Debasree PandaDebasree Panda IMESH API Gateway

IMESH API Gateway Release Hydra 1.0

IMESH API Gateway Release Hydra 1.0

Kubernetes Gateway API was launched in November 2023 to standardize the network services in the Kubernetes ecosystem. The primary aim of the project was to overcome the limitations of Kubernetes ingress in three dimensions: traffic management functionality, resource standardization, and the ability to easily implement RBAC on resources. 

After the project was released, almost all the controllers conformed to the new standard, which provided standardized templates for network resources such as Gateways, Routes, etc.

The Gateway API project promoted Gateway, GatewayClass, and HTTPRoute APIs to GA at release time. Gradually, all other resources, such as network or security policies, will be made GA. This means that the code, annotations, and CRDs will remain the same irrespective of the controller you choose for Gateway API. 

RBAC of the Gateway API is planned for DevOps/Cloud engineers and Application developers. While DevOps can use Gateway resources to enable incoming traffic, Routes resources are meant for application developers to handle the traffic, apply various filtering and load balancing logic for their backend service, generate response code, etc. 

After discussing with multiple clients, we understood that seven pressing problems can hinder the widespread adoption of Gateway API:

  1. Managing one or multiple Gateway API controllers for different use-cases
  2. The learning curve for developers (especially Routes for HTTP, gRPC, etc.)
  3. Ease of implementing RBAC for multiple clusters
  4. Ease of implementing security and network policies
  5. Single point Observability 
  6. Integration with popular service mesh such as Istio
  7. Vendor lock-in with huge cost

To overcome the above problems, IMESH has launched a new product called IMESH API Gateway, which acts as an aggregator on top of the famous Gateway API controller. In the next section, we discuss all the cool features we have launched in our first release, Hydra- named after a constellation (our engineers are fascinated with astronomical constellations 🙂).

Features of IMESH API Gateway Hydra

In the Hydra release, we developed a few solutions to help DevOps and application developers adopt Gateway API for handling north-south traffic. IMESH API Gateway offers an intuitive UI for creating APIs by leveraging the Gateway and Route resources of popular Gateway API controllers. We are currently supporting Istio Ingress and Envoy Gateway controllers for Gateway API. 

Here are the list of features:

  1. API Configuration plane for Gateway
  2. API Configuration plane for Route
  3. Admin panel for Cluster Management 
  4. Native support for Gateway API Controllers- Istio Ingress and Envoy Gateway

We aim to enable small and medium teams to get started with creating APIs with the latest ingress or Gateway API specs without having to break their head or bank. 

Let us look at each feature in detail. 

API Configuration plane to manage Gateway resources

IMESH API Gateway offers API Configuration to create and manage APIs for your Kubernetes applications(refer Fig A). Since IMESH API Gateway is based on the top of Gateway API standards, the API Configuration provides two options- Gateway and Routes. 

API Configuration menu for creating and managing APIs

Fig A: API Configuration menu for creating and managing APIs

Enterprise-wide visibility of Gateway Resources

The Gateway of API Configuration provides the option to create an API gateway to receive external traffic in a specific port. The landing page will provide all the consolidated API gateways created in your enterprise multicluster environment. DevOps and cloud teams can be scattered across geography or projects; the Gateway dashboard provides a consolidated view of all the Gateways and their respective IP address, the namespace they are created in, the Gateway class, and more info at the fingertips. One can also quickly check the YAML configuration file of the Gateway resource without logging into multiple clusters. They can delete the Gateway resources from the IMESH application based on the requirements. 

Fig B: YAML viewer of Gateway resources

Create and manage API Gateways with ease

IMESH API Gateway allows DevOps to create, edit, and delete Gateway resources from the application itself. All they need to do is fill out a form, and the IMESH app will automatically create the YAML and store it in the Git repo. The idea here is that DevOps can stop worrying about the YAML configuration or practicing Infrastructure-as-a-code and instead spend just a few minutes setting up their Gateway. 

