Spring Cloud Gateway on Kubernetes cannot discover container services natively, delivers lower performance than an NGINX Ingress gateway, and requires custom development for observability and security. In cloud migration and hybrid cloud scenarios, this often produces a two-layer architecture -- Ingress plus Spring Cloud Gateway -- that adds network hops, resource consumption, and O&M costs.
A Microservices Engine (MSE) cloud-native gateway unifies the traffic gateway and the microservices gateway into a single layer with high performance, high integration, and out-of-the-box capabilities, which can greatly reduce service costs. This guide walks through five steps to migrate your Spring Cloud Gateway routes, service sources, authentication, and traffic to an MSE cloud-native gateway.
How Spring Cloud Gateway maps to a cloud-native gateway
Before you start, review how the core concepts in Spring Cloud Gateway map to the cloud-native gateway:
| Spring Cloud Gateway | Cloud-native gateway | Notes |
|---|---|---|
| Nacos registry | Service source | The cloud-native gateway pulls service lists from a configured service source (Nacos, ACK, EDAS, or SAE). |
spring.cloud.gateway.routes | Routing rule | Define routes in the MSE console instead of YAML files. Each route maps a path predicate to a backend service. |
Route predicate (Path=) | Route matching condition | Supports path matching. |
uri: lb://service-a | Backend service + version | Select a service imported from a service source, then configure the target version. |
| Ribbon load-balancing rule | Load balancing policy | Configure through the service settings in the MSE console. |
| Hystrix circuit breaker | Route-level policies | The cloud-native gateway provides throttling, timeout, and other policies per route. |
AddResponseHeader filter | Header setting policy | Configure as a route-level policy in the MSE console. |
| Custom authentication filter | JWT / OIDC / IDaaS / custom authentication | Authentication plugins replace custom filter code. |
Prerequisites
Before you begin, make sure that you have:
A cloud-native gateway created in the MSE console. See Create a cloud-native gateway
Familiarity with cloud-native gateway concepts. See Dive deeper into cloud-native gateways
A backup of your current Spring Cloud Gateway configuration files (
application.yml,bootstrap.yml, and any externalized config in Nacos or Git)
Step 1: Identify and configure the service source
The cloud-native gateway needs a service source to discover your backend services. Depending on your setup, you may already have a compatible source or need to configure one.
When to skip this step
Skip to Step 2 if any of the following applies:
You use Container Service for Kubernetes (ACK) with Kubernetes service discovery
You use an MSE Nacos instance that has been upgraded to a version supporting Mesh Configuration Protocol (MCP)
You do not use a service discovery mechanism and rely on domain names or fixed IP addresses
Set up a service source by registry type
Choose the option that matches your current registry:
MSE Nacos instance
Purchase an MSE Nacos instance. See Create a Nacos engine.
Register your services with the MSE Nacos instance by updating your application configuration or code. See the Nacos Java SDK documentation.
(Optional) For Java applications, use the Microservices Governance agent of MSE to automate registration migration. See Migration solution based on MSE Sync.
Enterprise Distributed Application Service (EDAS) registry
Add your EDAS registry as a service source directly. See Add a service source.
Serverless App Engine (SAE) registry
Add your SAE registry as a service source directly. See Add a service source.
Verify the service source
After you add a service source, open the MSE console and navigate to your cloud-native gateway. Confirm that the service source appears in the service source list and is working correctly.
Step 2: Migrate routing and service configurations
Translate your Spring Cloud Gateway YAML configuration into cloud-native gateway settings in the MSE console. The following example shows a typical configuration and how each section maps to the console.
Example Spring Cloud Gateway configuration
Registry binding:
spring:
application:
name: gateway-demo
cloud:
nacos:
discovery:
server-addr: nacos-server:8848
config:
enabled: falseRoutes and load balancing:
spring:
cloud:
gateway:
default-filters:
- AddResponseHeader=X-Response-Default-Foo, Default-Bar
routes:
- id: websocket_test
uri: ws://localhost:9000
order: 9000
predicates:
- Path=/echo
- id: default_path_to_service-a
uri: lb://service-a
order: 10000
predicates:
- Path=/sleep
service-a:
ribbon:
NFLoadBalancerRuleClassName: com.netflix.loadbalancer.WeightedResponseTimeRule
ConnectTimeout: 1000
ReadTimeout: 8000
MaxAutoRetries: 3
MaxAutoRetriesNextServer: 2
MaxTotalConnections: 20000
MaxConnectionsPerHost: 5000
hystrix:
command:
service-a:
execution:
isolation:
thread:
timeoutInMilliseconds: 60000
strategy: SEMAPHORE
semaphore:
maxConcurrentRequests: 60000Migrate each configuration section
Perform the following operations in the MSE console:
1. Replace the registry binding with a service source
The spring.cloud.nacos.discovery block is replaced by the service source you configured in Step 1. No additional action is needed.
