Streamlining Cloud Native App Development in Kubernetes with Prioritized API Management
- Srinath Perera
- Chief Architect - WSO2
- While Kubernetes (K8s) and APIs play key roles in delivering cloud native applications, the lack of first-class support for APIs and API management in K8s introduces complexity in developing and deploying these apps.
- However, the emergence of the Kubernetes Gateway API, which aims to make APIs a core feature on K8s, is driving a shift towards standardization and interoperability.
- By utilizing the Gateway API, with its support for comprehensive API definition and management in YAML, developers can enhance and simplify their cloud native app development experience while improving efficiency and security.
For years, we've witnessed how applications have shifted to the cloud, driven by cost savings, flexibility, on-demand access, scalability, and faster deployment times. During that time, new architectural best practices for building cloud native applications have emerged. (For more insights, refer to this whitepaper.) Yet despite these advances, it remains difficult to build cloud native applications that fully take advantage of Kubernetes, the platform of choice for most cloud deployments.
In this article, we will discuss the Kubernetes Gateway API specification and how its support for comprehensive API definition and management in the YAML language can ease the development of cloud native applications. Additionally, we will review the benefits gained by utilizing the Gateway API, such as efficient resource allocation, integration to K8s’ scalability and high-availability architecture, enhanced monitoring and observability, fortified security, and Improved deployment workflows.
Before we examine the Kubernetes Gateway API specification, it is important to understand the role of APIs in a cloud native application and how cloud native apps are handled in Kubernetes.
The Role of APIs in a Cloud Native Application
APIs play a central role in today's cloud native applications. To understand how APIs function here, let's first review the architecture of a cloud native app. Notably, the architecture of most contemporary cloud native apps is grounded in service-oriented architecture (SOA) or resource-oriented architecture (ROA), and microservices principles, ensuring alignment with the model shown in Figure 1.
A cloud native application typically consists of a frontend (either a mobile or web app) or an API communicating with various services. These services can interact with databases, communicate with other services within the system, or connect to third-party APIs. Some of these services can be presented as an API or become components of one. Additionally, there could be background tasks performing routine operations, and the application can generate or consume events with dedicated tasks to handle them.
Figure 1: A typical cloud native application
In a cloud native architecture, APIs act as gatekeepers, securely exposing services beyond the confines of an organization or its subdivisions, ensuring granular control over these interactions.
Common use cases include:
- Presenting a service to external systems outside of firewall protections.
- Offering a service to business partners or end consumers with subscription support, referred to respectively as business-to-business (B2B) and business-to-consumer (B2C).
- Securely sharing internal data with external parties (like B2B or B2C).
- Making an internal service available to a different department within the same organization.
- Receiving external callbacks, such as webhooks.
- Incorporating external third-party APIs.
- Facilitating communication between distributed components or subsystems and the central system.
We use API management to transform services into APIs and then unlock the full benefits of APIs through value-added features typically offered with API management solutions. Chief among these are:
- API security: An API management solution can act as the policy enforcement point for incoming API calls, often going beyond basic functionality by integrating with identity and access management (IAM) or customer IAM (CIAM) and
- Traffic management: API management solutions can handle rate limiting and the throttling of incoming API calls
- Developer productivity: API management products offer portals and tools for developers who are building applications using those APIs.
- Insights: An API management solution can extract valuable insights from API traffic
- Lifecycle management: Comprehensive API management solutions can oversee the entire lifespan of APIs.
- Subscriptions: An API management product can manage user access and subscriptions.
- Monetization: API management products can integrate with metering and billing systems.
- Compliance: An API management solution can ensure all regulations and standards are met in the API development process.
- Routing and integration: An API management product can route traffic and support the integration of API calls with the rest of the system with minimal effort.
Consider the example of exposing a service as an API to consumers. The API management solution can manage subscriptions, traffic, and the API lifecycle, as well as handle API security. It can also use insights from the API traffic along with an integrated billing system to enable monetization. Similarly, most use cases for APIs are aided by multiple value-added features provided by API management solutions.
