5 Engaging throttling, monitoring, and access control

In chapter 3, we introduced the API Gateway architectural pattern and discussed its applicability in a microservices deployment. Zuul is an open source API gateway developed by Netflix to proxy all its microservices. Zuul provides dynamic routing, monitoring, resiliency, security, and more. It acts as the front door to Netflix’s server infrastructure, handling traffic from Netflix users around the globe.

We also discussed in chapter 3 how to enforce security based on OAuth 2.0 for your microservices, using Zuul as the API gateway. In this chapter, we extend those samples to use Zuul to handle throttling and apply access-control policies, and we also discuss the monitoring aspects of a microservices deployment.

5.1 Throttling at the API gateway with Zuul

In this section, we discuss the types of threats a typical microservices deployment is exposed to by allowing too many requests within a particular time frame, and why it is important to throttle requests. Take a look at figure 5.1 to refresh your memory from chapter 3 on the participants of an API Gateway architecture pattern.

5.1.1 Quota-based throttling for applications

5.1.2 Fair usage policy for users

5.1.3 Applying quota-based throttling to the Order Processing microservice

5.1.4 Maximum handling capacity of a microservice

5.1.5 Operation-level throttling

5.1.6 Throttling the OAuth 2.0 token and authorize endpoints

5.1.7 Privilege-based throttling

5.2 Monitoring and analytics with Prometheus and Grafana

5.2.1 Monitoring the Order Processing microservice

5.2.2 Behind the scenes of using Prometheus for monitoring

5.3 Enforcing access-control policies at the API gateway with Open Policy Agent

5.3.1 Running OPA as a Docker container

5.3.2 Feeding the OPA engine with data

5.3.3 Feeding the OPA engine with access-control policies

5.3.4 Evaluating OPA policies

5.3.5 Next steps in using OPA