2. Import backend services
Import each backend service referenced in your routes (for example, service-a).
In the MSE console, go to your cloud-native gateway and import the services from your service source. See Add a service.
Configure the appropriate version for each imported service. See Manage service versions.
The Ribbon load-balancing and Hystrix circuit-breaker settings (WeightedResponseTimeRule, ConnectTimeout, ReadTimeout, retry and concurrency limits) map to the cloud-native gateway's service and route policies. Configure them in the console.
3. Create routing rules
Translate each route entry into a cloud-native gateway routing rule. See Create a routing rule.
For the example above, create two routing rules:
| Spring Cloud Gateway route | Cloud-native gateway route |
|---|---|
websocket_test: path /echo -> ws://localhost:9000 | Path match: /echo, backend: WebSocket service at localhost:9000 |
default_path_to_service-a: path /sleep -> lb://service-a | Path match: /sleep, backend: service-a (imported from service source) |
4. Configure route-level policies
The default-filters in Spring Cloud Gateway (such as AddResponseHeader) map to route-level policies on the cloud-native gateway. Configure the following policies as needed:
Verify the routing configuration
After you create the routing rules, send a test request to the cloud-native gateway's endpoint for each migrated route. Confirm that the request reaches the correct backend service and returns the expected response.
# Test the /echo WebSocket route
curl -v http://<cloud-native-gateway-endpoint>/echo
# Test the /sleep route
curl -v http://<cloud-native-gateway-endpoint>/sleepStep 3: Set up authentication
If your Spring Cloud Gateway uses custom authentication filters, replace them with the cloud-native gateway's authentication methods. Choose the method that fits your identity provider:
Verify authentication
After you configure authentication, send a request without valid credentials and confirm that the gateway returns a 401 Unauthorized response. Then send a request with valid credentials and confirm that it reaches the backend service.
# Expect 401 Unauthorized
curl -v http://<cloud-native-gateway-endpoint>/sleep
# Expect 200 OK with valid token
curl -v -H "Authorization: Bearer <valid-token>" http://<cloud-native-gateway-endpoint>/sleepStep 4: Set up observability
The cloud-native gateway provides monitoring, alerting, log shipping, and tracing -- replacing the custom integrations typically required with Spring Cloud Gateway. Enable the capabilities that match your requirements:
Verify observability
After you enable monitoring and log shipping, generate test traffic. Confirm that metrics appear on the gateway dashboard and that logs reach the target destination.
Step 5: Migrate traffic
With routing rules, authentication, and observability in place, migrate production traffic from Spring Cloud Gateway to the cloud-native gateway. Four migration strategies are available, each with a different balance of cost and risk:
| Strategy | Cost | Risk | Description |
|---|---|---|---|
| Iterated migration | High | Low | Change the access URLs of a few services at a time on the caller side or client side. Validate each batch before proceeding. |
| Phased migration on the proxy side | Medium | Medium | Group services by type (core vs. non-core) on the original proxy. Migrate non-core services first, then core services. |
| DNS-based full migration | Low | High | Point the original domain name directly to the cloud-native gateway's access URL. All traffic switches at once. |
| Procedural migration (recommended) | Relatively low | Relatively low | A structured combination of the above strategies. See the recommended procedure below. |
Recommended procedure
Back up your configuration. Confirm that you have a copy of all Spring Cloud Gateway configuration files (
application.yml,bootstrap.yml, and any externalized config). This backup serves as your rollback baseline.Test with a small batch. Migrate a few non-critical services to the cloud-native gateway and validate the routing, authentication, and response behavior.
Migrate core services sequentially. After the test batch passes validation, migrate core services one by one. Monitor error rates and latency on the gateway dashboard after each service is migrated.
Run stress tests. Before switching all traffic, run stress tests against the cloud-native gateway to confirm it handles your expected throughput.
Perform DNS-based full migration. Associate your original domain name with the cloud-native gateway's access URL to switch all remaining traffic.
Keep the original gateway running. Maintain the Spring Cloud Gateway deployment for a rollback window. If issues arise, revert the DNS record to point back to the original gateway.
Rollback
If you encounter issues after switching traffic, revert the DNS record to point back to the Spring Cloud Gateway. Because the original configuration and service registrations remain intact during the migration, rolling back requires only a DNS change.