VMware Spring Cloud Gateway for Kubernetes is the high-performance API gateway that developers love, and with version 2.0, there are a number of new configuration options and improvements. High-availability configuration options across multiple API gateway instances and availability zones have been extended to support Redis for session state management including single sign-on (SSO) authorization, rate limiting, and client sessions. There are a number of additional improvements to take advantage of with this release, including the configuration for Zipkin as an approach to capture tracing data.
All of this is built on top of Spring Boot 3 and Spring Cloud 2022.x open source libraries based on the Spring Framework you trust!
And last but not least, Spring Cloud Gateway for Kubernetes 2.0 will be included as a component in VMware Tanzu Application Platform 1.5!
Now let's take a deeper look at what version 2.0 has to offer.
Redis as high-availability option
Redis has become a popular data service for managing a shared cache between applications. Spring Cloud Gateway now has the optional configuration support to use Redis for managing shared state between API gateway instances. This shared state includes SSO authentication, rate limit counts, and active client sessions.
High-level architecture with API gateway instances and applications exposing their API routes duplicated across availability zones sharing Redis for SSO and rate limiting state.
New tracing with Zipkin
Zipkin is now supported and you can configure an API gateway to emit tracing data to Zipkin in the
observability section of the
apiVersion: "tanzu.vmware.com/v1" kind: SpringCloudGateway metadata: name: test-gateway-tracing spec: observability: tracing: zipkin: enabled: true url: "http://zipkin.default.svc.cluster.local:9411/api/v2/spans" …
You can also configure the propagation method, either
w3c, along with sample percentage. Please see our Zipkin configuration documentation for more information.
Active upstream health checks
An API gateway instance can now be configured to conduct active upstream health checks to verify that your upstream application’s exposed API routes are available to respond to requests. Active upstream application health checks can be configured by enabling them on your API gateway instance.
apiVersion: "tanzu.vmware.com/v1" kind: SpringCloudGateway metadata: name: my-gateway spec: healthCheck: enabled: true …
By default, the API gateway will check the
/actuator/health endpoint on your application service. You can override the health check path in your upstream application to a specific endpoint other than the default path. And you may also turn off active health checks for particular application services.
Proof Key for Code Exchange (PKCE) is now supported as an option when setting up SSO credentials. By adding
pkce-enabled=true as an additional property into your OpenID Connect SSO secret configuration, your API gateway will now automatically handle the PKCE flow.
CORS per API route improvements
Cross-Origin Resource Sharing (CORS) has been configurable for all API routes exposed on your API gateway since 1.0. In Spring Cloud Gateway 2.0, you are now able to configure CORS on a per API route basis using
apiVersion: "tanzu.vmware.com/v1" kind: SpringCloudGatewayRouteConfig metadata: name: my-gateway-routes spec: routes: - uri: https://httpbin.org predicates: - Path=/get/** metadata: cors: allowedOrigins: https://example.com allowedMethods: [GET, POST, DELETE] …
Configurable CORS properties include:
Try Spring Cloud Gateway today!
So where can you use Spring Cloud Gateway?
Also, the following Kubernetes environments are supported:
- VMware Tanzu Kubernetes Grid
- Microsoft Azure Spring Apps Enterprise Tier
- Google Kubernetes Engine
- Amazon Elastic Kubernetes Service
- Kubernetes versions 1.23+
Now, take the next step and find out how you can get started:
- Check out the Spring Cloud Gateway commercial product page
- Read the product documentation
- Download the bits
- Try out with Acme Fitness or Animal Rescue sample applications
- Video with RedMonk: What is a distributed API gateway?
This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.
About the AuthorFollow on Twitter Follow on Linkedin More Content by Chris Sterling