-
Notifications
You must be signed in to change notification settings - Fork 0
Home
atiqbitstream edited this page Mar 10, 2025
·
1 revision
Welcome to the MicroDeployCE wiki!
- Deploy multiple microservices using IBM Cloud Code Engine
- Understand containerized microservices deployment
- Set up an API Gateway to route traffic between services
We'll deploy two microservices:
- User Service โ Manages user accounts
- Order Service โ Handles customer orders
Each microservice will be a Node.js + Express API.
- Create a directory for the User Service
`mkdir user-service && cd user-service` - Initialize a Node.js project
npm init -y- Install Express
npm install express- Create
server.js
`const express = require("express");
const app = express();
app.get("/users", (req, res) => {
res.json([{ id: 1, name: "John Doe" }, { id: 2, name: "Jane Doe" }]);
});
app.listen(8080, () => console.log("User Service running on port 8080"));- Create a Dockerfile
`FROM node:16
WORKDIR /app
COPY package.json ./
RUN npm install
COPY . .
CMD ["node", "server.js"]- Build and push the container image to IBM Cloud Container Registry (ICR)
ibmcloud cr login
docker build -t us.icr.io/mycodeengine/user-service:latest .
docker push us.icr.io/mycodeengine/user-service:latest-
Deploy the User Service on Code Engine
sh
CopyEdit
ibmcloud ce application create --name user-service --image us.icr.io/mycodeengine/user-service:latest -
Get the public URL and test the service
ibmcloud ce application get --name user-service --output urlFollow the same steps as above but replace "user-service" with "order-service".
The Order Service API (server.js):
const express = require("express");
const app = express();
app.get("/orders", (req, res) => {
res.json([{ id: 101, item: "Laptop" }, { id: 102, item: "Phone" }]);
});
app.listen(8080, () => console.log("Order Service running on port 8080"));Once done, build and push the image:
`docker build -t us.icr.io/mycodeengine/order-service:latest .
docker push us.icr.io/mycodeengine/order-service:latestDeploy on IBM Code Engine:
`ibmcloud ce application create --name order-service --image us.icr.io/mycodeengine/order-service:latestWe'll use Kong API Gateway deployed on IBM Cloud Kubernetes Service (IKS) to manage traffic between microservices.
- Deploy Kong API Gateway on IKS
- Route requests from a single public endpoint to User Service and Order Service
- Secure API requests
- Create a Kubernetes cluster on IBM Cloud
ibmcloud ks cluster create classic --name my-iks-cluster๐ Wait for the cluster to be provisioned. You can check its status:
`ibmcloud ks cluster ls- Set up your local environment to use IKS
ibmcloud ks cluster config --cluster my-iks-cluster
kubectl get nodes- Install Helm (if not installed)
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash- Add the Kong Helm repository
helm repo add kong https://charts.konghq.com
helm repo update- Install Kong Gateway on IKS
helm install kong kong/kong --set ingressController.installCRDs=false --set proxy.type=LoadBalancer- Verify Kong is running
kubectl get pods -n default- Get the public IP of Kong Gateway
kubectl get svc kong-kong-proxy๐น Note the EXTERNAL-IP, this will be used as the API Gateway URL.
Now, we will configure Kong to route traffic to User Service and Order Service.
- Add User Service route
curl -i -X POST http://<KONG_EXTERNAL_IP>:8001/services \
--data "name=user-service" \
--data "url=http://<USER_SERVICE_URL>" curl -i -X POST http://<KONG_EXTERNAL_IP>:8001/services/user-service/routes \
--data "paths[]=/users"- Add Order Service route
curl -i -X POST http://<KONG_EXTERNAL_IP>:8001/services \
--data "name=order-service" \
--data "url=http://<ORDER_SERVICE_URL>" curl -i -X POST http://<KONG_EXTERNAL_IP>:8001/services/order-service/routes \
--data "paths[]=/orders"- Check if the User Service is accessible via Kong
curl http://<KONG_EXTERNAL_IP>/users- Check if the Order Service is accessible via Kong
curl http://<KONG_EXTERNAL_IP>/ordersGreat! Now, let's secure our APIs by adding rate limiting and authentication to Kong API Gateway. ๐
- Enable Rate Limiting to prevent abuse
- Implement API Key Authentication for security
To prevent excessive requests, weโll limit each client to 5 requests per minute.
- Access Admin API via
kubectl port-forward:
kubectl port-forward svc/kong-kong-admin 8001:8444- Use
https://and-k(skip SSL verification):
curl -k https://localhost:8001/services- Enable Rate Limiting Plugin on User Service
`curl -i -X POST https://<KONG_EXTERNAL_IP>:8001/services/user-service/plugins \
--data "name=rate-limiting" \
--data "config.minute=5" \
--data "config.policy=local"- Enable Rate Limiting Plugin on Order Service
curl -i -X POST https://<KONG_EXTERNAL_IP>:8001/services/order-service/plugins \
--data "name=rate-limiting" \
--data "config.minute=5" \
--data "config.policy=local"-
Test the Rate Limiting
- Make 5 requests in a row:
for i in {1..5}; do curl -i https://<KONG_EXTERNAL_IP>/users; done- Try one more request (should be blocked):
curl -i https://<KONG_EXTERNAL_IP>/users- The response should be "429 Too Many Requests".
Weโll now require API keys to access services.
- Enable Key Authentication Plugin for User Service
curl -k -i -X POST https://<KONG_EXTERNAL_IP>:8001/services/user-service/plugins \
--data "name=key-auth"- Enable Key Authentication Plugin for Order Service
`curl -k -i -X POST https://<KONG_EXTERNAL_IP>:8001/services/order-service/plugins \
--data "name=key-auth"- Create an API Key for a Client
curl -k -i -X POST https://<KONG_EXTERNAL_IP>:8001/consumers/ \
--data "username=myclient" curl -i -X POST http://<KONG_EXTERNAL_IP>:8001/consumers/myclient/key-authSave the returned API key. ๐
- Test API without API Key (Should be blocked)
curl -k -i https://<KONG_EXTERNAL_IP>/usersYou should get "401 Unauthorized".
- Test API with API Key (Should work)
curl -k -i -H "apikey: YOUR_GENERATED_API_KEY" http://<KONG_EXTERNAL_IP>/users