Is it possible to have multiple instance of Zuul api gateway to run in a single application and manage the traffic using round-Robbin?
Yes, it is possible to have multiple instances of the API Gateway but these instances should be behind an internet-facing load balancer. This load balancer would be responsible for routing requests to an appropriate instance of the API gateway (based on a round-robin or any other routing strategy).
Related
One option to make Spring Cloud Gateway highly available is to have multiple instances backed by load balancer.
Is there a option to make cluster of multiple API gateway instances?
How will the load balancing works perfectly in case if API Gateways are not aware of each other , instead just do load balancing at each API gateway instance level
So I have a very small micro service architecture built using Eureka service discovery. The problem I am facing right now is that I only want my service endpoints to accept request from my api gateway, as it is right now you can just make a request straight to the service and hit that service endpoint. Is this a problem Kubernetes would solve? Or Is there a more practical way of doing this?
You should be using network policies to control the traffic between the services.
In kubernetes the services you want to expose internally use service type ClusterIP. This is default anyway which means services are accessible within cluster only. your api gateway is exposed as load balancer service type which then takes traffic from external world and talks to services internally. Depending on your cloud provider you can use firewall in front of load balancer since you can compromise security by simply exposing load balancer. e.g. azure kubernetes you could use application gateway. You can also replace the api gateway with ingress controller. it's very powerful reverse proxy controller which you can expose directly to traffic and that would talk to your services internally.
You really need to understand concepts so i would recommend following links
https://kubernetes.io/docs/concepts/services-networking/service/
https://blog.getambassador.io/kubernetes-ingress-nodeport-load-balancers-and-ingress-controllers-6e29f1c44f2d
Both Zuul and Ribbon can be used for load balancing. But in which case should we prefer Zuul over Ribbon and vice versa?
By default Zuul load balancer using the ZoneAwareLoadBalancer from Ribbon. So there is nothing like choosing between Zuul and Ribbon for Load-Balancing, it's basically Ribbon who is involved in Load-Balancing. check out Zuul load-balancing
As Ribbon is a client-side load balancer module and is integrated to many http client modules. As an example, Feign and Load-balanced RestTemplate support Ribbon. do check Ribbon's working with load balancer
Regarding Zuul, there is a RibbonRoutingFilter that routes your request to an actual service instance. RibbonRoutingFilter is using Ribbon to choose a server from the list that is given from your configuration or from Eureka. So if you want to use Zuul as a load-balanced reverse proxy, Zuul needs Ribbon.
Zuul provides only the routing part of the Gateway pattern. But If you are using replicated micro-services the Ribbon come to the action. Ribbon default use round robin method to distribute the message to each replica.
EX: Suppose there is 3 clients come make requests. According to the figure, client's requests come to zuul and ribbon distribute 1st client to replica1 and 2nd to replica 2nd and 3rd to replica 3rd likewise. That mean Load balancing the request.
I am new to spring cloud and going through some examples and material available online to make myself comfortable. However, while reading about ZUUL, some sites configured the routes in ZUUL's application.yml and some other sites mentioned that the requests will be forwarded to the respective microservice and no need to explicitly configure the routes. I was bit confused. For ex, in the below scenario what is the approach, to configure routes or to let zuul route automatically?
Let's say i have few micro services running and all of them along with ZUUL are registered to Eureka.
I have a front end which is running on a different port on the same server and needs to interact with the above micro services.
I also have few other applications (Running entirely on different servers) which need to interact with the above micro services for fetching the data.
TIA..
Did you use Zuul (which know microservices address through Eureka) to forward request between your micro-services ? if it's the case, you are using Server-Side Load Balancing pattern.
If you use a discovery service (Eureka in your case), i think the best approach it's to use Client-Side load balancing pattern for all inter-services requests (inside your system). (you can use Ribbon or RestTemplate for that).
You can use Zuul as a unified front door to your system, which allows a browser, mobile app or other user interface to consume services from multiple hosts without managing cross-origin resource sharing (CORS) and authentication for each one.
For example : a client (mobile app) request for all picture comments. The client dont need to know the Comments-service address. Only proxy address needed and Zuul will forward the request to the right service. You can do this in application.yml/.properties by
zuul.routes.comments.path=/comments/**
zuul.routes.comments.service-id=comments
The request will be GET www.myproxy.mycompany.com/comments. Dont forget the service name in your application.yml/.properties is very important (spring.application.name). It's the service-id in Zuul routes (which the same identifier in Eureka).
For some reason, your system need to request external services (as you mentionned in the 3th note). In this case, your external services are not a discovery client, Zuul can't look for the service-id from Eureka. you use routes as
zuul.routes.currencyprovider.path=/currencies/**
zuul.routes.currencyprovider.url=https://currencies.net/
with this route, all /currencies/** requests from your services THROUGH Zuul will be done.
with this approach you have one door for all your system. This is API Gateway pattern.
Sometimes your system need to aggregate multiple results from different services to response to client request. You can do this in Proxy (Zuul in your case).
I have a Rest service running behind a Amazon ELB . The ELB has SSL enbaled and it offloads the SSL and then calls the backend service using http.
Is there any way I can only allow http calls to the spring restful service
coming from the load balancer and any other calls directly to the rest service should be blocked ?
Don't allow requests from 0.0.0.0/0 in the instance security group. Only allow traffic from ELB, using the ELB's security group id (sg-xxxxxxxx) instead of an IP address, in the security group rules.