All you need to do is click Add New Gateway and complete the form. Gateway creation has two parts: General Info and Listener. First, the DevOps engineer must fill in the general info about Gateway resource creation, such as namespace, selecting Gateway class, etc. In the Listener section, you must fill in information about the traffic, such as IP protocol (HTTP, HTTPS, TCP, UDP, etc.), Port, and TLS mode. 

 Once you create a listener, you can save and deploy the Gateway resource. 

After you deploy, a Gateway resource will be created in the defined namespace, and a public IP will be made, which will be listed in the specified traffic protocol at the designated port. Note you can add multiple listeners to a single gateway; the idea here is to create one gateway for a project and numerous listeners for various applications. 

Supporting network protocols

For this Hydra 1.0 release, IMESH API Gateway supports HTTP, HTPPS, TCP, TLS, and UDP protocols. In the subsequent release, we are progressing toward supporting additional protocols, such as gRPC. 

API Configuration plane for creating and managing Routes easily 

Once you receive traffic at a specific port, you need to create Route resources to handle the traffic and send a response to the requestor. 

Like creating and managing Gateway resources from the UI, IMESH API Gateway provides the flexibility to develop Routes from the UI. This reduces the application developers’ load to learn YAML files; creating an advanced filtering option can be challenging and often derail them from the core work. 

DevOps and Cloud engineers can give application developers access only to Routes, not Gateways. In this way, an enterprise can achieve segregation of ownership based on Role. 

Creation and management of Route resources

Application developers can easily create a Route for their application in a few minutes. All they need to do is click Add New HTTPRoute and complete the form. The form has three sections: General Info (about the namespace, labels, annotations, etc.), Gateway linking (linking to a Listener of a Gateway), and HTTP Rules (conditions to filter traffic and send it to the backend service). 

Under the HTTP Rules, engineers need to fill in the following information about Condition (to filter traffic), Action (such as modifying request header, redirect to, URL rewrite, Request mirror), and Destination (backend service name, port, and traffic percentage). 

A new Route resource is created once the form is completed, saved, and deployed. IMESH API Gateway creates a YAML file and stores it for further reference. 

Admin panel for Cluster Management 

IMESH API Gateway offers an admin panel for Role, Cluster, and User Management. However, in this release, we have released Cluster Management, where the Admin or Infrastructure team onboards clusters to the IMESH Platform. Once they click Add Cluster, the platform will provide them with a set of commands to install an agent, which will be responsible for performing client-side operations from the IMESH platform perspective. Users will be onboarded only after a cluster is added, RBAC can be achieved, and new network resources can be created and managed. 

Native support for Gateway API Controllers- Istio Ingress and Envoy Gateway

As of this release, IMESH API Gateway provides native support for two Gateway API controllers: Istio Ingress and Envoy Gateway. Both are equally powerful and have their own USP, so they suit different user requirements. Based on your team’s requirements, you can install either (or both). IMESH offers the flexibility to choose the controllers in the Gateway form. 

Benefits IMESH API Gateway for DevOps and Cloud engineers

With IMESH API Gateway, enterprises in general will reap multiple benefits:

  1. Easily choose multiple Gateway API controllers without any problem
  2. Faster adoption of the new Gateway API standard for API creation and management
  3. Easy implementation of RBAC for Gateway and Route resources
  4. Save huge amount of developers’ time to create and manage Route resources for APIs with UI-based forms
  5. Enterprise-wide visibility of network resources such as Gateway and Routes in a single platform. 

Next Step

As a beta customer, you can use IMESH API Gateway for free. Follow this documentation to get started. We would love to hear your feedback.

107 views 0 comments
Next Article

Istio Ambient Mesh Performance Test and Benchmarking

Debasree Panda

Debasree Panda

Debasree is the CEO of IMESH. He understands customer pain points in cloud and microservice architecture. Previously, he led product marketing and market research teams at Digitate and OpsMx, where he had created a multi-million dollar sales pipeline. He has helped open-source solution providers- Tetrate, OtterTune, and Devtron- design GTM from scratch and achieve product-led growth. He firmly believes serendipity happens to diligent and righteous people.
More

Leave a Reply

Â