The API Gateway and the Future of Cloud Native Applications
- Nuwan Dias
- VP and Deputy CTO - WSO2
A version of this article was first published on The New Stack
- With the rise of cloud native applications, the API gateway has evolved to become essential for secure and scalable communication between microservices.
- However, the emergence of the Kubernetes Gateway API, which aims to make APIs first-class citizens on Kubernetes, together with the Envoy Gateway project has spurred a shift towards standardization and interoperability.
- The Gateway API will become a key part of the cloud native ecosystem, and, over time, the relevance of the API gateway runtime will diminish. This will enable organizations to leverage the benefits of a standardized API gateway while encouraging innovation among API gateway vendors.
The rapid growth of cloud native applications that are smaller, more distributed, and designed for highly dynamic environments has turned API gateways into indispensable intermediaries for driving digital initiatives. At the same time, the emergence of the Kubernetes Gateway API, with support from the Envoy Gateway project, is driving a shift towards standardization and interoperability. Ultimately, this will enable organizations to leverage the benefits of a standard API gateway even as API gateway vendors are motivated to invest in continued innovation.
This article explores how API gateways are adapting to meet the demands of modern cloud native applications, including the concept of the API gateway as part of the cloud operating system, the roles of the emerging Kubernetes Gateway API and Envoy Gateway projects, and potential future advancements.
The Role of the API Gateway in Cloud Native Applications
A modern cloud native application is designed and developed specifically to take advantage of cloud infrastructure and services. It embraces the principles of scalability, resilience, and flexibility, enabling organizations to build robust and agile software systems. A typical cloud native application comprises various components, including a front-end, Backend For Frontend (BFF) services, back-end services, and a database. Let’s review each of these components and how the API gateway plays a crucial role in orchestrating and managing communication between them.
Figure 1: Cloud native application architecture
Cloud Native Application Components
Front-end: The front-end is the user-facing part responsible for rendering the user interface and interacting with end-users. It consists of web or mobile applications that communicate with back-end services via APIs exposed by the API gateway. The front-end components can be built using frameworks like React, Angular, or Vue.js, and are designed to be lightweight, highly responsive, and scalable to handle user requests efficiently.
Backend For Frontend (BFF) services: A vital part of cloud native applications, BFF services are specialized components that act as intermediaries, aggregating and transforming data from various back-end services to fulfill specific front-end requirements. They encapsulate business logic, handle authentication and authorization, and optimize data delivery to enhance performance and the user experience. The API gateway enables the routing of requests from the front-end to the appropriate BFF service based on the requested functionality.
Back-end services: Cloud native applications typically comprise multiple back-end services, each responsible for a specific set of functions or microservices. These services are designed to be loosely coupled, independently deployable, and scalable. Back-end services communicate with each other through APIs, and the API gateway plays a critical role in routing and load balancing requests across these services. They are often built using technologies, such as Node.js, Java, Python, Ballerina, or Go, and leverage containers for deployment and scalability.
Database: Either a traditional relational database or a NoSQL database can be used to store and manage the application’s data, depending on the specific requirements of the application.
The Role of the API Gateway
As we have seen, the API gateway in a cloud native application acts as a central entry point for external requests and provides a unified interface for accessing its various components. It handles tasks, such as request routing, authentication, authorization, rate limiting, and API analytics. By offloading these concerns from individual components, the API gateway simplifies development, improves performance, and enhances the overall security posture of the application.
Organizations with many services typically group them into business domains. One way to do this is to use domain-driven design (DDD) principles. When services within a domain communicate with services in other domains, these calls typically go through an API gateway. In such situations, an organization will typically have two API gateways: one for internal APIs and the other for external APIs.
Figure 2: API gateways in a cloud native architecture
Kubernetes: The Operating System of the Cloud
Advancements in technology — from mainframes and minicomputers to personal computers, mobile devices, and cloud native computing — and the changing demands of modern applications have driven software architecture to evolve significantly over the years. One major aspect of this evolution is that, just as Linux became the operating system for enterprise applications two decades ago, Kubernetes has now emerged as the operating system for cloud native applications.
Kubernetes abstracts the underlying infrastructure and provides a unified API for deploying and managing containerized applications across clusters of machines. It also provides core features like automatic scaling, load balancing, service discovery, and rolling deployments, making it easier to build and operate resilient, scalable applications in a cloud native fashion. Additionally, Kubernetes integrates with other cloud native components, such as service meshes and, of course, API gateways, to create a comprehensive application delivery infrastructure.
By leveraging Kubernetes, organizations can achieve cloud portability, deploying applications across various cloud providers and on-premises environments with ease. With its extensible architecture and vibrant ecosystem of tools and extensions, Kubernetes is now the preferred choice for managing complex cloud native architectures.
