Announcing Spring Cloud Gateway for Kubernetes 2.0

March 30, 2023 Chris Sterling

VMware Spring Cloud Gateway for Kubernetes is the high-performance API gateway that developers love, and with version 2.0, there are a number of new configuration options and improvements. High-availability configuration options across multiple API gateway instances and availability zones have been extended to support Redis for session state management including single sign-on (SSO) authorization, rate limiting, and client sessions. There are a number of additional improvements to take advantage of with this release, including the configuration for Zipkin as an approach to capture tracing data.

All of this is built on top of Spring Boot 3 and Spring Cloud 2022.x open source libraries based on the Spring Framework you trust!

And last but not least, Spring Cloud Gateway for Kubernetes 2.0 will be included as a component in VMware Tanzu Application Platform 1.5!

Now let's take a deeper look at what version 2.0 has to offer.

Redis as high-availability option

Redis has become a popular data service for managing a shared cache between applications. Spring Cloud Gateway now has the optional configuration support to use Redis for managing shared state between API gateway instances. This shared state includes SSO authentication, rate limit counts, and active client sessions.

High-level architecture with API gateway instances and applications exposing their API routes duplicated across availability zones sharing Redis for SSO and rate limiting state.

New tracing with Zipkin

Zipkin is now supported and you can configure an API gateway to emit tracing data to Zipkin in the observability section of the SpringCloudGateway resource.

apiVersion: ""
kind: SpringCloudGateway
  name: test-gateway-tracing
        enabled: true
        url: "http://zipkin.default.svc.cluster.local:9411/api/v2/spans"

You can also configure the propagation method, either b3 or w3c, along with sample percentage. Please see our Zipkin configuration documentation for more information.

Active upstream health checks

An API gateway instance can now be configured to conduct active upstream health checks to verify that your upstream application’s exposed API routes are available to respond to requests. Active upstream application health checks can be configured by enabling them on your API gateway instance.

apiVersion: ""
kind: SpringCloudGateway
  name: my-gateway
    enabled: true

By default, the API gateway will check the /actuator/health endpoint on your application service. You can override the health check path in your upstream application to a specific endpoint other than the default path. And you may also turn off active health checks for particular application services.

PKCE support

Proof Key for Code Exchange (PKCE) is now supported as an option when setting up SSO credentials. By adding pkce-enabled=true as an additional property into your OpenID Connect SSO secret configuration, your API gateway will now automatically handle the PKCE flow.

CORS per API route improvements

Cross-Origin Resource Sharing (CORS) has been configurable for all API routes exposed on your API gateway since 1.0. In Spring Cloud Gateway 2.0, you are now able to configure CORS on a per API route basis using metadata:

apiVersion: ""
kind: SpringCloudGatewayRouteConfig
  name: my-gateway-routes
    - uri:
        - Path=/get/**
          allowedMethods: [GET, POST, DELETE]

Configurable CORS properties include:

  • allowedOrigins
  • allowedOriginPatterns
  • allowedMethods
  • allowedHeaders
  • maxAge
  • allowCredentials
  • exposedHeaders

Try Spring Cloud Gateway today!

So where can you use Spring Cloud Gateway?

Also, the following Kubernetes environments are supported:

Now, take the next step and find out how you can get started:

This article may contain hyperlinks to non-VMware websites that are created and maintained by third parties who are solely responsible for the content on such websites.

About the Author

Chris Sterling

Chris Sterling is Product Line Manager focused on API management at VMware. He has held multiple high-level roles in his 25+ years in the software industry. Chris published the book Managing Software Debt: Building for Inevitable Change with Addison-Wesley in 2010 to provide a framework for teams and organizations to assess and manage debt in their software systems. Chris has successfully supported organizational transformation across multiple verticals with organizations of 10 up to 800 people. After a successful entrepreneurial endeavor as co-founder of Agile Advantage, Chris has brought his diverse experience and deep passion for technology when presenting on topics such as Continuous Delivery, Cloud Native architecture, DevOps, Lean, and Agile to the products he helps bring to market.

Follow on Twitter Follow on Linkedin More Content by Chris Sterling
GitOps versus RegistryOps
GitOps versus RegistryOps

GitOps versus RegistryOps Regardless of the supply chain that a workload goes through, in the end, some Kub...

Next Video
⚡️ Enlightning - What Is Carvel kapp-controller?
⚡️ Enlightning - What Is Carvel kapp-controller?

kapp-controller is a part of the Carvel toolset. kapp-controller is a Kubernetes operator, which helps you ...