Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud-native is just part of the game

How to take distributed architectures to the next level with API gateways and service meshes.

Anyone who thinks that the trend towards cloud-native applications is passing by like a hip fashion trend is overlooking something: Cloud-native is basically a puzzle piece in a larger game. This puzzle piece helps make solutions for a runtime environment, for example, as flexible as possible. Which is not unimportant. The goal of the big game is to build a software architecture that is capable of change on the one hand and robust at the same time. To do that, we need a lot of puzzle pieces, and move strategically through each level. Because while we realize cloud-native solutions as a microservices architecture, we get highly distributed architectures that present us with difficult tasks in areas such as deployment, security or connectivity. We have to solve these tasks before we enter the next level.

The respective demo scenario is available in my personal Github account: https://github.com/svenbernhardt/api-mesh-demo

  • Be the first to comment

Cloud-native is just part of the game

  1. 1. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 1 Stuttgart, 11.05.2021 Sven Bernhardt CLOUD-NATIVE IS JUST PART OF THE GAME
  2. 2. © OPITZ CONSULTING 2021 / Öffentlich THAT‘S ME Cloud-native is just part of the game 2 Sven Bernhardt Cloud-Native enthusiast, API & integration geek. Always curious how new technologies and concepts can help to make things more valuable and efficient. ¢ Chief Architect / Integration Evangelist@OPITZ CONSULTING Deutschland GmbH ¢ Oracle ACE Director @sbernhardt https://svenbernhardt.wordpress.com/
  3. 3. © OPITZ CONSULTING 2021 / Öffentlich AGENDA Cloud-native is just part of the game 3 CLOUD-NATIVE 01 CHALLENGES 02 SERVICE MESH 04 API GATEWAY 03 API GATEWAY & SERVICE MESH 05 SUMMARY 06
  4. 4. © OPITZ CONSULTING 2021 / Öffentlich CLOUD-NATIVE : PARADIGM TO BUILT APPS FOR THE CLOUD! Cloud-native is just part of the game 4
  5. 5. © OPITZ CONSULTING 2021 / Öffentlich WHAT DOES CLOUD-NATIVE MEAN? Cloud-native is just part of the game 5 ¢ Apps follow the 12-factor app methodology for delivering software as a service (or product) ¢ Definition (published by Cloud Native Computing Foundation (CNCF)): ¢ Independent of deployment scenario: ¢ On-prem, hybrid or hybrid multi-cloud Source: https://pivotal.io/cloud-native Cloud native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable, and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil.
  6. 6. © OPITZ CONSULTING 2021 / Öffentlich LOOSE COUPLING OFTEN MEANS MORE DISTRIBUTION Cloud-native is just part of the game 6 ¢ Single Deployment unit ¢ Single execution process ¢ Shared database ¢ Local, app-internal communication only ¢ Multiple Deployment units ¢ Exclusive execution process per service ¢ Database per Service (usually) ¢ Remote, inter-service communication UI Business Logic Persistence Monolithic app architecture Cloud-native app architecture
  7. 7. © OPITZ CONSULTING 2021 / Öffentlich SERVICE DISTRIBUTION COMES AT A PRICE Cloud-native is just part of the game 7 • Amount of traffic • Number of services • Teams autonomity Reliability ¢ Traffic connectivity & reliability ¢ Zero-trust security ¢ Observability ¢ Log aggregation ¢ Metrics management ¢ Service tracing Challenges
  8. 8. © OPITZ CONSULTING 2021 / Öffentlich INCREASED COMPLEXITY AND CHALLENGES WITH RESPECT TO DEVELOPMENT CONSISTENCY Cloud-native is just part of the game 8 Security Security Logging Logging Security Tracing Metrics Routing Metrics Tracing Application AuthN/Z Rate-Limiting Routing Caching Organization Application AuthN/Z Versioning Versioning Rate-Limiting
  9. 9. © OPITZ CONSULTING 2021 / Öffentlich RELIABLE CONNECTIVITY IS A MULTIDIMENSIONAL PROBLEM Cloud-native is just part of the game 9 App App App App Edge Cross-App In-App Monolith Services Microservices Serverless …
  10. 10. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 10 … BUT: WE’RE USUALLY NOT STARTING ON A GREENFIELD! https://opitzcloud.canto.global/b/GI7R1
  11. 11. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 11 API GATEWAY https://www.flickr.com/photos/matmatmat/20153807915/sizes/l/
