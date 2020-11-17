Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© OPITZ CONSULTING 2020 ¢¢¢ Digitale Service Manufaktur © OPITZ CONSULTING 2020 Sven Bernhardt, Chief Architect / Integrat...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh That’s me Sven Bernhardt Cloud-Native enthusiast, API & integration ge...
© OPITZ CONSULTING 2020 Seite 3 Agenda 1 2 3 4 5 Why do I need to care? API Gateway Service Mesh Demo case Summary API Gat...
© OPITZ CONSULTING 2020 Seite 4 Why do I need to care? 1 API Gateway or Service Mesh
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Modern software architectures are moving away from monolithic deployme...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Divide and conquer – Slice monolithic applications into smaller, more ...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Modularization, distribution and the related increased flexibility com...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Team autonomity and distribution leads to increased complexity for app...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Reliable connectivity in software architectures is a multi- dimensiona...
© OPITZ CONSULTING 2020 Seite 10 API Gateway 2 API Gateway or Service Mesh
© OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway ¢ Single entry point for clients to access Services ¢ No m...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway: Control and data flows ¢ Every client request needs to go...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway architecture considerations ¢ Implemented based on Cloud-n...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh API as prodcut and Service connectivity ¢ API as products ¢ API produc...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway is an important part to establish full lifecycle API Manag...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 16 Consistent API Management initiatives are also essential to e...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 17 Consistent API Management initiatives are also essential to e...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh What can API Gateway help you with? Seite 18
© OPITZ CONSULTING 2020 Seite 19 Service Mesh 3 API Gateway or Service Mesh
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Service Mesh ¢ A platform that makes service-to-service communication ...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Service Mesh: Control and data flows ¢ Every communication relation fl...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Service connectivity ¢ Network management no longer needs to be done b...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh What can Service mesh help you with? Seite 23
© OPITZ CONSULTING 2020 Seite 24 Demo case 4 API Gateway or Service Mesh
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 25 API Gateway and Service Mesh in action ¢ Synchronous REST Bac...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 26 API Gateway and Service Mesh in action ¢ Establish Service Me...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Oracle Container Engine for Kubernetes (OKE) Based on IaaS Oracle Comp...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh OCI API Gateway ¢ Fully-managed API Gateway ¢ Enables to publish API e...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh ¢ Provides a modern distributed Control Plane and uses Envoy for depic...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 30 Standalone mode vs. Multi-Zone Deployment Standalone Multi-Zo...
© OPITZ CONSULTING 2020 Seite 31 Summary 5 API Gateway or Service Mesh
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Do API Gateway and Service mesh fit together? Service Mesh L4 Service ...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Similarities and Differences ¢ Both API Gateways and Service mesh help...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Key takeaways ¢ API Gateway and Service mesh can be combined, dependin...
© OPITZ CONSULTING 2020 API Gateway or Service Mesh Useful Links ¢ The Difference Between API Gateways and Service Mesh: M...
© OPITZ CONSULTING 2020 Seite 36 Q & A API Gateway or Service Mesh
© OPITZ CONSULTING 2020 ¢¢¢ Digitale Service Manufaktur @OC_WIRE OPITZCONSULTING opitzconsulting opitz-consulting-bcb8-100...
Upcoming SlideShare
Loading in …5
×

API Gateway or Service Mesh - Complementary or excluding concepts

5 views

Published on

Presentation slides from DOAG conference 2020.

API Gateway are already around for a while. With the rise of Microservices architectures and highly distributed architectures, new concepts like Service meshes arise. Since Service mesh and API Gateway implementations seem to have similar functionalities, we have to deal with questions wether to use the one or the other. But is it really an “or”? Maybe is it just another fallacy?

In this session, I’ll explain basic concepts, common functionalities and differences for both concepts, to answer the question, if it’s complementary or excluding concepts? To make this session more practical, it’ll be supported by coding examples where certain aspects of the talk are shown based on Cloud-native example app that run upon OCI.

