In the evolving landscape of cloud-native applications, SAP Kyma offers a powerful platform for building and extending applications using microservices and serverless functions. A crucial element in this architecture is the API Gateway, which manages and secures access to backend services by acting as a single entry point for APIs.
This article explores how to develop, configure, and deploy API Gateway services within SAP Kyma, empowering developers to expose, secure, and monitor APIs efficiently in an SAP-centric cloud environment.
The SAP Kyma API Gateway is based on Envoy Proxy, integrated as part of the Istio service mesh. It provides key functionalities such as:
Kyma’s API Gateway enables seamless API management within Kubernetes while integrating with SAP Business Technology Platform (BTP).
Start by defining your API endpoints, request/response formats, and security requirements. Use OpenAPI (Swagger) specifications to standardize your API contract. Kyma supports importing OpenAPI specs for API configuration.
Your API Gateway routes traffic to backend services running inside Kyma. These can be:
Implement your backend logic using preferred languages or frameworks.
Use Custom Resource Definitions (CRDs) provided by Kyma to define APIs:
Example APIRule YAML snippet:
apiVersion: gateway.kyma-project.io/v1alpha1
kind: APIRule
metadata:
name: my-api
namespace: default
spec:
service:
name: my-backend-service
port: 8080
gateway: kyma-gateway.kyma-system.svc.cluster.local
rules:
- path: /.*
methods: ["GET", "POST", "PUT"]
accessStrategies:
- handler: jwt
config:
trustedIssuers:
- "https://issuer.example.com"
jwksUri: "https://issuer.example.com/.well-known/jwks.json"
This exposes the my-backend-service through the Kyma API Gateway with JWT authentication.
Deploy your backend service or function to the Kyma cluster:
kubectl apply -f backend-deployment.yaml
kubectl apply -f backend-service.yaml
kubectl apply -f api-rule.yaml
The API Gateway will automatically configure routing and security based on the APIRule.
APIRule such as JWT, OAuth2, or Basic Authentication.Developing API Gateway services in SAP Kyma enables SAP customers and partners to expose and manage APIs efficiently within a secure, cloud-native environment. Leveraging Kubernetes, Istio, and Kyma’s native resources like APIRule, developers can build robust, scalable, and secure APIs that integrate seamlessly with SAP landscapes.
Mastering API Gateway services in Kyma is key to unlocking flexible extension capabilities and driving innovation on the SAP Business Technology Platform.