Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API Manager

99 views

Published on

Stefano discusses how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices, to APIs, to end-user applications.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[APIdays Paris 2019] API Management in Service Mesh Using Istio and WSO2 API Manager

  1. 1. API Days Paris 2019 Cloud native API Management for Microservices on a Service Mesh using Istio Stefano Negri
  2. 2. What a Microservices Architecture is ● Microservice architectural style is an approach to developing a single application as a suite of small services. ● Each running in its own process and communicating with lightweight mechanisms. ● These services are built, around business capabilities. ● Independently deployable by fully automated deployment machinery.
  3. 3. Why Microservices Architecture? ● Individual components. Running, testing, deploying individually. ● Agility, flexibility and speed to market. ● Adapt microservice development for fast innovation. ● Smaller teams, agile software development life cycles ● Freedom to use heterogeneous technologies, early feedback cycles
  4. 4. Problem with “big application” (a.k.a. “monolithic”) Let say you have bigger application and you need to scale it. Why Microservices
  5. 5. Split your “bigger application” into smaller granules that can be deployed independently Split into Microservices. So we can implement each smaller business function most effective way(language, platform, expertise). Why Microservices
  6. 6. Split your “bigger application” into smaller granules that can be deployed independently Split into Microservices. So we can implement each smaller business function most effective way(language, platform, expertise). Why Microservices
  7. 7. Scale/ Replicate each component individually. Because each smaller service is microservice now. And they can be deploy independently. Why Microservices
  8. 8. ● Breaking up monoliths into microservices adds more components. ● Easy to manage at the beginning but becomes very complex when things scale. Microservices Challenges
  9. 9. Challenges with Microservices
  10. 10. Challenges with Microservices
  11. 11. • Secure communication between services. • Analytics, tracing, monitoring • Disaggregation of architecture increases number of endpoints. • Communication among these endpoints will be a key challenge. • Service discovery. • Network resiliency. Challenges with Microservices
  12. 12. How can this be solved?
  13. 13. Service Mesh A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. source:techtarget.com
  14. 14. Service Mash 14 ▪ Microservices code has to take care of all network communication and governance of services ▪ Hence such capabilities can be offloaded to a separate layer Microservice A Network Stack Service Mesh Sidecar Microservice B Network Stack Service Mesh Sidecar Control Plane HTTP1.x.HTTP2.gRPC,TCP Application Network Functions Business Logic Primitive Network Functions Data Plane
  15. 15. Multiple Service Mesh implementations that are available today ● Istio ● Gloo ● AWS App mesh ● Linkerd Service Mesh Implementations
  16. 16. Istio is an open source service mesh implementation which provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications. Istio
  17. 17. Istio Component Overview • Envoy is a set of intelligent proxies deployed as sidecars • Mixer enforces access control and usage policies across the service mesh, and collects telemetry data from the Envoy proxy and other services. • Pilot provides service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing, and resiliency. • Citadel enables strong service-to-service and end-user authentication with built-in identity and credential management.
  18. 18. Istio Component Overview Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)
  19. 19. • When users need to expose microservices services to outside in a secured and a controlled manner. • When fine grained security should be enforced on APIs exposed. • When stats need to be collected on API usage for monetization and billing. • When it is required to offer a marketplace for APIs for easy discovery and adoption. When is API Management required in a Service Mesh
  20. 20. Istio and WSO2 API Manager
  21. 21. Products microservice
  22. 22. Kubernetes cluster on GKE
  23. 23. Example: Products service on Istio products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system (namespace) (namespace)
  24. 24. Deployment of WSO2 API-M WSO2 API-M WSO2 API-M Analytics wso2 products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system (namespace) (namespace) (namespace)
  25. 25. WSO2 API Manager
  26. 26. Componentized
  27. 27. Installation of WSO2 API-M Mixer Adaptor WSO2 API-M WSO2 API-M Analytics wso2 products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system Adaptor config Mixer-adaptor connectivity config API-M Server public certificate WSO2 Adaptor
  28. 28. Add API & Subscription WSO2 API-M WSO2 API-M Analytics wso2 products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system Rules HTTPAPISpec httpapispecbinding WSO2 Adaptor Generate Token (API-M Store) Publish API (API-M Publisher)
  29. 29. OAuth2.0 Validation WSO2 API-M WSO2 API-M Analytics wso2 products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system WSO2 Adaptor Request with OAUTH gRPC Token validation - API Context - Token - Version - …
  30. 30. JWT Validation WSO2 API-M WSO2 API-M Analytics wso2 products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system WSO2 Adaptor Request with JWT gRPC Validate Signature in JWT
  31. 31. Analytics WSO2 API-M WSO2 API-M Analytics wso2 products µ-service products gateway products µ-service products gateway Pilot Mixer Citadel default istio-system WSO2 Adaptor Request with JWT gRPC API Usage Data - Dashboards - APIs
  32. 32. THANK YOU wso2.com THANK YOU wso2.com

×