The API Gateway is Becoming Part of the Cloud Operating System
As Kubernetes becomes the operating system of the cloud, the API gateway is becoming a part of that operating system. With the rise of cloud native applications, the API gateway has evolved to become an essential component of the infrastructure required for building and managing these applications. It is no longer just a standalone service but rather an integral part of the cloud operating system. This shift is driven by the need for a standardized and centralized approach to manage APIs — just as there is for services and jobs within the cloud native ecosystem.
An Abstraction for APIs
Cloud native applications comprise numerous microservices, each offering specific functions. These microservices communicate with each other through APIs. However, as the number of microservices grows, managing and securing APIs becomes increasingly complex. This is where the API gateway steps in, providing a unified entry point for external requests, implementing security policies, and handling traffic management.
Similar to how services and jobs are abstracted in the cloud operating system, the API gateway offers a higher-level abstraction for APIs. It enables developers to focus on building and deploying microservices while abstracting away the complexities of API management, such as request routing, authentication, and rate limiting. This abstraction simplifies development, improves security, and enhances scalability.
Kubernetes Gateway API
Recognizing the importance of API management in the cloud native landscape, the Kubernetes community has introduced the Kubernetes Gateway API. The Gateway API aims to make APIs a first-class citizen on Kubernetes, providing a standardized way to define and manage API gateways within the Kubernetes ecosystem.
The Gateway API specification offers a consistent interface for configuring and operating API gateways, regardless of the underlying implementation. It allows for declarative configuration, enabling easy management and versioning of API gateway configurations as part of Kubernetes manifests. The Gateway API specification brings the benefits of portability and interoperability, allowing organizations to adopt different API Gateway implementations without modifying their applications.
The Envoy Gateway Project
The Envoy Gateway project is a popular implementation of the Kubernetes Gateway API. Envoy is an open-source, high-performance edge and service proxy designed for cloud native environments. It offers advanced features, such as load balancing, service discovery, rate limiting, and observability. By integrating Envoy as a gateway implementation, organizations can leverage the features and capabilities provided by Envoy while adhering to the Gateway API specification.
Envoy acts as a powerful and flexible data plane proxy, managing traffic between external clients and microservices running on Kubernetes. Its extensible architecture allows for integration with various authentication mechanisms, service meshes, and other cloud native components.
The Envoy Gateway project, along with the Kubernetes Gateway API, enables organizations to build a robust and standardized infrastructure for managing APIs within the Kubernetes ecosystem. It provides a seamless and scalable approach to handle API traffic, ensuring the reliable delivery of requests and enforcing security policies.
Farewell, API Gateway. Long Live, Gateway API!
With the emergence of the Gateway API and its standardized approach to configuring and managing API gateways, the actual API gateway runtime is becoming less relevant. Traditionally, organizations will choose and configure a specific API gateway implementation to handle their API traffic. However, the Gateway API abstracts away the specific implementation details, allowing organizations to adopt different API gateway runtimes interchangeably.
The focus is shifting from the runtime to the Gateway API specification, which provides a consistent way to define API gateway configurations. Organizations can choose an API gateway runtime that aligns with their specific requirements and seamlessly switch between different implementations without impacting the application code or configuration.
This decoupling of the runtime from the Gateway API specification enables organizations to leverage the benefits of a standardized API gateway configuration while maintaining flexibility and choice in selecting the most suitable runtime for their needs. It also encourages competition and innovation among API gateway vendors, as they can differentiate their products by providing unique features and optimizations while adhering to the Gateway API specification.
The Shift in How APIs are Configured and Managed
The Gateway API brings a significant shift in the way APIs are configured and managed within Kubernetes. Previously, configuring API gateways required manual configuration and interaction with specific API gateway runtime configurations. However, with the Gateway API, developers and operations teams can define API gateway configurations directly in Kubernetes manifests, leveraging Kubernetes’ declarative nature.
This shift empowers developers and operations teams to have more control over the API configuration process. They can define routing rules, security policies, and transformations for APIs using familiar Kubernetes resource definitions. Moreover, the Gateway API enables them to manage API Gateway configurations as part of their infrastructure-as-code practices, promoting consistency, versioning, and scalability.
By abstracting away the low-level details of API gateway runtime configurations, the Gateway API simplifies the API management process for developers and DevOps teams. It reduces the complexity of managing API gateway configurations separately and allows them to focus on their core responsibilities of building and deploying applications. This streamlined approach enhances collaboration and agility within development and operations teams, ultimately leading to faster and more reliable delivery of APIs. Some vendors will offer extensions to the API, supporting unique and differentiated features organizations will want. However, the core API will remain generic.
As cloud native applications continue to shape the future of software architecture, the API gateway plays a pivotal role in enabling secure and scalable communication between microservices. At the same time, the evolving landscape of cloud computing is pushing the API gateway to become an essential part of the cloud operating system. With the emergence of the Gateway API, we are witnessing a shift towards standardization and interoperability, enabling organizations to build cloud native applications that are portable, flexible, and robust. By embracing these advancements, we can look forward to a future where the gateway API becomes a vital pillar of the cloud native ecosystem.