Shulou(Shulou.com)06/01 Report--

Guide: in practical applications, through APIGateway (API Gateway), you can provide protection, unified authentication management, current limit, monitoring and other capabilities for internal services. Developers only need to pay attention to the business logic of internal services. In this article, author Yuan Yi will introduce how to publish Knative services through Aliyun API Gateway and private network SLB, so as to create production-level Knative services.

About Aliyun API Gateway

Aliyun API Gateway provides you with complete API hosting services to help users open their capabilities, services and data to partners in the form of API. They can also be released to the API market for more developers to purchase.

Provide multiple means such as anti-replay, request encryption, identity authentication, rights management and flow control to ensure the security of API and reduce the risk of API opening.

Provide API definition, testing, release, offline and other life cycle management, and generate SDK, API documentation to improve the efficiency of API management and iteration.

Provide convenient monitoring, alarm, analysis, API market and other operation and maintenance tools to reduce API operation and maintenance costs

Publish service binding Istio gateway to private network SLB based on Ali Cloud API gateway

Create a private network SLB and bind the Istio gateway application. You can create a private network SLB directly through the following yaml:

ApiVersion: v1kind: Servicemetadata: annotations: service.beta.kubernetes.io/alicloud-loadbalancer-address-type: "intranet" labels: app: istio-ingressgateway istio: ingressgateway name: istio-ingressgateway-intranet namespace: istio-systemspec: externalTrafficPolicy: Cluster ports:-name: status-port port: 15020 protocol: TCP targetPort: 15020-name: http2 port: 80 protocol: TCP targetPort: 80-name: https port: 443protocol: TCP targetPort: 443name : tls port: 15443 protocol: TCP targetPort: 15443 selector: app: istio-ingressgateway istio: ingressgateway sessionAffinity: None type: LoadBalancer

After the creation is completed, you can log in to the Aliyun CCS console, go to the "routing and workload" menu, and select the istio-system namespace to view the private network SLB information created:

Cdn.com/78bff1a3cc99c8b6c4599b956e29065ba82138de.png ">

Here the private network SLB address is: 192.168.0.23

Create a Knative service

Log in to the Ali Cloud CCS console to create a Knative service.

Here we create the helloworld service, as shown in the figure:

Verify that the service is accessible:

[root@iZbp1c1wa320d487jdm78aZ] # curl-H "Host:helloworld.default.example.com" http://192.168.0.23Hello World! Configure API Gateway

Next, let's move on to how to configure the API gateway to access the Knative Service.

Create grouping

Since API needs a home grouping, we first create a grouping. Log in to Aliyun API Gateway console and open API- > Group Management:

Click "create grouping" and select the shared instance (VPC).

After the creation is completed, we need to enable the public network domain name in the grouping details to access the public network service: you can test by enabling the second-level public network domain name by 1, or set an independent domain name by 2.

Here, we open the public network second-level domain name for test access, as shown in the figure:

Create VPC Authorization

Since we are accessing services within K8s VPC, we need to create a VPC authorization. Select Open API- > VPC authorization:

Click "create Authorization" to set VPC Id and private network SLB instance Id. Create the knative-test VPC authorization here.

Create an application

Create an application for Aliyun APP authentication. The authentication requires that when the requestor calls the API, it needs to authenticate the APP. Here we create the knative application.

Create API

Log in to Ali Cloud API gateway console, open the API- > API list, and select * * create API * *. For more information on creating an API, please see: create an API.

Next we enter [basic Information]. Select security authentication: Aliyun APP;AppCode certification can be selected: allow AppCode authentication (Header & Query). For more information on AppCode authentication, please see: call API using simple authentication (AppCode).

Click next to define the API request. The protocol can choose HTTP and HTTPS, and the request Path can be set /.

Click next to define the API backend service. We set the backend service type to VPC, set the VPC authorization name, etc.

Set constant parameters, where the backend parameter name: Host, parameter value: helloworld.default.example.com, parameter location: Header.

Click next to complete the creation.

Publish API

After the creation is complete, you can publish directly.

Select online and click [publish].

Verify API

After the release is complete, we can see the current API: online (running) in the API list.

Before calling the API test, we need to authorize the API, enter the API details, and select "Authorization Information".

Click "add Authorization", and here we select the knative application created above for authorization.

Next, we verify the API. Click * * debug API * * in the API details, and click * * send request * * to see the test result information:

At this point, we have published the Knative service through the Aliyun API gateway.

Zhengzhou Infertility Hospital: http://jbk.39.net/yiyuanzaixian/zztjyy/

[] Summary

Through the above introduction, I believe you have a preliminary understanding of how to publish Knative services through the Aliyun API gateway. In actual production, our requirements for access security, flow control, monitoring and operation and maintenance of Serverless services are not necessary, and we can provide escort capability for Knative services through Aliyun API gateway. You can configure API services through Aliyun API Gateway:

Flow control

Access authentication

Log monitoring

API Lifecycle Management: testing, release, offline

It is through these capabilities that Aliyun API Gateway provides production-level services for Knative. Students who are interested are welcome to communicate with us.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.