SlideShare a Scribd company logo

A Hitchhiker's Guide to Cloud-Native API Gateways

QAware GmbH
QAware GmbH

JavaLand, March 2021, online: Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware) Abstract: Good APIs are the center piece of any successful digital product and cloud native application architecture. But for complex systems with many API consumers the proper management of these APIs is of utmost importance. The API gateway pattern is well established to handle and enforce concerns like routing, versioning, rate limiting, access control, diagnosability or service catalogs in a microservice architecture. So this session will have a closer look at the cloud native API gateway ecosystem: Ambassador, Gloo, KrakenD, Envoy, et.al. But which one of these is the right one to use in your next project? Let's find out. We will start off by briefly explaining the API gateway pattern and some basic criteria. We then continue by showcasing the most promising ones.

1 of 30
Download to read offline
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf A HITCHHIKER’S GUIDE TO CLOUD NATIVE API GATEWAYS
Mario-Leander Reimer Principal Software Architect @LeanderReimer #cloudnativenerd #qaware https://lreimer.github.io
3 https://imgur.com/gallery/LGAZEqu The Earl y Code Monkey The Monolith
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 4 Monolithic Vintage System Users system.example.com
autonomous bounded contexts loosely coupled stateless makeameme.org
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 6 Users Monolithic Legacy System A Shared PaaS A Namespace Service A system.example.com service-a.default.example.com Route
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 7 Users Monolithic Legacy System A Shared PaaS A Namespace Service A system.example.com service-a.default.example.com Route Service B Route service-b…
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 8 Users Monolithic Legacy System A Shared PaaS A Namespace Service A system.example.com service-a.default.example.com Route Service B Route service-b… Service C Route service-c…
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 9 Users Monolithic Legacy System A Shared PaaS A Namespace Service A’ system.example.com service-a.default.example.com Route Service B Route service-b… Service C' Route service-c… 3rd Party Apps
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 10 Users Monolithic Legacy System A Shared PaaS A Namespace Service A’ system.example.com service-a.default.example.com Route Service B Route service-b… Service C' Route service-c… 3rd Party Apps B Namespace Service X Service Y Service Z’ Unreliable Legacy Systems SOAP gRPC
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 11 Users Monolithic Legacy System A Shared PaaS A Namespace Service A’ system.example.com service-a.default.example.com Route Service B Route service-b… Service C' Route service-c… 3rd Party Apps B Namespace Service X Service Y Service Z’ Unreliable Legacy Systems SOAP gRPC Route Internal Systems
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 12 APIs are the center piece of any successful digital product. 


