controller.yaml

Check services by executing,

curl -X GET \
'http://HOST/a/api/?key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
curl -X GET \
'http://HOST/b/api/?key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

References :

zero-to

hands on anything cool

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store