Hot Topics
Cloud-Native Development Features Microservices Topics 

OpenAPI: The Key to Cloud-Native Success?

, , ,
by Bill Doerrfeld

Web APIs are the glue between modern connected software, enabling applications to expose data and functionality to the outside world. They’ve become common within B2B partner models and even public monetization strategies. But APIs are also important as they are how we programmatically interact with internal microservices and orchestrate a scalable backend infrastructure. REST APIs are also relatively defined and standardized, with the industry having conformed around the OpenAPI specification.

Simultaneously, cloud-native technologies have been gathering steam, with the industry rallying behind Kubernetes as a standard deployment platform for scaling container-based ecosystems. Gartner estimates that by 2025, 95% of applications workloads will run on cloud-native platforms. Since API management tools and gateways require high scalability needs, running them on Kubernetes seems like a natural evolution. As such, many API management vendors have jumped onto the Kubernetes bandwagon.

I recently connected with Dan Ciruli, vice president of product management at D2iQ, to learn where there may be intersections between APIs and Kubernetes. Ciruli, who was one of the founding members of the OpenAPI Initiative during his time at Google, recently authored an intriguing post on why marrying OpenAPI and Kubernetes could be a helpful way to reduce bottlenecks and improve scalability.

“Kubernetes and the OpenAPI Specification are playing a big role in enabling software to eat the world,” says Ciruli. Below, we’ll consider the role OpenAPI might play in Kubernetes and see how API management is evolving with the latest cloud-native trends.

Kubernetes: A Scalability Layer for APIs

So, what are the benefits of marrying OpenAPI and Kubernetes? Well, according to Ciruli, there’s an interesting symbiosis between modern API management infrastructure and the move to Kubernetes. “Kubernetes is becoming the standard scalability layer for new software, which includes API management software, of course,” says Ciruli.

To put things in perspective, Google oversees some of the most highly-trafficked APIs on the planet. Ciruli describes how when he was at Google, they were running their API management infrastructure on top of Borg, the precursor to Kubernetes. This strategy was necessary to deal with the massive increase in demand, which increased to a million separate projects calling certain APIs during his tenure. In some scenarios, API requests escalated to one million requests per second, with specific clients alone hitting one million requests per second.

“Scability grew in every dimension,” he says. And at this magnitude, it’s easy to run into scalability problems. And, just as your APIs increase in usage, your API management layer must also scale in parallel.

Kubernetes-Native API Management

Not every organization will experience the same growth as Google, of course. But scalability concerns look more realistic with the exponential growth of APIs forecasted. So, what might the next generation of scalable API management look like? And will API management continue to be decoupled from the infrastructure organizations utilize for their internal microservices architecture?

Well, the first generation of API management tools was focused on managing a disparate set of APIs, explains Ciruli. The challenge is now determining the cloud-native way to manage those APIs. Although the API management layer typically sits adjacent to the organization’s own software infrastructure, they both could technically adopt the same set of cloud-native tooling.

Open source tools to manage modern RESTful APIs can be run within Kubernetes. For example, some have suggested inserting business logic into the Envoy filter chain, a proxy common to popular service meshes like Istio. Such a gateway is perfectly capable of handling the needs of north-south traffic, like validating an OAuth token or API key. Already a couple of tools listed in OpenAPI.tools are described as Kubernetes-native. One such is Kusk, a Kubernetes API gateway powered by Envoy with OpenAPI support.

Solution providers have also suggested various strategies for managing APIs on Kubernetes, such as using Operators to extend a cluster’s behavior. And there are more managed options for running API management on Kubernetes, such as Solo.io Gloo Mesh, Kong Gateway, Azure API management for AKS, Amazon API Gateway on EKS and NGINX Kubernetes Gateway. API management solution provider Tyk even calls Kubernetes and API management a “match made in heaven.”

Extending OpenAPI Specification

Modern businesses use the OpenAPI Specification (formerly Swagger) to define how their services communicate to the outside world. OpenAPI can also be leveraged as a lingua franca for defining how applications talk to the infrastructure itself. The specification is very handy because it can be used to generate documentation, server stubs, tests and more.

Perhaps in the future there will be more extensions to OpenAPI that standardize how API management tools themselves communicate with the backend. Extending OpenAPI is certainly not out of the question—many platform providers have added extensions to the specification. For example, the OpenAPI Specification supports custom properties known as extensions, which can be used to document vendor-specific attributes. IBM, for example, has an OpenAPI extension for IBM Connect. And it looks like the OpenAPI Initiative has an extension directory project in the works as well. This could be helpful to define standard ways in which API management tools define common mechanisms like routing or rate limiting, suggests Ciruli.

Next Generation APIs Look Cloud-Native

We are still early in the cloud-native revolution, and time will tell how API management evolves. One consideration is that transitions for cloud-native API management approaches will likely be easier for digital-native startups than large enterprises carrying more legacy technologies. Yet, at some point, these legacy services will dwindle, and more and more services will be more modern and cloud-native, predicts Ciruli.

Regardless of the exact implementation, Kubernetes can grant significant scalability for API management. “Moving to K8s as a common substrate gives us an advantage in how we operate these services,” said Ciruli.

Bill Doerrfeld

Bill Doerrfeld is a tech journalist and analyst. His beat is cloud technologies, specifically the web API economy. He began researching APIs as an Associate Editor at ProgrammableWeb, and since 2015 has been the Editor at Nordic APIs, a high-impact blog on API strategy for providers. He loves discovering new trends, interviewing key contributors, and researching new technology. He also gets out into the world to speak occasionally.

Bill Doerrfeld has 105 posts and counting. See all posts by Bill Doerrfeld