  12. 12. © OPITZ CONSULTING 2021 / Öffentlich API GATEWAY CHARACTERISTICS Cloud-native is just part of the game 12 ¢ Single entry point for clients to access Services ¢ No matter the implementation technology ¢ No matter the architecture (Monolithic or µService) ¢ Provides a consistent governance model ¢ Decouples Client and Service implementation ¢ Is deployed separately in its own instance ¢ Deployment models: ¢ Bundled data and control plane ¢ Independent data and control plane Source: https://tinyurl.com/yxbds3cd
  13. 13. © OPITZ CONSULTING 2021 / Öffentlich ARCHITECTURE CONSIDERATIONS Cloud-native is just part of the game 13 ¢ Supports API Design-first ¢ Allows seamless DevOps (CI / CD) integration ¢ Runs on every infrastructure (Containers, VMs, etc.) ¢ Support for different types of APIs (SOAP, REST, GraphQL, gRPC) ¢ Hybrid architecture ¢ Centralized Control plane (Management) ¢ Distributed Data planes (Workers) Source: https://tinyurl.com/y67tlr77
  14. 14. © OPITZ CONSULTING 2021 / Öffentlich USE CASES Cloud-native is just part of the game 14 ¢ API as products ¢ API products needs to be accessible from outside and inside ¢ API Gateway as an abstraction layer ¢ Service Connectivity ¢ Enforce networking policies to connect, secure, encrypt, protect and observe communication ¢ Decoupling ¢ Client to API Gateway ¢ API Gateway to upstream service ¢ Capabilities to cover: Edge / Boundary Routing, Security, Versioning, API Monetization, API Analytics
  15. 15. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 15 API life cycle as proposed by Luis Weir (@luisw19) in his book „Enterprise API Management“ API products need proper governance!
  16. 16. © OPITZ CONSULTING 2021 / Öffentlich WHAT CAN API GATEWAY HELP YOU WITH? Cloud-native is just part of the game 16
  17. 17. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 17 SERVICE MESH https://www.flickr.com/photos/26020895@N04/15695786155/sizes/l/
  18. 18. © OPITZ CONSULTING 2021 / Öffentlich SERVICE MESH CHARACTERISTICS Cloud-native is just part of the game 18 ¢ Platform that makes service-to-service communication more reliable, secure and observable ¢ Helps to implement cross-cutting concerns with respect to service integration challenges more efficient ¢ Is deployed co-located with the corresponding service ¢ Deployment model: Distributed Data planes with central Control plane ¢ Can be applied on any ¢ Architecture (e.g. Monolithic or µService) ¢ Platform (e.g. VMs, Containers, Kubernetes) Service (Business logic) Sidecar (Supporting functionality like Logging, Configuration, etc.) Host / VM / Pod
  19. 19. © OPITZ CONSULTING 2021 / Öffentlich USE CASES Cloud-native is just part of the game 19 ¢ Network management and reliable connectivity ¢ No longer Developer’s responsibility (Increased developer productivity) ¢ Consistent, declarative management at infrastructure level ¢ Zero-trust security ¢ Define traffic permissions (Who with whom?) ¢ Secure communication via mTLS ¢ Automated certificate management ¢ Capabilities to cover: Security (mTLS), Traffic routing, Observability, Resiliency
  20. 20. © OPITZ CONSULTING 2021 / Öffentlich ARCHITECTURE CONSIDERATIONS Cloud-native is just part of the game 20 ¢ Runs on every infrastructure (Containers, VMs, etc.) ¢ Everything is a service! ¢ Cloud-native apps deployed to Kubernetes ¢ Non Cloud-native workloads ¢ Allows for multi-zone, hybrid Mesh deployment ¢ Span multiple Kubernetes Clusters ¢ Span multiple Clouds ¢ Span on-prem workloads
  21. 21. © OPITZ CONSULTING 2021 / Öffentlich WHAT CAN SERVICE MESH HELP YOU WITH? Cloud-native is just part of the game 21
  22. 22. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 22 API GATEWAY AND SERVICE MESH https://opitzcloud.canto.global/b/Q93DV
  23. 23. © OPITZ CONSULTING 2021 / Öffentlich SIMILARITIES AND DIFFERENCES Cloud-native is just part of the game 23 API Gateway ¢ Handles external edge / boundary traffic ¢ Controls in and out data flow ¢ Bridges security trust domains (hybrid) ¢ Focus on exposing business functionality Service Mesh ¢ Handles internal traffic ¢ Controls service-2-service communication ¢ Ensures internal trust between services ¢ Operates at the infrastructure level Service Mesh Security Observability Traffic Routing Resilency API Gateway Security / Access Control API Contracts. & limits Developer portal & docs API Monetization Rate Limits
  24. 24. © OPITZ CONSULTING 2021 / Öffentlich CONSISTENCE FROM THE EDGE TO THE TARGET SERVICE Cloud-native is just part of the game 24 ¢ External Clients access an organization’s services through the API Gateway (Single Point of entry) ¢ API Gateways are integrated in the Mesh ¢ Just another service from the Mesh’s perspective ¢ Also get own Service Mesh Proxy (SMP) ¢ Internal traffic routing is handeled by the Mesh ¢ Benefits: ¢ Consistent security ¢ Proper insights / Observability ¢ Increased Developer’s productivity