Cloud Native Apps in Kubernetes
Kubernetes is the most widely adopted container orchestration system for automating software deployment, scaling, and management. K8s enables you to arrange your containerized components and deploy them within a unified system—all targeted toward a specific objective. The preferred system configuration is outlined using K8s configurations, typically written in the YAML data serialization language, which is designed to be human readable and therefore easier to understand. K8s can then seamlessly run the system as per YAML configurations. For example, it handles hardware resources, reinstates any inactive services, reboots malfunctioning components, and can even scale services up or down when required.
When designing a cloud native architecture, we start by implementing different services and tasks using a programming language and package them as containers. We then assemble them into an application using K8s configurations written in YAML. For event handling, we typically wire tasks and services using platform services, such as Amazon Managed Streaming for Apache Kafka (MSK) or Azure EventBus, to support our service and task implementations. For example, the YAML code example below illustrates a stock quote service in K8s.
After defining the system in YAML, we can initiate it using tools like kubectl, the Kubernetes command line tool. K8s will then launch the system as per YAML configurations, ensuring it remains operational, even when facing failures or other adverse conditions. We can also monitor the system with Kubernetes-native tools.
However, most applications include APIs. A key challenge is that K8s configurations do not natively support describing APIs or their associated API management settings. While we can run API management tools in containers and feed configurations directly to those containers as startup parameters, this approach is crude and induces significant friction . For example, these configurations remain opaque to Kubernetes tools and management processes. As a result, K8s doesn't support APIs and API management as core features. This introduces complexity in developing, deploying, and managing cloud native applications.
First-Class API Management Support in Kubernetes
The Kubernetes Gateway API specification solves the problem outlined above by natively supporting APIs within K8s configurations. This specification allows us to define APIs using custom resource definitions (CRDs) within K8s YAML.
Consider a service named 'stock quote' running in K8s. We can present this service as an API using CRDs from the Gateway API specification. For instance, the route below sets up an API. Note that HTTPRoute is a CRD outlined in the Gateway API specification. However, the authentication and rate limiting listed below are vendor-specific extensions.
With this addition, we can fully describe APIs and API management configurations as YAML and manage them using K8s tools. However, the Kubernetes Gateway API specification does not yet handle end-user aspects for APIs, such as managing subscriptions, which need to be handled using vendor-specific extensions.
Advantages of First-Class API Management
With the introduction of the Gateway API specification, we can comprehensively define both APIs and their management configurations within K8s YAML and administer them using Kubernetes tools. This first-class support for APIs and API management in K8s brings several benefits.
Unified configuration: Developers can declaratively set and control APIs alongside other configurations, streamlining the YAML definitions and enhancing readability. These unified configurations will significantly simplify complex deployments, such as multi-region, multi-cloud, and hybrid deployments.
Optimal resource allocation: APIs can seamlessly integrate with K8s’ scalability and high-availability architecture, ensuring efficient resource usage. As a result, APIs can scale in tandem with the broader system.
Enhanced monitoring and observability: Native API management tools can capitalize on K8s’ existing monitoring and logging infrastructures. This offers a consolidated perspective of the application and its API layer, facilitating streamlined tracing, metrics collection, and log compilation.
Fortified security: Many API management solutions can easily collaborate with K8s’ pre-existing security protocols, including role-based access control (RBAC) and secrets management. This synchronization ensures that the API layer aligns with the overarching application's security benchmarks.
Improved deployment workflows: Deployments can further benefit from superior continuous integration/continuous deployment (CI/CD) and GitOps compatibility, simplifying automation processes.
Enhanced system understanding: Tools designed to visualize and decipher YAML configurations can more accurately interpret the system, especially when recognizing APIs that often demarcate pivotal system access points.
Advanced API discovery: The API definitions embedded within the YAML configurations aid in discovering APIs through configuration/code analysis, enhancing the programming experience during cloud native application development.
Kubernetes’ implementation of YAML enables the detailed description of our cloud native applications, facilitating the integration of components crafted as containers into a cohesive system with defined objectives. Yet, a notable shortcoming is K8s’ inability to intrinsically define APIs and API management. The K8s API Gateway specification addresses this gap by permitting the depiction of APIs within the YAML language through well structured custom resource definitions (CRDs). As we've shown in this discussion, this methodology can notably enhance and simplify the cloud native development experience.