Modern Application Development

Overcome challenges in modern application development with pre-packaged enterprise components from Tanzu geared towards distributed architectures.

ServiceRegistryAPIGatewayConfigServerMicroservicesMicroservicesMicroservicesDistributedTracingLogging, Monitoring,Dashboards, etc.Storage, Databases, Messaging, Caches,Security, etc.loTMobileB2BBrowser

API Gateway

Challenge

As micro-services proliferate, they tend to expose APIs for integration across applications and domains. Over time, these APIs may be based on an ever-changing landscape of:

  • Competing API specifications such as JSON, REST, GraphQL, XML web services and beyond
  • Different security approaches such as LDAP, SAML, OAuth, OpenID Connect, etc...
  • Governance policies based on OWASP, FIPS, PCI-DSS, and more

API consumers must deal with these cross-cutting concerns and standards differences. An API Gateway can provide a more consistent consumer experience and apply security and governance changes over time without updating all applications that expose their valuable APIs.

Solution

Spring Cloud Gateway is an OSS library that provides support for building an API Gateway on top of Spring WebFlux, thus taking advantage of its high performance non-blocking I/O reactive underpinnings. Spring Cloud Gateway aims to provide a simple, yet effective way to route to APIs and provide cross cutting concerns to them such as: security, monitoring/metrics, and resiliency.

API Gateway on Tanzu Platform packages an enterprise-ready implementation of Spring Cloud Gateway as a Tanzu Platform enabled managed service. The API Gateway integrates with the underlying platform to ensure applications do not expose their APIs directly to external consumers and handles secure routing on an internal domain. The API Gateway service includes additional filters, predicates and actuator content that tackle enterprise API Gateway needs such as:

  • Single Sign-On integration with OpenID Connect identity providers
  • Dynamic application route configuration to allow continuous integration and delivery pipeline API route updates
  • High availability configuration to set the number of Gateway instances to handle all of your traffic throughput needs
  • Gateway service instance dashboard to view health and configuration details
  • Rate limiting configuration including partitioning by HTTP header, JWT claim or IP address
  • GraphQL filters to manage operations and authorization
  • Additional authentication and authorization filters for Role-based Access Control (RBAC), Scopes and redirecting to custom login
  • Additional traffic control filters including client certificate validation and request route management
  • Additional transformation filters such as JSON to XML and vise versa, extracting JWT claim into header value and JSON body manipulation

In addition to powerful runtime integrations with Tanzu Platform and enhanced enterprise-ready capabilities on top of Spring Cloud Gateway, there is extensive support for use of OpenAPI. Applications can expose their API routes by providing an OpenAPI specification and apply filters and predicates dynamically to individual or all routes. As in many micro-services architectures that leverage an API Gateway, API Gateway on Tanzu PLatform also provides API aggregation so that API consumers only see a single OpenAPI generated specification even though there may be multiple applications providing API routes behind it.

Standalone Gateway is available as a JAR file that can be executed in pre-production environments for development and testing purposes. Although it does not come with any operational integrations for managing the standalone API gateway with high availability or at scale, this JAR can be used to verify API route configurations and behavior before deploying to production. Coupled with Local Authorization Server in pre-production environments, you can verify Single Sign-On (SSO), Role-based Access Control (RBAC), Rate Limiting and many other API route configuration options. The Standalone Gateway jar is available in Spring Enterprise Subscription artifact repository.

Centralized Configuration

Challenge

In a micro-services architecture, managing properties for applications across multiple environments can prove to be challenging. Keeping track of variations, versions and environment specific properties necessitates a configuration management process that eases this burden. Having a central place to manage properties for all applications across all environments is crucial to meet these requirements.

Solution

Spring Cloud Config is an OSS library that provides support for externalized configuration in a distributed system. It includes support for a number of backends, including Git, HashiCorp Vault, and CredHub.

Application Services on Tanzu Platform packages an enterprise-ready implementation of Spring Cloud Config’s server-side components as a Tanzu Platform enabled managed service. The Application Configuration service integrates with the underlying platform to generate secure communication between client applications that are bound to a service instance. Its architecture is designed to minimize calls from the service to external Git servers for the Git backend and to give operators greater control over the data fetched. Each of the Application Services services has a corresponding Spring Boot starter. Similar to a Spring Cloud OSS project, a Spring Cloud Services starter bundles the dependencies used by a client app to consume the service, thus keeping the same programming model when working with the VMware Tanzu components.

Standalone Config Server can be used in pre-production environments to validate runtime configuration of applications coming from Git and HashiCorp Vault backends. Standalone Config Server is available in Spring Enterprise Subscription artifact repository.

Service Discovery

Challenge

A modern cloud-native application typically runs in a virtualized or containerized environment where the number of instances of an application service and each instance’s location changes dynamically. This can also be scaled across multiple availability zones to achieve higher availability of those services. How do clients of these services discover the location of a service instance in this type of dynamic environment?

Solution

Spring Cloud Netflix is an OSS library that provides Netflix Eureka integration for Spring Boot apps through auto-configuration and binding to the Spring Environment and other Spring programming model idioms. With a few simple annotations, you can quickly enable and configure the service discovery pattern for your distributed applications with battle-tested Netflix components.

Solution Solution

Application Services on Tanzu Platform packages the enterprise-ready implementation of Spring Cloud Netflix Eureka as a Tanzu Platform enabled managed service named Service Registry. The Service Registry integrates with the underlying platform to generate secure communication between client applications that are bound to a service instance. This service can also be scaled across multiple instances to share service locations across availability zones using peer replication. There is an Spring Cloud Services starter for Eureka which bundles the dependencies used by a client app to consume the service.

Standalone Service Registry can be used in pre-production environments to validate service registration and client connectivity to those services including zone aware load balancing. Standalone Service Registry is available in Spring Enterprise Subscription artifact repository.