Best-Practices-for-Hosting-an-API-on-Kubernetes

Best Practices for Hosting an API on Kubernetes

Posted in

APIs are the lifeblood of Kubernetes. Every command that happens inside a Kubernetes cluster is implemented using an API. The kubectl tool is basically a wrapper for Kubernetes API, which automatically translates commands. This makes Kubernetes an ideal choice if you’re looking to launch, host, and serve an API.

For one thing, Kubernetes APIs are truly RESTful. This means you won’t waste precious time trying to understand the style. It also uses traditional CRUD patterns, so you can focus more on using APIs than setting them up. There are also tons of tools for the Kubernetes API, making integration easy and efficient.

Just because hosting an API on Kubernetes is easy and intuitive doesn’t mean there aren’t some best practices you can follow to ensure everything runs smoothly. No matter what level of experience you have with Kubernetes, there are always things to learn and ways to streamline your workflow. With that in mind, we’ve put together some Kubernetes API best practices for you to follow and think about. Whether you’re brand new to Kubernetes or are already an expert, here are some best practices for Kubernetes APIs!

Kubernetes API Best Practices

Start With The Tutorials

Let’s start at the beginning, in case you’re brand new to using Kubernetes API. Kubernetes’ documentation offers extensive tutorials to start using Kubernetes. Following along with the tutorials will help you get familiar with Kubernetes’ structures, commands, and functions, as well as containers in general. They’ll also help you get acquainted with some common Kubernetes API tools like kubectl or minikube, where you’ll learn how to create clusters, set up deployment apps, and so on.

Understand Kubernetes’ Structure

Since Kubernetes API is truly RESTful, you don’t have to have an in-depth understanding of Kubernetes to use it. It’s still a good idea to know what’s happening inside your Kubernetes cluster, though. This will help you visualize what’s going on with your API when you deploy it with Kubernetes.

Kubernetes is built around nodes. A Kubernetes cluster consists of more than one node, which are controlled by the master node. The master node exposes the API and communicates with the rest of the cluster.

The other three main concepts in Kubernetes are Deployments, Pods, and Services. Deployments are instructions for the master node, which will usually be implemented by separate worker nodes.

Pods are groups of clusters, services, and shared resources. Services are groupings of pods. Pods also create agreements about how services are accessed as well as routing traffic. This is important as pods come and go. Services prevent outages from happening.

Learn the Libraries

One of the main points of deploying APIs with Kubernetes is not having to reinvent the wheel. There are dedicated client libraries for creating and interacting with APIs using Kubernetes for most popular programming languages. Most of these libraries come with thorough documentation and real-world examples, also, so they’re useful to take a look at even if you’re already using Kubernetes for hosting your APIs.

It’s always useful to see code snippets or how other developers use Kubernetes to create APIs. Most of these libraries have healthy communities of other developers using Kubernetes to deploy APIs. These groups could help answer any questions you might encounter.

Keep Your Secrets

Kubernetes has its own way of dealing with sensitive information. This is known as Kubernetes Secrets and is handled with a simple YAML file. Secrets can be accessed via any pod in a cluster using environment variables. Secrets should be encoded using base64 encryption.

To convert your password into base64, input the following into your Terminal:

echo -n <super-secret-passwod> | base64

Then insert the result into a secrets.yml file. The result will look something like this:

---
apiVersion: v1
kind: Secret
metadata:
  name: flaskapi-secrets
type: Opaque
data:
  db_root_password: <Insert your password here>

You can now apply secrets to your cluster by inputting the following into Terminal:

kubectl apply -f secrets.yml

Include Log Rolling

The Kubernetes API server can suck up a lot of resources with its logs. It creates a single line in the log for every request it receives. Depending on the volume of calls your API is fielding, this can quickly consume your hard drive space if you’re not careful!

It’s highly recommended that you sync up your Kubernetes API with a log aggregation service.

Follow The Paths

In Kubernetes, requests are organized using different HTTP requests. All Kubernetes requests begin with one of two prefixes. Core APIs begin with the prefix /api/. Groups of APIs begin with the prefix /apis/.

When hosting APIs on Kubernetes, it’s highly recommended you follow this convention. Individual APIs should be grouped under /api/, and groups should be filed under /apis/.

This naming convention is also convenient for standard API formatting like versioning. A path for an API hosted with Kubernetes might look like this:

/api/v1/<resource-type-name>/<resource-name>
/apis/<api-group>/<api-version>/<resource-type-name>/<resource-name>

Use API Discovery for Necessary Info

As we said earlier, hosting APIs on Kubernetes should be as close to fully RESTful as possible. And, APIs should be fully discoverable from the command prompt or terminal.

To test this out, start off by launching a proxy server using kubectl:

kubectl proxy

This launches a proxy server on port 8001 on your local machine. Now you can begin API discovery from the command line. Using curl to query the /api endpoint might return something like:

$ curl localhost:8001/api
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "10.0.0.1:6443"
    }
  ]
}

Another best practice for hosting APIs on Kubernetes is to use this approach on someone else’s API. This will give you an idea of what kinds of data need to be processed using your API. Then you can learn by following their example.

Follow OpenAPI Specification

Knowing what data an API contains is just the beginning. You’ll also need to know the JSON payload for sending and receiving HTTP requests. These are returned using the OpenAPI specification, formerly known as Swagger.

The Kubernetes API server hosts this data at /openapi/v2.
Each client library has its own OpenAPI documentation, as well. Should something go wrong when using your API, the OpenAPI documentation is a good place to start for troubleshooting.

Use Third-Party Authentication

The Kubernetes API server offers numerous types of built-in authentication. Much of it’s not robust enough for production-scale APIs. Instead, we recommend using third-party authentication, such as OpenID Connect (OIDC) or managed Kubernetes services (like GKE, AKS, or EKS).

We also recommend that once a user’s been authenticated, stick with that same form of authentication for the duration of that session. API security in Kubernetes is a vast topic all on its own. You can read more about it in this thorough article.

Explore Kubernetes API Dashboard

API monitoring is an important part of hosting and maintaining an API, especially if you’re using pay-as-you-go services in any regard. The thought of leaving an API with a fee of .0001 per call unsupervised, only to wake up bankrupt in the morning due to a traffic surge, is enough to keep you awake at night. It’s such an important aspect of API maintenance that API monitoring has become an extensive field in its own right.

The presence of built-in monitoring is reason enough, alone, to consider Kubernetes to host your API. The Kubernetes API dashboard is as thorough and robust as you could hope for. It’s easy to implement, too, as one additional benefit.

Kubernetes API dashboard offers granular data on your entire Kubernetes environment. You can monitor individual clusters to see the resources they’re consuming as well as historical graphs.

Hosting APIs Using Kubernetes: Final Thoughts

Making your API available is one of the main challenges facing API developers. You shouldn’t have to have a dedicated server to make a great API. With container orchestration tools like Kubernetes, you don’t. That’s just one advantage of containerized APIs, as well. Hosting your API from a cloud-based service means you’re not tethered to one physical location. Neither are your products, tools, and services.

Containerized services are also well-loved for their scalability. Hosting your API in the cloud means that you’re ready for anything, no matter what happens. Considering that it’s also quick and easy to host an API on Kubernetes, we recommend you consider it for hosting your APIs if you’re still considering options.