Imagine, for a moment, that you are in charge of a large chain of home improvement stores. You have hundreds of stores and tens of thousands of employees spread across 12 countries. You receive tens of thousands of orders every single day spread over 100,000 requests every single second. You’ve got four different IT platforms, all on Kubernetes. Latency is unstable. Debugging is time-consuming. Developers are frustrated.
And then the pandemic happens, sending the whole world online.
That’s the situation home improvement and gardening retailer Leroy Merlin found themselves in in 2020. Like so many companies, they knew they needed to face that “digital transformation” buzzword before they lost their developers to The Great Resignation. And in this case, that meant integrating an API gateway into their processes and architecture.
It’s a problem you may also be facing.
Why Consider an API Gateway Model?
An API gateway serves as an intermediary between clients and backend services, streamlining request routing, enforcing security measures, managing APIs and microservices, and optimizing the communication flow within complex software architectures. That’s a mouthful, but the important thing is that it provides a centralized and unified way for developers to interact with the backend services that power your applications and infrastructure.
An API gateway also provides several other features that an enterprise with significant infrastructure needs.
Traffic Management
Whether you have just a few lightly trafficked services or you’re dealing with 100K requests per second, it’s obviously crucial to make sure those requests are routed properly, but that involves much more than simply sending them to the right service.
The API gateway has to provide efficient routing, of course, but it also has to provide load balancing; it would be simple for a single service to not just bog down and stop responding, but also bring the entire system to a standstill, particularly during traffic spikes. The API gateway has to handle these spikes gracefully.
To do all this, the API gateway has to optimize service communication, making sure that data and requests take the most efficient paths through the system.
Authentication and Authorization
Just because an API gateway makes it possible to more easily access services doesn't mean that anyone and everyone should be able to access every service within the system. An API gateway needs to ensure that non-public resources can only be accessed by those to whom they should be available, whether that’s a user or another service.
To make this happen, you need to be able to verify digital identity through the most appropriate means. In some cases that means issuing, managing, and verifying tokens. In others, it may mean implementing multi-factor authentication (MFA). The API gateway also has to ensure that that particular identity actually has the privileges it’s trying to exercise so that sensitive areas are reserved for those with the right privileges, keeping customer data and critical services safe and sound. In other words, you need to make sure you’re wrapping API endpoints in layers of security that deter would-be digital trespassers.
Caching and Rate Limiting
Speed is the lifeblood of the digital experience. For example, Leroy Merlin’s site required multiple service calls, so to ensure it felt responsive, each call could take no more than 20ms. The API gateway, with its caching capabilities, stores copies of frequently requested data so that future requests can be fulfilled faster. It can also use smart caching strategies, anticipating the customer’s next move and ensuring the most relevant and up-to-date information is always at the ready, minimizing wait times.
Sometimes, however, the API gateway has to limit requests from a specific user or service in order to prevent overuse and preserve resources for the rest of the system.
Log Management
In modern applications and infrastructure, every action, every request, and every error leaves a trace in the form of logs. The API gateway acts as the central library for these vast volumes of data, collecting and organizing them so that they can be easily accessed, studied, and acted upon.
But a library is only as good as its librarians. By integrating with external monitoring—for example, Leroy Merlin needed a connector to send their logs to Datadog—the API gateway ensures that the logs are not just collected but analyzed, turning raw data into actionable insights that can guide the evolution of digital services.
Of course, this is probably most useful when things go awry, as they inevitably do. In this case, the collected logs become the map that leads developers and operators back to the source of the problem.
Finally, in the realm of digital commerce, compliance with laws and regulations is not just a necessity but a cornerstone of trust. Through meticulous log management, the API Gateway helps safeguard customer data and maintain the integrity of digital operations.
Certificate Management
Of course, it’s impossible to talk about digital security without talking about SSL/TLS for end-to-end encryption. The API gateway not only handles encryption, but also tackles certificate renewal, not just taking care of the actual renewal, but ensuring that all servers and services in the system received the new certificates—preferably without having to perform a full reload, resulting in the loss of current sessions.
For years functions like this have been handled by the Electronic Frontier Foundation’s Certbot, but more modern applications have been using open source projects like Traefik.
All of these capabilities can be helpful for any business, Leroy Merlin included. But API gateways that are aligned to modern operations, namely GitOps, are more than just helpful. They're transformative.