Published in: Technology
no profile picture user

  • Be the first to comment

  • Be the first to like this

API Gateway or Service Mesh - Complementary or excluding concepts

  1. 1. © OPITZ CONSULTING 2020 ¢¢¢ Digitale Service Manufaktur © OPITZ CONSULTING 2020 Sven Bernhardt, Chief Architect / Integration Evangelist API Gateway or Service Mesh - Complementary or excluding concepts?
  2. 2. © OPITZ CONSULTING 2020 API Gateway or Service Mesh That’s me Sven Bernhardt Cloud-Native enthusiast, API & integration geek. Always curious how new technologies and concepts can help to make things more valuable and efficient. Proud father of a son, soccer fan and player. Loves listening to good Heavy Metal music and attending festivals (like Wacken Open Air). ¢ Chief Architect / Integration Evangelist @OPITZ CONSULTING Deutschland GmbH ¢ Oracle ACE Director @sbernhardt https://svenbernhardt.wordpress.com/ Seite 2
  3. 3. © OPITZ CONSULTING 2020 Seite 3 Agenda 1 2 3 4 5 Why do I need to care? API Gateway Service Mesh Demo case Summary API Gateway or Service Mesh
  4. 4. © OPITZ CONSULTING 2020 Seite 4 Why do I need to care? 1 API Gateway or Service Mesh
  5. 5. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Modern software architectures are moving away from monolithic deployments ¢ Discontinued Support ¢ Lack of maintainability ¢ Decreasing benefit ¢ Extinct knowledge ¢ Lack of agility / implementation backlog ¢ Decreasing data quality ¢ Increasing costs Seite 5
  6. 6. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Divide and conquer – Slice monolithic applications into smaller, more manageable units ¢ As little distribution as necessary and not less ¢ Flexibility ¢ Independently releasable ¢ Technological freedom ¢ Platform independency ¢ Scalability ¢ Fault tolerance & robustness ¢ Decoupled development ¢ Dedicated responsibility and ownership UI Business Logic Persistence Seite 6
  7. 7. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Modularization, distribution and the related increased flexibility comes at a price • Amount of traffic • Number of services • Teams autonomityReliability ¢ Traffic connectivity & reliability ¢ Zero-trust security ¢ Observability ¢ Log aggregation ¢ Metrics management ¢ Service tracing Challenges Seite 7
  8. 8. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Team autonomity and distribution leads to increased complexity for app developers Security Security Logging Logging Security Tracing Metrics Routing Metrics Tracing Application AuthN/Z Rate-Limiting Routing Caching Organization Application AuthN/Z Versioning Versioning Seite 8 Rate-Limiting
  9. 9. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Reliable connectivity in software architectures is a multi- dimensional problem App App App App Edge Cross-App In-App Monolith Services Microservices Serverless … Seite 9
  10. 10. © OPITZ CONSULTING 2020 Seite 10 API Gateway 2 API Gateway or Service Mesh
  11. 11. © OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway ¢ Single entry point for clients to access Services ¢ No matter the implementation technology ¢ No matter the deployment model (Monolithic or µService) ¢ Provides a consistent governance model ¢ Decouples Client and Service implementation ¢ Is deployed separately in its own instance ¢ Deployment models: ¢ Bundled data and control plane ¢ Independent data and control plane Source: https://tinyurl.com/yxbds3cd Seite 11
  12. 12. © OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway: Control and data flows ¢ Every client request needs to go through the API Gateway ¢ Regular control and data flows: 1. Configure the API Gateway 2. Client sends a request 3. API Gateway enforces defined request as well as response policies (traffic, security, etc.) 4. API Gateway reverse proxies client request to backend service Service API API Gateway Client 1 2 3 4 Seite 12
