Cloud Foundry kubernetes open source products spring cloud Tanzu Advanced

VMware Spring Cloud Gateway for Kubernetes, the Distributed API Gateway Developers Love, Is Now GA

For all the talk of digital transformation, there’s one workflow that tends to hinder release velocity: changes to API routing rules. But while—much to the consternation of enterprise developers everywhere—this process has historically remained stubbornly ticket-based, Spring Cloud Gateway removes this bottleneck. The open source project provides a developer-friendly way to route, secure, and monitor API requests. Moreover, Spring Cloud Gateway supports services written in any programming language (or framework), just so long as they “speak” HTTP. 

Not only is interest in the open source project soaring, we’ve seen a corresponding spike in interest around a commercially supported version as well. To that end, we’re excited to announce the general availability of VMware Spring Cloud Gateway for Kubernetes, which makes life simpler for API consumers and producers—API traffic is handled by reactive, non-blocking I/O—all while delivering enterprise control, security, and resilience. As you’d expect, Spring Cloud Gateway has integrated Spring modules such as Spring Boot, Spring Security, and Spring Cloud. Best of all, Spring Cloud Gateway is based on technology that’s been battle-tested in high-volume production systems.

I had a chance to chat with Kelly Fitzpatrick of RedMonk about the problems that arise with API sprawl, and how a distributed API gateway can help. Watch the video below to learn more.

VMware Spring Cloud Gateway for Kubernetes is available in VMware Tanzu Advanced Edition.

Let’s examine a few scenarios where Spring Cloud Gateway for Kubernetes can help a modern enterprise.

Enable internal API collaboration across the organization

APIs are the top choice of developers for delivering microservices at scale, and it’s easy to see why. They accelerate collaboration across development teams and enterprise line of business (LoB) leaders. But at any reasonable scale, API interactions increase. Consequently, direct integrations can become unwieldy, hindering release velocity and complicating future technology decisions. Spring Cloud Gateway to the rescue!

VMware Spring Cloud Gateway for Kubernetes is an API Gateway to both polyglot application services and external services running off-platform

Spring Cloud Gateway for Kubernetes instances can be deployed for each team (or LoB) and become their common integration endpoint. Perhaps more importantly, the enterprise can still adhere to common API governance policies. This distributed API gateway approach promotes agility and high-performance operations.

In the diagram below, an insurance company has an agent portal behind the “Agent LoB” API gateway instance. The portal is a web UI that consumes other APIs based on agent interactions. The agent may be authenticated to the portal via an OpenID Connect (OIDC) provider.

An example architecture for sharing APIs across lines of business with an organization using VMware Spring Cloud Gateway on Kubernetes

Meanwhile, if the agent accepts a consumer insurance claim, the claims process will involve a fraud detection API call. The “Fraud LoB” has its own API gateway instance with an alternative security model, such as authorized client certificates from a consumer request service. If more LoBs decide to share their APIs across the organization, they can create their own API gateway instances.

Modernize your most important monoliths

Enterprises have been increasingly focused on application modernization in recent years. (This is a big part of what VMware Tanzu is all about!) Their rationale is simple: The monolithic systems that have served their businesses well over the last few decades are unlikely to keep them competitive in the years ahead.

The upshot of these monolithic systems for IT leaders is that they deliver significant value. But for that value to be enhanced, core architectures must evolve to support new business opportunities and consumer demands. We’ve seen the “monolith to microservices” modernization path work well for this scenario. And Spring Cloud Gateway for Kubernetes offers even more flexibility. 

In particular, Spring Cloud Gateway proxies API requests via route configurations for applications deployed outside of Kubernetes clusters. Often, these “off-platform” applications are running on virtual machines or co-located hardware. By creating an external service on Kubernetes, an API route configuration can specify the API endpoints that should be exposed from the off-platform application through an API gateway instance. 

Example architecture for adding an API gateway between API consumers and legacy applications/systems.

As the monolithic application is refactored into smaller services, the API routes associated with those smaller services can be re-routed to a cluster-deployed application rather than the external service. This incremental decomposition leads to more agility over time and reduces the maintenance of the monolith application.

Since API requests hit the API gateway first, API filters (e.g., rate limiting, single sign-on, circuit breakers) can be applied. This way, you can manage access and throughput to downstream applications. You can also enforce network policies to ensure connectivity is only allowed between the gateway instance and the off-platform application.

From there, you can refactor the off-platform application into smaller services that can run in containers on Kubernetes. The API routes for those smaller services can subsequently be reassigned from the off-platform application incrementally and enhanced for additional business value.

Built on the success of Spring Cloud Gateway and Cloud Foundry

Spring Cloud Gateway for VMware Tanzu was released a year ago to aid VMware Tanzu Application Service customers. Since then, platform operators have deployed Spring Cloud Gateway to help them better manage APIs atop their Cloud Foundry deployments, while development teams have deployed Gateway instances and added their API route configurations with ease. (API route configurations updates can be committed with application code and be applied to Gateway instances through existing build pipelines.)

VMware Spring Cloud Gateway for Kubernetes brings the same developer-friendly experience to Kubernetes. Throughout the development process—from local workstations all the way to production—practitioners can create Gateway instances on clusters that have the VMware Spring Cloud Gateway for Kubernetes operator installed

To create a simple Gateway instance with a high availability configuration of three instances, you can kubectl apply -f … a file with the following contents on the cluster namespace of your choice:

apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGateway
metadata:
  name: my-gateway
spec:
  count: 3

To add API routes for an application deployed to the namespace with service name my-app-service, apply the following API route configuration file to your namespace for the GET /foo path:

apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGatewayRouteConfig
metadata:
  name: my-app-service-routes
spec:
  routes:
  - predicates:
      - Path=/foo/bar

There are a number of predicates and filters that can be applied to each API route. In the case above, we are just routing traffic for GET /foo/bar on the Gateway instance to my-app-service GET /bar as the gateway will strip off the /foo by default. This is entirely configurable using the StripPrefix filter.

Although these routes have been applied to the cluster with kubectl, they are not yet mapped onto a Gateway instance. To map them onto a Gateway instance, apply the following to your namespace:

apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGatewayMapping
metadata:
  name: my-app-service-mapping
spec:
  gatewayRef:
    name: my-gateway
  routeConfigRef:
    name: my-app-service-routes

The Gateway instance my-gateway is deployed as a service in the Kubernetes namespace it was applied to. You can test the gateway API route GET /foo by running:

$ kubectl port-forward service/my-gateway 8080:80

Then open a browser and go to http://localhost:8080/foo.

If you’d rather expose my-gateway using a Kubernetes ingress controller, let us recommend our open source Project Contour. To install it on your cluster, run the following:

$ kubectl apply -f https://projectcontour.io/quickstart/contour.yaml

Once installed successfully, a simple ingress can be applied to the namespace using the following file contents:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: my-gateway-ingress
  namespace: my-namespace
  annotations:
    kubernetes.io/ingress.class: contour
spec:
  rules:
  - host: my-gateway.my.domain.online
    http:
      paths:
      - backend:
          serviceName: my-gateway
          servicePort: 80

Assuming that my-gateway.my.domain.online is accessible, open a browser and go to http://my-gateway.my.domain.online/foo/bar.

It's time to try Spring Cloud Gateway for Kubernetes

So where can you use VMware Spring Cloud Gateway for Kubernetes? The following services are supported:

Now, take the next step and try Spring Cloud Gateway! Here’s where you can find out more:

You can also learn about the use cases for Spring Cloud Gateway in this informative podcast with experts from the community: