Help Center/ API Gateway/ Best Practices/ Selectively Exposing CCE Workloads
Updated on 2023-04-06 GMT+08:00

Selectively Exposing CCE Workloads

Overview

You can use APIG to selectively expose your workloads and microservices in Cloud Container Engine (CCE). Using APIG to expose containerized applications has the following benefits:

  • You do not need to set elastic IP addresses, and this reduces network bandwidth costs.

    You can set up a VPC channel to access workloads in CCE.

  • You can choose an authentication mode from multiple options to ensure access security.
  • You can configure a request throttling policy to ensure secure access to your backend service.
  • You can configure multiple pods for each workload for load balancing, optimizing resource utilization and increasing system reliability.
Figure 1 Accessing CCE workloads through APIG

Preparing CCE Workloads

Create a cluster and workload in CCE, and add pods and containers to the workload. For more information, see .

View the workload details on the CCE console, and ensure that the service access mode is NodePort or LoadBalancer. For details, see NodePort or LoadBalancer.

  • NodePort access
    Figure 2 Viewing the access port
    Figure 3 Viewing the name of the ECS on which the pod resides

  • LoadBalancer access

Creating a VPC Channel

If the access mode of the target CCE workload is LoadBalancer, skip this procedure and go to Opening an API.

  1. Log in to the management console, select a region in the upper left corner, and choose Service List > Application > API Gateway.
  2. Create a VPC channel.

    1. On the VPC Channels page, click Create Fast Channel.
      Figure 4 VPC channel list
    2. Set the parameters according to the following figure and retain the default values for other parameters.
      For details, see API Gateway User Guide.
      Figure 5 Setting the basic VPC channel information

  3. Add the node that contains the CCE workload you want to access through APIG.

    You can add multiple nodes for load balancing.

  4. Click Finish.

Opening an API

  1. Create an API group, as shown in Figure 6.

    Figure 6 Creating an API group

  2. Create an API.

    For details, see API Gateway User Guide.

    1. Click Create API.
      Figure 7 API list
    2. Set the basic information of the API.
      Figure 8 Setting the basic API information
    3. On the Define API Request page, set the API request information.

    4. On the Define Backend Request page, set the backend request information.

      If the access mode of the target CCE workload is NodePort, select Configure now, and select the VPC channel created in Creating a VPC Channel. If the access mode is LoadBalancer, select Do not configure, and enter the access address and port of the load balancer. This step uses NodePort as an example.

    5. On the Define Response page, enter an example success response.

    6. Click Finish.

  3. Debug the API.

    1. Click Debug.
      Figure 9 API list
    2. Debug the API.
      Figure 10 Debugging the API ("200" indicates that the API is called successfully.)

  4. Publish the API.

    1. Click Publish.
      Figure 11 API list
    2. Enter a description.
      Figure 12 Publishing an API

Calling the API

  1. In the API list, click the API you created, and copy the URL on the displayed API details page.

    1. Go to the API details page.
      Figure 13 Clicking the name of an API
    2. Copy the URL on the displayed API details page.
      Figure 14 Copying the URL

  2. Paste the URL to the address bar of a browser. The following page will be displayed if the API request is successful.

    To limit the number of API calls that will be received within a specific period, create a request throttling policy and bind it to the API. For more information, see API Gateway User Guide.