Skip to main content

Architecture Overview

The KrakenD Playground demonstrates a complete API Gateway ecosystem with observability, authentication, and backend services all working together.

System Diagram

The playground architecture includes the following components: KrakenD Playground Architecture This diagram shows how all services interconnect to provide a comprehensive API Gateway demonstration environment.

Service Components

All services run as Docker containers orchestrated by Docker Compose. Here’s what each component does:

API Gateway Layer

KrakenD Community Edition

  • Purpose: Main API Gateway handling client requests
  • Ports:
    • 8080 - HTTP API
    • 8090 - Admin API
    • 1234 - Debug endpoints
  • Configuration: config/krakend/krakend.json
  • Features: Request routing, aggregation, transformation, caching, rate limiting, authentication
  • Image: krakend (with auto-reload on config changes)
The :watch image automatically restarts when configuration files change, perfect for development but not for production use.

Backend Services

Fake API

  • Purpose: Simulates upstream services providing raw data
  • Port: 8000
  • Data: Serves XML, JSON, and RSS files from the data/ folder
  • Implementation: Simple busybox httpd server
  • Use case: Add/remove files in data/ to simulate different backend responses

Observability Stack

Metrics: Grafana + InfluxDB

InfluxDB
  • Purpose: Time-series database storing KrakenD metrics
  • Port: 8086
  • Database: krakend
  • Credentials: krakend-dev / pas5w0rd (user), admin / supersecretpassword (admin)
Grafana
  • Purpose: Metrics visualization and dashboards
  • Port: 4000 (mapped from internal 3000)
  • Credentials: admin / admin
  • Datasource: Pre-configured to read from InfluxDB
  • Dashboards: Pre-loaded with KrakenD metrics dashboards

Logging: ELK Stack

Elasticsearch
  • Purpose: Log storage and search engine
  • Ports:
    • 19200 - HTTP API (mapped from 9200)
    • 9300 - Transport protocol
  • Configuration: Single-node, security disabled (demo only)
  • Memory: 1GB heap size
Logstash
  • Purpose: Log aggregation and processing pipeline
  • Ports:
    • 12201/udp - GELF input from KrakenD
    • 5044 - Beats input
  • Configuration: config/logstash/logstash.conf
  • Output: Sends processed logs to Elasticsearch
Kibana
  • Purpose: Log visualization and analysis UI
  • Port: 5601
  • Datasource: Automatically connects to Elasticsearch
  • Setup: Run make elastic to import pre-configured dashboards

Tracing: Jaeger

  • Purpose: Distributed tracing for request flow analysis
  • Ports:
    • 16686 - Web UI
    • 14268 - Jaeger collector
  • Use case: View timing and path of requests through KrakenD to backends
  • Image: jaegertracing/all-in-one (includes collector, query, and UI)

Authentication & Identity

Keycloak (Identity Provider)

  • Purpose: OAuth2/OIDC provider for JWT token generation
  • Port: 8085 (mapped from internal 8080)
  • Admin Credentials: admin / admin
  • Realm: krakend (pre-configured)
  • Pre-configured Users:
    • moderator / moderator (moderator role)
    • reader / reader (reader role)
  • Configuration: config/keycloak/realms/ (imported on startup)
Keycloak configuration changes made via the admin UI are not persisted on container restart. Use the realm import/export functionality for permanent changes.

JWT Revoker

  • Purpose: Token revocation service using KrakenD bloomfilter
  • Port: 9000 (mapped from internal 8080)
  • Implementation: Custom service in images/jwt-revoker/
  • Use case: Demonstrates how to revoke JWT tokens before expiration
  • Dependency: Requires KrakenD to be running

Client Applications

Demo Web Client

  • Purpose: Single Page Application demonstrating authentication flows
  • Port: 3000
  • Technology: Express.js with Keycloak integration
  • Source: images/demo-app/
  • Features: Login via Keycloak, JWT token management, API calls to KrakenD
No npm installation needed locally - all dependencies are installed inside the container.