  13. 13. © OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway architecture considerations ¢ Implemented based on Cloud-native principles ¢ API Design first ¢ Supports DevOps (CI / CD) ¢ Runs on every infrastructure (Containers, VMs, etc.) ¢ Support for different types of APIs (REST, GraphQL, gRPC) ¢ Hybrid architecture ¢ Centralized Control plane (Management) ¢ Distributed Data planes (Workers) Source: https://tinyurl.com/y67tlr77 Seite 13
  14. 14. © OPITZ CONSULTING 2020 API Gateway or Service Mesh API as prodcut and Service connectivity ¢ API as products ¢ API products needs to be accessible from outside and inside ¢ API Gateway as an abstraction layer ¢ Capabilities to cover: AuthN/Z, Rate limiting, Monetization, etc. ¢ Service Connectivity ¢ Enforce networking policies to connect, secure, encrypt, protect and observe communication ¢ Client to API Gateway ¢ API Gateway to upstream service ¢ Capabilities to cover: Security (mTLS), Observability, Load balancing, Routing, Versioning Seite 14
  15. 15. © OPITZ CONSULTING 2020 API Gateway or Service Mesh API Gateway is an important part to establish full lifecycle API Management API life cycle as proposed by Luis Weir (@luisw19) in his book „Enterprise API Management“ Seite 15
  16. 16. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 16 Consistent API Management initiatives are also essential to ensure internal system interoperation Source: “The state of API Report 2020” by SmartBear
  17. 17. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 17 Consistent API Management initiatives are also essential to ensure internal system interoperation Source: https://tinyurl.com/y4anw93n
  18. 18. © OPITZ CONSULTING 2020 API Gateway or Service Mesh What can API Gateway help you with? Seite 18
  19. 19. © OPITZ CONSULTING 2020 Seite 19 Service Mesh 3 API Gateway or Service Mesh
  20. 20. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Service Mesh ¢ A platform that makes service-to-service communication more reliable, secured and observable ¢ Helps to better implement existing use cases, like ¢ Security ¢ Observability ¢ Resiliency ¢ Is deployed co-located with the corresponding service ¢ Deployment model: Distributed Data planes with central Control plane ¢ Can be applied on any ¢ Architecture (e.g. Monolithic or µService) ¢ Platform (e.g. VMs, Containers, Kubernetes) Seite 20
  21. 21. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Service Mesh: Control and data flows ¢ Every communication relation flows through the data plane proxies ¢ Regular control and data flows: 1. Data plane proxies are spawn and configured by the Control plane 2. Configuration is distributed to data plane proxies 3. Requests/Responses are directed through the data plane proxies where the respective policies are applied Service Monolithic Service Data Plane Data Plane Control Plane Kubernetes Pod Virtual Machine Virtual Machine 3 2 1 Seite 21
  22. 22. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Service connectivity ¢ Network management no longer needs to be done by Devs, because Mesh proxy cares about it ¢ Ideally ensures connectivity on Layer 4 and 7 (HTTP and TCP) ¢ Everything can be seen as service, e.g. an API Gateway would also be a service within the mesh receives and sends requests ¢ Capabilities to cover: Security (mTLS), Traffic control, Observability, Load balancing Seite 22
  23. 23. © OPITZ CONSULTING 2020 API Gateway or Service Mesh What can Service mesh help you with? Seite 23
  24. 24. © OPITZ CONSULTING 2020 Seite 24 Demo case 4 API Gateway or Service Mesh
  25. 25. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 25 API Gateway and Service Mesh in action ¢ Synchronous REST Backend service deployed to OKE ¢ Externally exposed using OCI API Gateway ¢ Ingress Controller (Kong) for K8S North-South traffic Consumer API Exposure Ingress Controller Employees Service [HTTP] [HTTPS] [HTTPS]
  26. 26. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 26 API Gateway and Service Mesh in action ¢ Establish Service Mesh (Kuma) to ¢ Ensure connectivity ¢ Further transparency ¢ Increase level of security ¢ Service Mesh helps to declaratively handle: ¢ mTLS ¢ Observability ¢ Traffic Management (Routing / Access) ¢ Health checks Consumer API Exposure Data Plane Data Plane Ingress Controller Employees Service Control Plane [HTTPS] [HTTPS] [HTTPS]
