Announcing Spring Cloud Gateway for Kubernetes 2.0

March 30, 2023 Chris Sterling

VMware Spring Cloud Gateway for Kubernetes is the high-performance API gateway that developers love, and with version 2.0, there are a number of new configuration options and improvements. High-availability configuration options across multiple API gateway instances and availability zones have been extended to support Redis for session state management including single sign-on (SSO) authorization, rate limiting, and client sessions. There are a number of additional improvements to take advantage of with this release, including the configuration for Zipkin as an approach to capture tracing data.

All of this is built on top of Spring Boot 3 and Spring Cloud 2022.x open source libraries based on the Spring Framework you trust!

And last but not least, Spring Cloud Gateway for Kubernetes 2.0 will be included as a component in VMware Tanzu Application Platform 1.5!

Now let's take a deeper look at what version 2.0 has to offer.

Redis as high-availability option

Redis has become a popular data service for managing a shared cache between applications. Spring Cloud Gateway now has the optional configuration support to use Redis for managing shared state between API gateway instances. This shared state includes SSO authentication, rate limit counts, and active client sessions.

High-level architecture with API gateway instances and applications exposing their API routes duplicated across availability zones sharing Redis for SSO and rate limiting state.

New tracing with Zipkin

Zipkin is now supported and you can configure an API gateway to emit tracing data to Zipkin in the observability section of the SpringCloudGateway resource.

apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGateway
metadata:
  name: test-gateway-tracing
spec:
  observability:
    tracing:
      zipkin:
        enabled: true
        url: "http://zipkin.default.svc.cluster.local:9411/api/v2/spans"
…

You can also configure the propagation method, either b3 or w3c, along with sample percentage. Please see our Zipkin configuration documentation for more information.

Active upstream health checks

An API gateway instance can now be configured to conduct active upstream health checks to verify that your upstream application’s exposed API routes are available to respond to requests. Active upstream application health checks can be configured by enabling them on your API gateway instance.

apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGateway
metadata:
  name: my-gateway
spec:
  healthCheck:
    enabled: true
…

By default, the API gateway will check the /actuator/health endpoint on your application service. You can override the health check path in your upstream application to a specific endpoint other than the default path. And you may also turn off active health checks for particular application services.

PKCE support

Proof Key for Code Exchange (PKCE) is now supported as an option when setting up SSO credentials. By adding pkce-enabled=true as an additional property into your OpenID Connect SSO secret configuration, your API gateway will now automatically handle the PKCE flow.

CORS per API route improvements

Cross-Origin Resource Sharing (CORS) has been configurable for all API routes exposed on your API gateway since 1.0. In Spring Cloud Gateway 2.0, you are now able to configure CORS on a per API route basis using metadata:

apiVersion: "tanzu.vmware.com/v1"
kind: SpringCloudGatewayRouteConfig
metadata:
  name: my-gateway-routes
spec:
  routes:
    - uri: https://httpbin.org
      predicates:
        - Path=/get/**
      metadata:
        cors:
          allowedOrigins: https://example.com
          allowedMethods: [GET, POST, DELETE]
…

Configurable CORS properties include:

  • allowedOrigins
  • allowedOriginPatterns
  • allowedMethods
  • allowedHeaders
  • maxAge
  • allowCredentials
  • exposedHeaders

Try Spring Cloud Gateway today!

So where can you use Spring Cloud Gateway?

Also, the following Kubernetes environments are supported:

Now, take the next step and find out how you can get started:

This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.

About the Author

Chris Sterling

Chris Sterling is Product Line Manager focused on API management at VMware. He has held multiple high-level roles in his 25+ years in the software industry. Chris published the book Managing Software Debt: Building for Inevitable Change with Addison-Wesley in 2010 to provide a framework for teams and organizations to assess and manage debt in their software systems. Chris has successfully supported organizational transformation across multiple verticals with organizations of 10 up to 800 people. After a successful entrepreneurial endeavor as co-founder of Agile Advantage, Chris has brought his diverse experience and deep passion for technology when presenting on topics such as Continuous Delivery, Cloud Native architecture, DevOps, Lean, and Agile to the products he helps bring to market.

Follow on Twitter Follow on Linkedin More Content by Chris Sterling
Previous
Get More Flexible Kubernetes Security with Policy Improvements in VMware Tanzu Mission Control
Get More Flexible Kubernetes Security with Policy Improvements in VMware Tanzu Mission Control

Tanzu Mission Control, a hub for multi-cluster Kubernetes management, now has expanded policy features to i...

Next
5 Ways to Cure Your Tech Debt Crisis
5 Ways to Cure Your Tech Debt Crisis

Much like financial debt, technical debt limits what you can do. Here’s how organizations can pay down thei...