  25. 25. © OPITZ CONSULTING 2021 / Öffentlich API GATEWAY AND SERVICE MESH IN ACTION Cloud-native is just part of the game 25 ¢ Demo shows the Kuma demo application ¢ Service Mesh: Kuma Mesh (originary invented by Kong, but now donated to CNCF) ¢ API Gateway: Kong OSS API Gateway Frontend App Kubernetes Cluster Backend App Backend App Backend App Client
  26. 26. © OPITZ CONSULTING 2021 / Öffentlich WHY KONG API GATEWAY? Cloud-native is just part of the game 26 ¢ Kong Microservice API Gateway ¢ Lightweight ¢ Scalable ¢ Modular ¢ Infrastructure-agnostic ¢ Deployed on top of reliable technologies ¢ Extensible using Plugins and other Open Source compnents (Lua, Go and JavaScript) ¢ API-driven: Fully configurable using a REST API ¢ Smooth integration in existing CI/CD Pipelines Flexible Deployment approach Classic deployment K8s Microgateway deployment K8s Ingress deployment Hybrid deployment
  27. 27. © OPITZ CONSULTING 2021 / Öffentlich WHY KUMA MESH? Cloud-native is just part of the game 27 ¢ Provides a modern distributed Control Plane and uses Envoy for depiciting the Data Plane ¢ Platform agnostic open-source control plane for Service Mesh ¢ Hence Kuma is ¢ Universal ¢ Simple ¢ Scalable ¢ Envoy-based ¢ Supports different deployment models ¢ Standalone deployment ¢ Multi-Zone deployment Source: https://tinyurl.com/rbp4t8m3
  28. 28. © OPITZ CONSULTING 2021 / Öffentlich KUMA DEPLOYMENT MODES Cloud-native is just part of the game 28 Standalone Multi-Zone Source: https://tinyurl.com/khradpjk Source: https://tinyurl.com/4jktvunk
  29. 29. © OPITZ CONSULTING 2021 / Öffentlich API GATEWAY ALTERNATIVES TO KONG Cloud-native is just part of the game 29 Source: Smartbear “State of API 2020” Source: Magic Quadrant for Full Life Cycle API Management, Sept. 2020 Source: CNCF Cloud Naitve Landscape (Category: API Gateway)
  30. 30. © OPITZ CONSULTING 2021 / Öffentlich SERVICE MESH ALTERNATIVES TO KUMA MESH Cloud-native is just part of the game 30 Source: CNCF Survey Report 2020 Source: CNCF Cloud Naitve Landscape (Category: Service Mesh) Source: https://servicemesh.es
  31. 31. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 31 SUMMARY https://opitzcloud.canto.global/b/RPPN0
  32. 32. © OPITZ CONSULTING 2021 / Öffentlich CLOUD-NATIVE BECOMES MORE AND MORE IMPORTANT Cloud-native is just part of the game 32 ¢ The future is Cloud-native ¢ Hybrid, Multi-Cloud architectures will be the norm Source: CNCF Survey Report 2020 Data center usage Cloud-native benefits
  33. 33. © OPITZ CONSULTING 2021 / Öffentlich RELEVANCY OF API GATEWAYS AND SERVICE MESH Cloud-native is just part of the game 33 Service Mesh usage Source: CNCF Survey Report 2020 Source: Smartbear “State of API 2020” Source: Smartbear “State of API 2020”
  34. 34. © OPITZ CONSULTING 2021 / Öffentlich KEY TAKEAWAYS Cloud-native is just part of the game 34 ¢ API Gateway and Service mesh can be combined (depending on the use case) ¢ Both Patterns help to increase developers efficiency ¢ Devs can focus on business code, while things like connectivity challenges are solved on an infrastructure level (by a mesh) ¢ Central management ¢ BUT: Could also be seen critical by developers, since it also decreases a team’s autonomy! ¢ Using either API Gateway or Serivce mesh does not depend on the direction, but on the use case (North-South vs. East-West)
  35. 35. © OPITZ CONSULTING 2021 / Öffentlich Cloud-native is just part of the game 35 Q & A https://opitzcloud.canto.global/b/H0EMG
  36. 36. © OPITZ CONSULTING 2021 / Öffentlich USEFUL LINKS / RESOURCES Cloud-native is just part of the game 36 ¢ Blog Christian Posta: Do I Need an API Gateway if I Use a Service Mesh? ¢ CNCF: Cloud-native Trail Map ¢ CNCF: CNCF Cloud-native landscape ¢ Smartbear: The State of API 2020 Report ¢ INNOQ: Service Mesh Comparison ¢ Github: Kuma Demo Application ¢ Kuma Mesh ¢ Kong OSS Gateway
  37. 37. © OPITZ CONSULTING 2021 / Öffentlich IN CASE OF ANY QUESTIONS… Cloud-native is just part of the game 37 Sven Bernhardt Chief Architect / Integration Evangelist | Oracle ACE Director OPITZ CONSULTING Deutschland GmbH Kirchstrasse 6, 51647 Gummersbach, Germany Phone: +49 172 2193529 Mail: sven.bernhardt@opitz-consulting.com Twitter: @sbernhardt Blog: https://svenbernhardt.wordpress.com
  38. 38. © OPITZ CONSULTING 2021 / Öffentlich VIRTUELLES FEIERABENDBIER Cloud-native is just part of the game Seite 38

×