At Pismo, we use microgateways attached to our banking and payments platform APIs to enforce policies and business logic. Platform Engineer Leonardo Silva recently discussed our experience with this cloud-native microgateway architecture at the Cloud Conference Day and a MeetUp hosted by the Data on Kubernetes Community (DoK), where he interacted with Bart Farrell, from the Cloud Native Computing Foundation (CNCF).
“Our platform processes 4.8 million requests per hour, with an SLA of 99.99%. We have no place for errors,” says Leonardo. “Furthermore, our APIs must comply with a variety of security requirements. For instance, we must defend the platform against attacks by people who try to steal credit card data or manipulate bank accounts. We chose the microgateway architecture to deal with these challenges.”
A lightweight gateway
The basic idea behind this architecture is to attach a lightweight gateway to each API to manage its communications instead of using a single gateway for the whole Kubernetes cluster.
According to Leonardo, this solution has several advantages compared to others. It makes it easier to integrate security in all stages of development and operations, and it is customisable and flexible. Furthermore, it reinforces the scalability and the resilience of the platform.
“A monolithic gateway in a Kubernetes cluster has limited flexibility, and it has to perform many functions for the whole cluster. We can’t just add more and more functionalities to it since this would increase the number of bugs and create other problems. And, when several APIs have to talk to each other, the gateway may become overloaded. Using microgateways, we can distribute the functionalities and load between them,” Leonardo explains.
Dealing with complexity
On the other hand, a microgateway architecture adds complexity to the Kubernetes control plane. It requires careful planning of governance and policies. And, if it is not well implemented and managed, the platform team may become a bottleneck to the whole operation. So, this solution requires a skilled team that can cope with the increased complexity.
At Pismo, we combine Kong API gateways, Kubernetes and the Istio service mesh to increase our system’s resilience without losing security and compliance control. We also apply GitOps techniques to improve team performance in real-world projects.
You can watch Leonardo’s presentation on the Data on Kubernetes YouTube channel.