Why Choose a GitOps-Driven API Gateway
While the capabilities of a traditional API gateways bring a number of benefits, many were created before the cloud native and operations revolutions. To maximize the benefits of switching to an API gateway model, however, pairing a GitOps strategy with a GitOps-driven API gateway is a must.
GitOps is a set of practices that uses Git as the single source of truth for declarative infrastructure and applications. Essentially, it applies the principles of version control, collaboration, compliance, and CI/CD (Continuous Integration/Continuous Deployment) automation to infrastructure and application management.
Everything in the system—infrastructure, networking, applications—is described in a declarative manner. This means you specify the desired state of your system, and automated processes work to maintain that state. When you want to make a change, you change that stored configuration and commit the change to the repository, and the system makes the change when it’s merged. The process enables code review, automated testing, and collaboration before changes are merged and applied, which improves the stability and security of the system.
This way, the actual state of the system matches the declared state in the repository. If discrepancies arise, the system can automatically correct itself, or alert an operator to intervene.
This process provides a number of benefits for developers.
Automation
Because changes are applied automatically, developers can roll out a new configuration by simply making a single change, and as soon as it’s approved and applied, it can be deployed everywhere it needs to go. This way developers can make changes quickly without risking the inevitable human error that comes with manual changes.
That enables developers to work more quickly and confidently, knowing their changes can be tested and reviewed before they roll out, and that every change is tracked, versioned, and most of all, reversible.
Easy Roll Backs
If a problem does develop, recovery from failures becomes a streamlined process with GitOps. Instead of frantic fixes, teams can methodically revert to a stable state, analyze what went wrong, and apply lessons learned. All of this lets developers keep downtime to a bare minimum.
Knowing they can easily undo changes encourages experimentation and innovation, so developers can try new features and approaches with the safety net of easy rollbacks, fostering a culture of innovation.
Increased Reliability & Repeatability
Consistency is key to reliability. GitOps ensures that every environment, from development to production, is a mirror image, eliminating the "it works on my machine" syndrome and bolstering developer confidence in every release.
It also gives developers the ability to reproduce environments and deployments at the push of a button, which means the power to quickly spin up new instances, test environments, or recover from (the inevitable) disasters. Cloning existing environments is as simple as cloning a repository and applying the configuration elsewhere.
What’s more, because all of these environments are based on the same images, developers get the standardization that is the foundation of efficiency. GitOps enforces a uniform setup across all infrastructure, simplifying management, reducing complexity, and ensuring that best practices are universally followed.
Better Collaboration
GitOps provides a common framework for operations, establishing a unified language and approach that streamlines workflows and harmonizes efforts across the developer landscape.
It creates a collaborative environment where developers, operations, and even security teams work from the same playbook, enhancing communication and reducing friction. Every change is tracked, every decision logged, making sure all team members are on the same page, fostering trust and helping create smoother operations.
With infrastructure and configuration codified, contributing changes becomes as simple as contributing code, lowering barriers for team members to suggest improvements or fixes, and the GitOps workflow encourages dialogue across departments, making sure that everyone's voice is heard and that decisions are made with a holistic view of the organization's objectives.
Putting it all together
By opting for a modern, GitOps-based API gateway (in this case, Traefik’s API Gateway), Leroy Merlin solved a number of issues. This approach creates significant benefits that improve workflows and productivity, streamline deployment processes, and make them more automated, consistent, and error-free. All this drastically reduces the time and effort Leroy Merlin and companies like them need for manual configurations and deployments.
The clear, version-controlled history of infrastructure changes improves collaboration between team members, allowing for easier code reviews, quicker onboarding of new developers, and a better development environment. Additionally, the ability to quickly rollback to previous states in case of errors or unforeseen issues significantly lowers the risk associated with new releases, fostering an environment where innovation and experimentation are encouraged without the fear of catastrophic failures.
All of this can not only boost the morale and efficiency of your development team, but also accelerate the pace of digital innovation, just as it did for Leroy Merlin, ensuring they could rapidly respond to market demands and maintain a competitive edge in the retail space.
This is a companion discussion topic for the original entry at https://traefik.io/blog/how-modern-api-gateways-make-devops-engineers-more-efficient