Exploring The Role of Cloud-Native in APIs Posted in Platforms Bill Doerrfeld December 21, 2023 Lately, the software development world has seen a surge of interest around cloud-native technologies. Cloud-native architecture is purpose-built for the elasticity and scalability of the cloud and is becoming a standard layer within greenfield enterprise software development. A 2022 study from the Cloud-Native Computing Foundation (CNCF), for instance, found there were over seven million cloud-native developers — that’s more than the population of Denmark. At the same time, API-first strategies are already widespread throughout many organizations. These APIs not only serve external consumers but also help connect internal microservices and enable partner integrations. And API reliance is set to expand — a 2023 report from Postman found that 92% of respondents plan to keep or increase their investment into APIs within the next year. Since they are both so pervasive, we’re seeing convergence between cloud-native platforms and APIs, especially as API management requirements evolve to work more closely with platforms like Kubernetes and new DevOps workflows. Below, we’ll explore the role of cloud-native technology in APIs. We’ll examine how the modern API management landscape is changing and consider the optimal architectures for supporting more Kubernetes-native API management. To put this article together, I spoke with a handful of experts working for API management solutions, primarily while attending KubeCon + CloudNativeCon 2023. How Cloud-Native Is Evolving API Management In recent years, we’ve seen API management converge more with the Kubernetes ecosystem. For example, a handful of API management platforms support custom resource definitions (CRDs) that hook directly into Kubernetes, enabling API management solutions to work more seamlessly with modern DevOps practices. For example, Kong provides an ingress controller that is programmable by native CRDs. APIs are becoming more numerous, and can experience sudden traffic peaks that push things to the test. Therefore, there are interesting parallels between the needs of APIs and the capabilities today’s cloud-native platforms. So, how can cloud-native technologies, such as containers, Kubernetes, OpenTelemetry, Envoy, or service mesh, be used to support API initiatives? “Cloud-native drags APIs along with it,” said Erwan Paccard, Head of Product at Traefik Labs. For some time, the industry’s default choice has been using NGINX as a controller, but it’s older and not as dynamic, he said. Furthermore, much API management was inherited from the age of software-oriented architecture (SOA), with systems not fine-tuned to modern ephemeral microservices. As such, he sees the market evolving away from traditional API lifecycle management toward a more modular, best-of-breed Kubernetes-native approach. Also read: 9 Kubernetes-Native API Management Tools Benefits of Utilizing Cloud-Native For API Management API management is becoming increasingly cloud-native, bringing various benefits. According to Idit Levine, Founder & CEO of Solo.io, it’s all about ease of use and responding to the dynamic needs of new technologies. Cloud-native components enable better scalability and provide a more future-proofed stack, she said. Other benefits have to do with data operations, change management, and incident management, added Paccard. Essentially, the same benefits we get from cloud-native tools for applications and GitOps, we can receive for APIs, he said. Relying on cloud-native technology like Envoy helps implementations fit more into the CNCF landscape, added Levine. For example, Envoy Proxy is easier to combine with the ephemeral, containerized nature of today’s microservices architectures. And to save state, Levine recommends using a custom resource definition (CRD) to put the configuration in Kubernetes. According to Dave Sudia, Director of Developer Relations at Ambassador Labs, cloud-native technology was an obvious choice when, at his previous company, they were tasked with breaking apart the monolith into microservices and simultaneously migrating an API. “The key thing is enablement and speed,” he said, describing how cloud-native enables a GitOps way of operating. Similarly, a benefit of using Kubernetes ingress objects is that you can map roles to resources anywhere in the cluster, he said. There’s also potential in using CNCF tools to enable more productization capabilities, says Sudia. For instance, an abstracted service could query OpenTelemetry data to inform API observability. Of course, while you could build your own API gateway and management features using open-source cloud-native components, it does take effort to support, he adds. “Cloud native is a force multiplier that requires someone to go up a very steep ramp,” he said. Related: Why OpenTelemetry Is the Next Big Thing in API Monitoring Is Service Mesh For API Management Worth It? Service mesh is typically associated with securing internal traffic. Yet, there has been some chatter around extending service mesh with business logic to to expose APIs externally. However, not all commentators are confident in using service mesh and Envoy for API management. “When you only