  27. 27. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Oracle Container Engine for Kubernetes (OKE) Based on IaaS Oracle Compute Cloud Service Worker Nodes: VM Master Node: •Managed and maintained by Oracle •Not visible for the end user •Master nodes are free of charge Auto-scaling capabilities using Worker-Node Pools Can be provisioned using OCI Cloud Console OCI Cloud Shell OCI CLI Terraform (OCI Resource Manager) Seite 27
  28. 28. © OPITZ CONSULTING 2020 API Gateway or Service Mesh OCI API Gateway ¢ Fully-managed API Gateway ¢ Enables to publish API endpoints that are accessible ¢ Within the Cloud network only ¢ From the public internet ¢ Currently only REST APIs are supported ¢ Exposed API endpoints support: API validation, Request/Reponse transformation, CORS, AuthN/Z, Rate limiting ¢ Can be provisioned using: ¢ OCI Cloud Console ¢ OCI Cloud Shell ¢ OCI CLI ¢ Terraform (OCI Ressource Manager) Seite 28
  29. 29. © OPITZ CONSULTING 2020 API Gateway or Service Mesh ¢ Provides a modern distributed Control Plane and uses Envoy for depiciting the Data Plane ¢ Platform agnostic open-source control plane for Service Mesh ¢ Hence Kuma is ¢ Universal ¢ Simple ¢ Scalable ¢ Envoy-based ¢ Supports different deployment models ¢ Standalone deployment ¢ Multi-Zone deployment Kuma Mesh Source: https://tinyurl.com/y2rqmdxe Seite 29
  30. 30. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Seite 30 Standalone mode vs. Multi-Zone Deployment Standalone Multi-Zone Source: https://tinyurl.com/y3myvhxe Source: https://tinyurl.com/y3gyxe2k
  31. 31. © OPITZ CONSULTING 2020 Seite 31 Summary 5 API Gateway or Service Mesh
  32. 32. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Do API Gateway and Service mesh fit together? Service Mesh L4 Service Connectivity API Gateway API products & APIM L7 Service Connectivity Source: https://tinyurl.com/yyy4yr5y Seite 32
  33. 33. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Similarities and Differences ¢ Both API Gateways and Service mesh help to externalize cross- cutting concerns and allow to handle them centrally ¢ Authentication / Authorization ¢ TLS handling ¢ Proividing service insights (Observability) ¢ Act independently from the direction (North-South resp. East- West) ¢ Support disjoint use cases ¢ Operate on different levels ¢ API Gateway (Layer 7 policies) ¢ Service Mesh (Layer 4 and Layer 7 policies) ¢ Service mesh is less invasive from an architectural perspective Seite 33
  34. 34. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Key takeaways ¢ API Gateway and Service mesh can be combined, depending on the use case ¢ Both Patterns help to increase developers efficiency ¢ Devs can focus on business code, while things like connectivity challenges are solved on an infrastructure level (by a mesh) ¢ Central management ¢ Using either API Gateway or Serivce mesh does not depend on the direction, but on the use case (North-South vs. East-West) Seite 34
  35. 35. © OPITZ CONSULTING 2020 API Gateway or Service Mesh Useful Links ¢ The Difference Between API Gateways and Service Mesh: Marco Palladino, Kong Inc. ¢ Servicemesh.es ¢ Kuma Mesh documentation ¢ Oracle Container Engine for Kubernetes documentation ¢ OCI API Gateway documentation Seite 35
  36. 36. © OPITZ CONSULTING 2020 Seite 36 Q & A API Gateway or Service Mesh
  37. 37. © OPITZ CONSULTING 2020 ¢¢¢ Digitale Service Manufaktur @OC_WIRE OPITZCONSULTING opitzconsulting opitz-consulting-bcb8-1009116 WWW.OPITZ-CONSULTING.COM Thanks for your attention! API Gateway or Service Mesh Sven Bernhardt Chief Architect / Integration Evangelist | Oracle ACE Director OPITZ CONSULTING Deutschland GmbH Kirchstrasse 6, 51647 Gummersbach, Germany Phone: +49 172 2193529 Mail: sven.bernhardt@opitz-consulting.com @sbernhardt https://svenbernhardt.wordpress.com Seite 37

×