5 Minutes in AILERON Gateway

Transcript

1. 5 Minutes in AILERON Gateway 15 June, 2025 Nomura Research

   Institute Wataru OKUURA (@okuura)

2. 1 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   AILERON Gateway Launch Date: March 17, 2025 is

3. 2 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   AILERON[ˈeɪlərɒn] wing flaps for plane control https://www.aerospacengineering.net/flight-control-surfaces/

4. 3 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   AILERON Gateway ◼ AILERON Gateway is Secure and light-weight gateway OSS ◼ Key Points Security × Gateway Built-in advanced authN/authZ features and fine-grained gateway features. Simple and Clear Architecture "Single Binary, Simple Config" for easy understanding and quick startup. For Cloud-Native Built from scratch in Go language. What is AILERON Gateway? Edge Gateway External Service Gateway Features Security Features Internal Service End User OAuth2 OIDC FAPI OPA Observability Features OpenTelemetry Prometheus Rate Limiting Load Balancing Protocol conversion … …

5. 4 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   Most AuthN/Z Reverse Proxy OSS belongs to this area. ◼ Current Issue ⚫ Most light-weight Gateway OSS don’t integrate advanced authN/authZ features with gateway features. ⚫ Even if existed, requires enterprise edition or third- party plugins. ⚫ Therefore, need to combine multiple OSS or plugins. ◼ AILERON Gateway Benefits ⚫ Integrates both advanced authN/authZ with gateway features in a single OSS. Why AILERON Gateway? AILERON Gateway Security/AuthN/AuthZ Features Gateway Features rich rich poor AILERON Gateway’s target position Has both features! mod_auth _openidc Most Gateway OSS belongs to this area. gRPC LB Protocol Conversion … FAPI OPA …

6. 5 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   ◼ “Single Binary, Simple Config” ◼ Example: Performing OIDC and OPA with load balancing to backend services How it works? ～～～ spec: addr: ":8080" virtualHosts: - middleware: - apiVersion: app/v1 kind: AuthenticationMiddleware - apiVersion: app/v1 kind: OPAAuthzMiddleware handlers: - handler: apiVersion: core/v1 kind: ReverseProxyHandler ～Detailed configuration below～ $ ./aileron -f ./config.yml Authen tication (OIDC) middle ware OPA Authz middle ware Reverse Proxy (Load Balancing) handler … config.yml Client Internal Service-1 Internal Service-2 Step1. Write Config.yml Step2. Run AILERON Gateway!

7. 6 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   Key Features Category Implemented Under investigation Gateway • Rate Limiting • Max Connection, Fixed Window, Leaky Bucket, Token Bucket • Load Balancing(HTTP, gRPC) • Round Robin, Random, Direct Hash, Ring Hash, Maglev • Legacy Protocol Conversion(SOAP-REST) • Circuit Breaker • Retry • Timeout • GraphQL • API Aggregation • Advanced Legacy Protocol Conversion (Executing Another Language Libraries) Security • OAuth2 • OpenID Connect • FAPI 1.0 • OPA(PEP, PDP) • CORS • CSRF • SPIFFE • FAPI 2.0 • AuthZEN Observability • OpenTelemetry • Prometheus • Golang Profiling Endpoint -

8. 7 Copyright （C） Nomura Research Institute, Ltd. All rights reserved.

   ◼ More information & downloads ⚫ https://github.com/aileron-gateway/aileron-gateway ⚫ https://aileron-gateway.github.io/docs/ ◼ Try AILERON Gateway now! ◼ See you tomorrow at our KubeCon Sponsor booth! Get involved! https://aileron-gateway.github.io/docs/