Kong tightens links between API gateway, service mesh – TechTarget

Getty Images/iStockphoto
Kong Inc.’s API gateway now supports Istio service mesh and WebAssembly extensions that match with the Envoy proxy as traditional and cloud-native networking tools converge.
Kong began as an API gateway vendor in 2017. API gateways facilitate requests and delivery of data and services through REST-based APIs, a construct that arose in the early days of cloud computing to manage communications between web apps.
Over the last five years, service meshes also arose within cloud infrastructures. Service mesh is a network management pattern in which a centralized control plane directs a data plane made up of distributed software components called proxies. Google’s Istio is among the most prominent open source service mesh projects. Kong also created the Kuma service mesh to compete with Istio in 2019, donated it to the Cloud Native Computing Foundation (CNCF), and began to offer a supported version with Kong Mesh.
Since then, the layers of cloud-native infrastructure that support container-based microservices apps have begun to converge, with increased integration between network management layers such as API gateways, load balancers and service meshes. This year, for example, VMware added load-balancer integration to its Tanzu service mesh, and Solo.io integrated its Gloo Edge API gateway with Istio.
Kong had previously included its API gateway, which can also be used as a Kubernetes ingress controller, with Kuma and Kong Mesh, but hadn’t offered the same integration for Istio until this week. The new support for Istio means IT pros can manage APIs both inside and outside the Istio service mesh in the same place.  
“Istio has a load balancer that allows a user to expose a service or an API,” said Marco Palladino, CTO and co-founder at Kong. “But that doesn’t give [users] any governance on … controlling [API] traffic, managing the users, the consumers, [data] transformations and so on.”
Staff engineers at Checkr Inc., an online background check company in San Francisco, had been working on linking Kong Gateway and Istio themselves to provide simplified network management to internal app developers, but this week’s update spared them that effort.
“Service mesh is generally useful for internal service-to-service communication, where you need to establish security and other system-level performance controls for development teams, and in a perfect world, the whole thing is going to be completely transparent [to developers],” said Ivan Rylach, senior staff software engineer at Checkr. “But at the same time, they need to be able to route certain subsets of requests between services, and working within the API gateway makes that a little bit easier.”
Managing the API gateway and service mesh will also enhance security defense in depth, since API servers are split into many distributed instances within the Istio service mesh, each of which can independently verify that requests they receive actually traversed the API gateway, rather than coming from a malicious host, Rylach said.
WebAssembly (Wasm), a standard for adding executable code modules to web apps, has made news within the Istio community because it allows developers to customize the Envoy proxy — and through it, Istio service mesh functions. Wasm enables customizations to be created using familiar programming languages, and without having to maintain a separate version of the sidecar. Istio began to add support for Envoy extensions using Wasm last year in version 1.9.
The Kong API gateway also added Wasm support this week, in another move that brings it into closer alignment with service mesh. Both Istio and Kuma use Envoy, and Kong Gateway Wasm support means broader portability for customers’ Wasm modules. This portability will mean they can customize network functions beyond service mesh using the same filters, routes and data transformations, Palladino said.
“Now we support this entire WebAssembly ecosystem on top of the native plug-in ecosystem that we already support,” he said. “[Users] can potentially run the same filter on the gateway layer as well [as the service mesh] so they build it once and run it in both places.”
Istio and its closest rival, Linkerd, still claim the most awareness and adoption among enterprises, but open source Kuma has also begun to accrue a following over the last year, Palladino said. Kuma now has about 1,000 user organizations, including American Airlines, which presented at this week’s virtual Kong Summit conference.
“Most other service mesh providers needed to add additional components for all the functionality that Kuma offered,” said Karl Haworth, developer experience product technical lead and principal engineer at American Airlines, in a Kong Summit presentation. “Kuma automatically syncs our certificates daily with mTLS [mutual TLS so] we don’t have to worry about that. Tracing is automatically included along with … traffic policies, [as well as] being able to span multiple regions and multiple cloud providers.”
Kong Inc. has 400 paying enterprise customers, but the vast majority of those are still using Kong Gateway; Palladino estimated Kong Mesh has between 50 to 60 enterprise customers. Kong Mesh requires a Kong Enterprise license, the price tag for which Kong does not publicly disclose, but it was enough to send Checkr’s Rylach toward using Istio instead.
“We wanted to use [HashiCorp’s] Vault as a root [certificate authority] and to have mTLS between control plane nodes, which are supported only with Kong Mesh,” he said. “We worked with the Kong account management and sales team to understand the cost of Kong Enterprise, and the price tag was too high for us.”
Other API gateway users at Summit said they’d consider Kong Mesh, however, in part because of the appeal of its integration with Kong Gateway.
“We are evaluating [Kong Mesh and App Mesh] at the moment and plan to adopt one in the next few months,” said Patrick Farry, senior director of systems design and architecture at San Diego-based video telematics company Lytx, during an online Q&A session at Kong Summit. “[Kuma] is a second-generation product and may not have the baggage that Istio has in terms of complex configuration and management.”
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.
Backlog grooming is essential for smooth Agile software development. Here’s what it takes to get user stories straight and …
Chaos engineering tool options include the original (Chaos Monkey), open source projects like Chaos Toolkit and Chaos Mesh and …
Docker Desktop is now part of all Docker subscriptions, including a new Business tier with added security, but enterprise users …
Despite the benefits, microservices will introduce profound security issues. We review the biggest microservices security …
It has become increasingly important for software architects to understand the mechanics behind remote procedure call (RPC), …
While they’re both central to inter-application communication processes, it’s important to understand the fundamental differences…
It’s expensive — sometimes shockingly expensive — to move data out of the cloud. Consider these factors to avoid costly data …
The EC2 Instance Connect feature enables users to securely connect instances, but there are certain pitfalls to avoid. Here are …
While it’s inevitable that certain cloud-hosted applications will share resources, the vulnerabilities these connections expose …
Think you’re ready for the AWS Certified Solutions Architect certification exam? Test your knowledge with these 12 questions, and…
Amazon said its van monitoring system is designed solely for driver safety. But many industry experts have concerns regarding the…
Amazon would like to strengthen its global footprint, but the e-commerce giant faces roadblocks and challenges today that did not…
Here’s why Java is still the most popular programming language for everything from mobile development to enterprise and …
Are you prepared for a cloud-native migration? This quiz contrasts the microservice vs. monolithic approaches to software …
Do you need to loop through a collection of objects and need to decide between a Java Iterator or an Enumeration? Here’s why you …
Use the diff command in Linux to discover subtle differences between code files. Then, use the patch command to update those code…
To design a green, sustainable data center, consider methods to improve energy conservation and efficiency. Then, look into green…
Rather than deciding between cloud or colocation, consider using both cloud and colocation. Colocation can support a hybrid cloud…
There are multiple factors in choosing the right security software for VMs and virtual infrastructure. Get familiar with …
This year’s annual VMware user conference has more than 1,200 sessions to dive into. Start to plan your schedule with some of our…
Virtual storage offerings are not one size fits all. Factors in virtualized storage software selection include storage type, …
All Rights Reserved, Copyright 2016 – 2021, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source