In this deck, we discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
[WSO2 API Day Chicago 2019] Extending Service Mesh with API Management
1. Extending Service Mesh with API
Management
Nirmal Fernando
Senior Lead Solutions Engineer
2. Agenda:
• Evolution of Applications
• Why microservice architecture?
• Challenges with microservices?
• Why Service Mesh?
• Why API Management?
• WSO2 API Manager with Istio / Demo
3. Evolution of Applications
Disaggregated architectures drive 50 billion endpoints to grow >1 trillion
CONSUMER DEMAND
SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND
1
10
102
103
105
109
MONOLITHIC
BUSINESS APP
ENTERPRISE
APPS
DEPARTME
NTAL APPS
SAAS APPS
PUBLIC /
PRIVATE APIS
1970s
|
MAINFRAME
1980s
|
IT
AWAKENING
1990s
|
INTERNET
2000s
|
MOBILE
2010s
|
IoT/AI
2020+
|
DIGITAL NATIVE
SERVERLESS &
MICROSERVICES
4. What is Microservices Architecture?
● Architectural and organizational approach to software
development
● Designed to speed-up deployment cycles, foster
innovation and ownership, improve maintainability and
scalability
● Composed of small independent services, each of which
is built around a single business capability
● Services are owned by small self-contained teams
5. Why Microservices Architecture?
● Agility - small independent teams are empowered to work independently
and quickly, thus shortening the cycle times
● Innovation - teams can act autonomously and choose appropriate
technologies, frameworks and low cost of failure
● Quality - dividing into small well-defined modules improves reusability,
composability and maintainability of code
● Scalability - fine-grained decoupling of microservices allows you to
horizontally scale each service independently from each other
● Availability - easier to implement failure isolation, thus improve the overall
availability of your application
7. • Network resiliency (retry, failover, circuit breaker)
• Architectural complexity (complexity in interactions)
– service discovery
– service authentication
• Operational complexity
– Analytics, tracing, monitoring (Observability)
– How to deploy a new version of a service (roll out new
version - Canary deployment)
Challenges with Microservices
9. Service Mesh
A service mesh is a dedicated infrastructure layer that
controls service-to-service communication over a network.
It provides a method in which separate parts of an
application can communicate with each other.
source:techtarget.com
10. Istio is an open source service mesh implementation which
provides behavioral insights and operational control over
the service mesh as a whole, offering a complete solution
to satisfy the diverse requirements of microservice
applications.
Istio
11. Istio Component Overview
• Pilot is responsible for configuring the data plane, defining basic
proxy behaviour, providing service discovery for the Envoy
sidecars, traffic management capabilities for intelligent routing, and
resiliency.
• Mixer can respond to various queries from the data plane such as
authorization, access control or quota checks, and collects
telemetry data from the Envoy proxy and other services.
• Citadel enables strong service-to-service and end-user
authentication with built-in identity and credential management.
Allows you to build zero-trust environments.
14. Type Service Mesh API Management
Routing L3/L4 HTTP, GRPC, GraphQL
Security Service identity and mTLS User/App Authentication and
Authorization(OAuth / JWT)
Analytics Service operational analytics Business and developer focus analytics
Rate Limiting RPC level rate limiting Business related rate limiting
Personas and Portal DevOps portals Publisher, Developer, CXO portal
15. • When users need to expose microservices services to
outside in a secured and a controlled manner.
• When fine grained security should be enforced on APIs
exposed.
• When stats need to be collected on API usage for
monetization and billing.
• When it is required to offer a marketplace for APIs for
easy discovery and adoption.
When is API Management required in a Service Mesh
16. Istio + WSO2 API Manager
Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)
WSO2 Mixer Adaptor
Separately Hosted WSO2 API Manager