 https://thenewstack.io/history-service-mesh/
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 13 APIs are the center piece of any successful digital product. Proper management of your APIs right from the start is crucial, to not end up in API hell. https://thenewstack.io/history-service-mesh/
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 14 Users Monolithic Legacy System A Shared PaaS A Namespace Service A Service B Service C 3rd Party Apps B Namespace Service X Service Y Service Z Unreliable Legacy Systems SOAP API Gateway Backend for Frontend Internal Systems API Gateway API Proxy
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 15 API Gateways are like the Façade Pattern in 
 Cloud Native Application Design and Microservice Architectures
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf • Tra ffi c Management: Path, Header, Host based Routing, Path Rewrite • Rollout and Deployment: A/B Deployment, Canary Release, et.al. • QoS and Resiliency: Circuit Breaker, Retry, Timeouts, Rate Limiting • Security: AAA, Terminate TLS, Support for JWT and JWKS, Open ID, … • Protocol Translation: XML to JSON, gRPC to JSON, … • Transformation: Fan Out / Collect, Backend for Frontend, GraphQL, … • Observability: Integration into Logging, Monitoring, Tracing Stacks 16
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 17 W E N S Ingress Egress API Gateways for North-South Communication Service Meshes for East-West Communication
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf API Gateways in a Nutshell • Bene fi ts • Encapsulates internal structure of application • Provides client-speci fi c APIs • B4Fs reduce the number of client-server round trips • Simpli fi es client code 18 • Drawbacks • Yet another highly available component that needs to be managed and deployed • Risk of becoming a DevOps bottleneck if managed centrally • Business logic in API gateway leads to accidental ESB
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf Possible Criteria for a Comparison • Maturity: good and active community, little issues, frequent releases • License: open source or backed by commercial vendor • Supported Features: Tra ffi c Management, Deployment, Security, Translation, Transformation, QoS, Resiliency, Observability • DevOps Friendly: Easy setup and operability, supported platforms, CI/CD • Performance: Small overhead, high throughput, super scalable • Observability: good logging, monitoring, tracing capabilities + integration 19
A Hitchhiker's Guide to Cloud-Native API Gateways
A Hitchhiker's Guide to Cloud-Native API Gateways
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf Four Categories of API Gateways A. API Management Solutions B. Build Your Own API Gateway C. Service Proxies D. Cloud Native API Gateways 22
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf A. API Management Solutions 23 • Several full-blown API Management solutions: Kong, Tyk, Mulesoft, 3scale, Apigee, … • Makes sense in Enterprise use cases. Generally cost $$$. • Provide additional features such as payment, developer portals with API key management, integrations into enterprise infrastructure. • Usually, centrally deployed and operated for the whole platform and all the applications. • 80/20 rule applies, like with any other COTS product.
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf B. Build Your Own API Gateway 24 • Several frameworks available: Net fl ix Zuul 2, Spring Cloud Gateway, Node, Vert.x, Ballerina, Java EE 8, Camel, Express Gateway, … • Provides a lot of fl exibility. • But: your team needs to develop, maintain and operate the gateway!
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf C. Service Proxies 25 • Many choices: Apache, HA Proxy, Nginx, OpenResty, Trae fi k, Envoy, … • Lightweight and simple to use. • Provided features vary a lot between products.
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf D. Cloud Native API Gateways 26 • Few choices: KrakenD, Ambassador, Gloo, Maesh • Usually build upon a service proxy such as Envoy and enhance it. • Provide tight integration with cloud native platform, like K8s.
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf DEMOS 27 https://github.com/lreimer/hitchhikers-guide-api-gateways 
 https://github.com/lreimer/hands-on-krakend
| JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf THE ANSWER TO LIFE, UNIVERSE, THE CLOUD, AND API GATEWAYS. 28 42.
Visit the QAware booth betweem 10:00 - 13:00
Mario-Leander Reimer Principal Software Architect, QAware GmbH mario-leander.reimer@qaware.de https://www.qaware.de https://speakerdeck.com/lreimer/ &

More Related Content

A Hitchhiker's Guide to Cloud-Native API Gateways

  • 1. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf A HITCHHIKER’S GUIDE TO CLOUD NATIVE API GATEWAYS
  • 2. Mario-Leander Reimer Principal Software Architect @LeanderReimer #cloudnativenerd #qaware https://lreimer.github.io
  • 4. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 4 Monolithic Vintage System Users system.example.com
  • 5. autonomous bounded contexts loosely coupled stateless makeameme.org
  • 6. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 6 Users Monolithic Legacy System A Shared PaaS A Namespace Service A system.example.com service-a.default.example.com Route
  • 7. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 7 Users Monolithic Legacy System A Shared PaaS A Namespace Service A system.example.com service-a.default.example.com Route Service B Route service-b…
  • 8. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 8 Users Monolithic Legacy System A Shared PaaS A Namespace Service A system.example.com service-a.default.example.com Route Service B Route service-b… Service C Route service-c…
  • 9. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 9 Users Monolithic Legacy System A Shared PaaS A Namespace Service A’ system.example.com service-a.default.example.com Route Service B Route service-b… Service C' Route service-c… 3rd Party Apps
  • 10. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 10 Users Monolithic Legacy System A Shared PaaS A Namespace Service A’ system.example.com service-a.default.example.com Route Service B Route service-b… Service C' Route service-c… 3rd Party Apps B Namespace Service X Service Y Service Z’ Unreliable Legacy Systems SOAP gRPC
  • 11. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 11 Users Monolithic Legacy System A Shared PaaS A Namespace Service A’ system.example.com service-a.default.example.com Route Service B Route service-b… Service C' Route service-c… 3rd Party Apps B Namespace Service X Service Y Service Z’ Unreliable Legacy Systems SOAP gRPC Route Internal Systems
  • 12. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 12 APIs are the center piece of any successful digital product. 


