Login/Register
Zuul Deployment in Kubernetes
Asked Answered
Solved kubernetesmicroservicesnetflix-zuulapi-gateway
E

1

14

This is my first time trying to deploy a microservices architecture into Kubernetes. At the beginning, I was considering to use Ambassador as my API Gateway. I also have an authentication service which validates users and generates a JWT token, however, I need to validate this token every time a service is called. This represents an overload problem (since every time the API Gateway receives traffic it will go to this external authentication service to validate the JWT token) and Ambassador does not have an option to do this filtering without the use of the external service.

Using the Zuul Gateway seems like the best option in this case, since it allows me to validate the JWT token inside the gateway (not through an external service like Ambassador). However, I'm not sure how Zuul is going to work if I deploy it in Kubernetes since, as I understand, Zuul requires to have the address of the service discovery (like Eureka).

if I deploy Zuul in my Kubernetes cluster, then how it will be able to locate my services?

Locally, for example, there is no problem since I was using Eureka before, and I knew its address. Also, I don't think having Eureka deployed in Kubernetes will be a good idea, since it will be redundant.

If it is not possible to do it with Zuul, is there another API Gateway or approach where I can validate tokens using the Gateway instead of relying on an external authentication service like Ambassador does?

Thank you.

Ellon answered 8/2, 2019 at 19:8 Comment(1)
Some info:#49817576Absorbance
E
24

In kubernetes you already have "discovery" service which is kubernetes-service. It locates pods and serves as load balancer for them.

Lets say you have Zuul configuration like this:

zuul:
  routes:
    books-service:
      path: /books/**
      serviceId: books-service

which routes requests matching /books/** to the service books-service. Usually you have an Eureka which gives you real address of books-service, but not now.

And this is where Ribbon can help you - it allows you to manually tune routing after Zuul has matched it's request. So you need to add this to configuration:

books-service.ribbon.listOfServers: "http://books:8080"

and after Zuul had found serviceId (books-service) it will route the request to books:8080

And books:8080 is just a kubernetes-service:

kind: Service
apiVersion: v1
metadata:
  name: books
spec:
  selector:
    app: spring-books-service
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 9376

You can say its a load balancer that takes traffic from :8080 and redirects it to pods with label app: spring-books-service.

All you have to do next is to assign labels to pods (via deployments for example)

Btw, you can configure Ribbon like this in any app and kubernetes will locate all your apps (pods) with its services so you dont need any discovery service at all! And since k8s-services are much more reliable than Eureka, you can simply remove it.

Eternize answered 8/2, 2019 at 19:42 Comment(2)
Is this books-service.ribbon.listOfServers: "http://books:8080" config should go to the app which is calling the service through feign client ?Sedgemoor
@AyeshmanthaPerera since Ribbon is a client-side LB, that client (in this case, Zuul) should know list of servers. Zuul supports Ribbon to automatically route requests. And both Feign and RestTemplate also support Ribbon. see this questionEternize

© 2022 - 2024 — McMap. All rights reserved.