have a hammer, everything looks like a nail,” said Budhaditya Bhattacharya, Developer Advocate at Tyk. Services meshes like Istio, which uses Envoy Proxy, are more appropriate for east-west service-to-service connectivity, security, and reliability, he said. There are many cases where API management makes more sense than service mesh, added Ahmet Soormally, Head of R&D at Tyk, especially for externalization. For instance, the enterprise world has varying API styles, from SOAP to REST services, SOAP, GraphQL, gRPC, and more. API management platforms can take these disparate styles and provide one nice clean API to give the outside world. “It’s a people and culture problem as well as a technical problem, and I don’t think that Istio can solve that,” he said. “Not everything is in a cloud-native environment at this point,” said Bhattacharya. “It’s really not the reality.” Therefore, API developers, especially those working in large companies, will need the flexibility to seamlessly work with cloud-native and non-cloud-native components. “Not every problem has a Kubernetes solution,” he said. Furthermore, although there have been efforts to extend Envoy Proxy with WebAssembly plugins, these ambitions have been stunted by the high-performance overhead of using Wasm for this particular use case. Due to the performance degradation with Wasm, they’ve sort of stopped pushing for it, added Levine. Another potential hindrance concerning service mesh is the lack of support for Service Mesh Interface (SMI), a CNCF project that aimed to create a specification to cover the most common service mesh capabilities. According to John Harris, Principal Product Manager at Kong, SMI never really caught on, and it didn’t have the extension points the community needed. Intersections Between API Management, Cloud-Native, And Backstage In addition to supporting API strategies, API management tools could also help connect increasingly complicated and disparate multi-cloud architectures. “API management or gateways could be the glue that connects these different cloud-native tools,” said Bhattacharya. API managers should be agnostic and able to work across solutions, he added. In a cloud-native environment, you may have thousands of services communicating with one another through APIs, added Soormally. In this scenario, API management solutions could help cloud-native technologies scale and open up features like observability in a more seamless manner, he said. There is also the need to catalog a growing internal API portfolio. “There will always be a place for GUI-based API management tools because there are people that think that way and have different working styles,” added Sudia. These management platforms may be using Kubernetes behind the scenes, but most people will be using abstractions built on top in the form of usable interfaces with quality developer experiences that standardize common workflows. On that note, the platform engineering world has begun consolidating around graphical interfaces in the form of internal developer platforms (IDPs). For example, Backstage, the popular IDP open-sourced by Spotify, could potentially one day encompass API inventorizing. 3Scale, in fact, already has built an integration to synchronize high-level API details with the Backstage software catalog. Levine is also confident about Backstage, calling it “the UI interface for the platform team,” and Solo.io has already integrated it into their product. Responses To Kubernetes Gateway API GA In late 2023, the Kubernetes Gateway API reached its general availability (GA). Gateway API (not to be confused with API gateways), specifies a way to describe service networking in Kubernetes, such as HTTP routing into clusters, bringing interesting standardization and portability potential across vendor gateways. Now, it’s on these gateways and API managers to add value on top of Gateway API, said Levine, whose company now supports it. With Gateway API, you can “get rid of sprawl and use a common API for gateways,” explained Sudia. Yet, while Gateway API provides a standard all gateway implementers can use, API management is more than just basic traffic ingress. It involves many cross-cutting concerns that can’t easily be described in a common way across vendors, added Soormally. The general availability of the Gateway API doesn’t affect too many things for API gateway providers, said Paccard. Most solution providers have created extensions for Kubernetes, and this is just a way to standardize an ingress configuration for these extensions, he explained. Bringing cloud-native GitOps to API management means that developers can configure things in a Kubernetes-native way using the tools they are familiar with, said Harris. They should be able to create ingress resources, and routes to their own cluster, he said, and Gateway API is a helpful initiative to standardize ongoing efforts. Final Thoughts There are interesting parallels between APIs and cloud-native development, and the future will likely see them converge even further. Gartner predicts that by 2025, 85% of organizations will be cloud-first. What do you think? Are you managing your APIs using cloud-native capabilities? Feel free to let us know in the comments below.