 https://thenewstack.io/history-service-mesh/
  • 13. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 13 APIs are the center piece of any successful digital product. Proper management of your APIs right from the start is crucial, to not end up in API hell. https://thenewstack.io/history-service-mesh/
  • 14. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 14 Users Monolithic Legacy System A Shared PaaS A Namespace Service A Service B Service C 3rd Party Apps B Namespace Service X Service Y Service Z Unreliable Legacy Systems SOAP API Gateway Backend for Frontend Internal Systems API Gateway API Proxy
  • 15. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 15 API Gateways are like the Façade Pattern in 
 Cloud Native Application Design and Microservice Architectures
  • 16. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf • Tra ffi c Management: Path, Header, Host based Routing, Path Rewrite • Rollout and Deployment: A/B Deployment, Canary Release, et.al. • QoS and Resiliency: Circuit Breaker, Retry, Timeouts, Rate Limiting • Security: AAA, Terminate TLS, Support for JWT and JWKS, Open ID, … • Protocol Translation: XML to JSON, gRPC to JSON, … • Transformation: Fan Out / Collect, Backend for Frontend, GraphQL, … • Observability: Integration into Logging, Monitoring, Tracing Stacks 16
  • 17. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf 17 W E N S Ingress Egress API Gateways for North-South Communication Service Meshes for East-West Communication
  • 18. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf API Gateways in a Nutshell • Bene fi ts • Encapsulates internal structure of application • Provides client-speci fi c APIs • B4Fs reduce the number of client-server round trips • Simpli fi es client code 18 • Drawbacks • Yet another highly available component that needs to be managed and deployed • Risk of becoming a DevOps bottleneck if managed centrally • Business logic in API gateway leads to accidental ESB
  • 19. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf Possible Criteria for a Comparison • Maturity: good and active community, little issues, frequent releases • License: open source or backed by commercial vendor • Supported Features: Tra ffi c Management, Deployment, Security, Translation, Transformation, QoS, Resiliency, Observability • DevOps Friendly: Easy setup and operability, supported platforms, CI/CD • Performance: Small overhead, high throughput, super scalable • Observability: good logging, monitoring, tracing capabilities + integration 19
  • 22. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf Four Categories of API Gateways A. API Management Solutions B. Build Your Own API Gateway C. Service Proxies D. Cloud Native API Gateways 22
  • 23. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf A. API Management Solutions 23 • Several full-blown API Management solutions: Kong, Tyk, Mulesoft, 3scale, Apigee, … • Makes sense in Enterprise use cases. Generally cost $$$. • Provide additional features such as payment, developer portals with API key management, integrations into enterprise infrastructure. • Usually, centrally deployed and operated for the whole platform and all the applications. • 80/20 rule applies, like with any other COTS product.
  • 24. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf B. Build Your Own API Gateway 24 • Several frameworks available: Net fl ix Zuul 2, Spring Cloud Gateway, Node, Vert.x, Ballerina, Java EE 8, Camel, Express Gateway, … • Provides a lot of fl exibility. • But: your team needs to develop, maintain and operate the gateway!
  • 25. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf C. Service Proxies 25 • Many choices: Apache, HA Proxy, Nginx, OpenResty, Trae fi k, Envoy, … • Lightweight and simple to use. • Provided features vary a lot between products.
  • 26. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf D. Cloud Native API Gateways 26 • Few choices: KrakenD, Ambassador, Gloo, Maesh • Usually build upon a service proxy such as Envoy and enhance it. • Provide tight integration with cloud native platform, like K8s.
  • 27. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf DEMOS 27 https://github.com/lreimer/hitchhikers-guide-api-gateways 
 https://github.com/lreimer/hands-on-krakend
  • 28. | JavaLand 2021 | A Hitchhiker's Guide to Cloud native API Gateways | @LeanderReimer #cloudnativenerd #qaware @JavaLandConf THE ANSWER TO LIFE, UNIVERSE, THE CLOUD, AND API GATEWAYS. 28 42.
  • 29. Visit the QAware booth betweem 10:00 - 13:00
  • 30. Mario-Leander Reimer Principal Software Architect, QAware GmbH mario-leander.reimer@qaware.de https://www.qaware.de https://speakerdeck.com/lreimer/ &