The document discusses the evolution of applications towards microservice architecture and the importance of service mesh and API management in addressing the associated challenges. It highlights the benefits of microservices, such as agility, innovation, and scalability, while outlining challenges like operational complexity and network resiliency. The presentation emphasizes the integration of WSO2 API Manager with Istio for enhanced security, analytics, and control over microservices deployment.

1. Extending Service Mesh with API
Management
Nirmal Fernando
Senior Lead Solutions Engineer

2. Agenda:
• Evolution of Applications
• Why microservice architecture?
• Challenges with microservices?
• Why Service Mesh?
• Why API Management?
• WSO2 API Manager with Istio / Demo

3. Evolution of Applications
Disaggregated architectures drive 50 billion endpoints to grow >1 trillion
CONSUMER DEMAND
SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND
1
10
102
103
105
109
MONOLITHIC
BUSINESS APP
ENTERPRISE
APPS
DEPARTME
NTAL APPS
SAAS APPS
PUBLIC /
PRIVATE APIS
1970s
|
MAINFRAME
1980s
|
IT
AWAKENING
1990s
|
INTERNET
2000s
|
MOBILE
2010s
|
IoT/AI
2020+
|
DIGITAL NATIVE
SERVERLESS &
MICROSERVICES

4. What is Microservices Architecture?
● Architectural and organizational approach to software
development
● Designed to speed-up deployment cycles, foster
innovation and ownership, improve maintainability and
scalability
● Composed of small independent services, each of which
is built around a single business capability
● Services are owned by small self-contained teams

5. Why Microservices Architecture?
● Agility - small independent teams are empowered to work independently
and quickly, thus shortening the cycle times
● Innovation - teams can act autonomously and choose appropriate
technologies, frameworks and low cost of failure
● Quality - dividing into small well-defined modules improves reusability,
composability and maintainability of code
● Scalability - fine-grained decoupling of microservices allows you to
horizontally scale each service independently from each other
● Availability - easier to implement failure isolation, thus improve the overall
availability of your application

6. Challenges with Microservices

7. • Network resiliency (retry, failover, circuit breaker)
• Architectural complexity (complexity in interactions)
– service discovery
– service authentication
• Operational complexity
– Analytics, tracing, monitoring (Observability)
– How to deploy a new version of a service (roll out new
version - Canary deployment)
Challenges with Microservices

8. How to address these challenges?

9. Service Mesh
A service mesh is a dedicated infrastructure layer that
controls service-to-service communication over a network.
It provides a method in which separate parts of an
application can communicate with each other.
source:techtarget.com

10. Istio is an open source service mesh implementation which
provides behavioral insights and operational control over
the service mesh as a whole, offering a complete solution
to satisfy the diverse requirements of microservice
applications.
Istio

11. Istio Component Overview
• Pilot is responsible for configuring the data plane, defining basic
proxy behaviour, providing service discovery for the Envoy
sidecars, traffic management capabilities for intelligent routing, and
resiliency.
• Mixer can respond to various queries from the data plane such as
authorization, access control or quota checks, and collects
telemetry data from the Envoy proxy and other services.
• Citadel enables strong service-to-service and end-user
authentication with built-in identity and credential management.
Allows you to build zero-trust environments.

12. Istio Component Overview
Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)

13. Demo

14. Type Service Mesh API Management
Routing L3/L4 HTTP, GRPC, GraphQL
Security Service identity and mTLS User/App Authentication and
Authorization(OAuth / JWT)
Analytics Service operational analytics Business and developer focus analytics
Rate Limiting RPC level rate limiting Business related rate limiting
Personas and Portal DevOps portals Publisher, Developer, CXO portal

15. • When users need to expose microservices services to
outside in a secured and a controlled manner.
• When fine grained security should be enforced on APIs
exposed.
• When stats need to be collected on API usage for
monetization and billing.
• When it is required to offer a marketplace for APIs for
easy discovery and adoption.
When is API Management required in a Service Mesh

16. Istio + WSO2 API Manager
Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)
WSO2 Mixer Adaptor
Separately Hosted WSO2 API Manager

17. Service Mesh and API Management

18. Artifacts to Istio

19. Demo
https://github.com/nirmal070125/istio-ballerina-service-rollout

20. What just happened?

21. JWT Validation Process

22. JWT Token Validation Process

23. OAuth 2.0 Validation Process

24. Analytics Process

25. API Analytics

26. THANK YOU
wso2.com

27. WSO2 - Istio adapter
https://github.com/wso2/istio-apim/tree/1.0
WSO2 - Istio Web Page
https://wso2.com/api-management/microservices/istio/