Message Queue

RabbitMQ

  • Purpose: AMQP message broker for async agent demonstration
  • Port: 15672 - Management UI
  • Credentials: guest / guest
  • Queue: krakend queue receives messages picked up by KrakenD async agent
  • Use case: Demonstrates KrakenD’s ability to consume messages asynchronously

Data Flow

Here’s how requests flow through the system:
1

Client Request

A client (browser, curl, Postman) sends an HTTP request to KrakenD on port 8080
2

Gateway Processing

KrakenD receives the request and:
  • Validates authentication (if required)
  • Checks rate limits
  • Determines which backends to call based on endpoint configuration
  • Sends telemetry to Jaeger (tracing), InfluxDB (metrics), and Logstash (logs)
3

Backend Calls

KrakenD calls one or more backend services:
  • Internal: Fake API on port 8000
  • External: Third-party APIs (GitHub, CoinGecko, GraphQL services)
  • Can make calls sequentially or concurrently
4

Response Aggregation

KrakenD processes backend responses:
  • Aggregates data from multiple sources
  • Filters and transforms fields
  • Applies caching if configured
  • Handles backend failures gracefully
5

Client Response

KrakenD returns the final response to the client:
  • Single JSON response (even from multiple backends)
  • Includes headers for debugging (X-KrakenD-complete, etc.)
  • Observability data sent to all monitoring systems

Port Mapping Reference

ServiceInternal PortExternal PortProtocol
KrakenD80808080HTTP
KrakenD80908090HTTP
KrakenD12341234HTTP
Fake API808000HTTP
Grafana30004000HTTP
Kibana56015601HTTP
Jaeger UI1668616686HTTP
Jaeger Collector1426814268HTTP
Elasticsearch920019200HTTP
Elasticsearch93009300TCP
Logstash GELF1220112201UDP
Logstash Beats50445044TCP
RabbitMQ Mgmt1567215672HTTP
InfluxDB80868086HTTP
Web Client30003000HTTP
JWT Revoker80809000HTTP
Keycloak80808085HTTP

Service Dependencies

The docker-compose.yml defines these dependencies:
  • KrakenD depends on:
    • fake_api - Backend must be ready
    • jaeger - Tracing collector must be available
  • JWT Revoker depends on:
    • krakend_ce - Gateway must be running
    • Automatically restarts if it fails
  • Logstash depends on:
    • elasticsearch - Must be able to send logs

Network Communication

All services run on the same Docker network, allowing them to communicate using service names:
  • KrakenD connects to fake_api:80 internally
  • Grafana queries influxdb:8086
  • Logstash sends logs to elasticsearch:9200
  • Kibana connects to elasticsearch:9200
  • KrakenD sends traces to jaeger:14268

Configuration as Code

All service configurations are version-controlled:
  • KrakenD: config/krakend/krakend.json
  • Grafana datasources: config/grafana/datasources/all.yml
  • Grafana dashboards: config/grafana/dashboards/all.yml
  • Logstash pipeline: config/logstash/logstash.conf
  • Keycloak realm: config/keycloak/realms/
  • Backend data: data/ folder (JSON, XML, RSS files)
The KrakenD configuration uses the :watch image that auto-reloads on changes, making it easy to experiment without restarting containers.

Flexible Configuration

The playground includes an example of KrakenD’s flexible configuration feature:
  • Template: krakend-flexible-config.tmpl
  • Uses: Golang templating syntax for variables, conditions, and iterations
  • Compile: Run make compile-flexible-config to see the generated output
  • Output: krakend-flexible-config.compiled.json
This demonstrates how to manage complex configurations with templates and environment-specific settings.

Production Considerations

This architecture is designed for demonstration and learning only. Do not use it in production without addressing:
  • Security hardening (enable authentication, HTTPS, network segmentation)
  • Resource limits and scaling (CPU, memory, replicas)
  • Persistent storage for stateful services
  • Secrets management (environment variables, vaults)
  • Monitoring and alerting configurations
  • Backup and disaster recovery
  • Proper logging retention policies
For production deployments, refer to:

Build docs developers (and LLMs) love

Get started for freeTalk to us