apidays LIVE JAKARTA - Enterprise API management in agile integration by Raghuram Banda
2 likes1,572 views
The document discusses enabling API management using a GitOps framework. It describes key components needed for API management like the OpenAPI spec, implementation code, infrastructure code, integration configuration, API management configuration, API gateway configuration, and API catalog. Using GitOps provides benefits like empowering developers to manage infrastructure configuration similarly to code using Git, keeping configurations declarative and version controlled, and enabling simple, automated, auditable deployments that detect deviations from the configuration.
apidays LIVE JAKARTA - Enterprise API management in agile integration by Raghuram Banda
- 1. Enterprise API Management in Agile Integration Raghuram Banda Integration Architect
- 2. ● NEW INTEGRATION ARCHITECTURE ● AGILE INTEGRATION ● API MANAGEMENT ○ CAPABILITY MODEL ● USE GITOPS FRAMEWORK IN API MANAGEMENT
- 4. “A container-based, decentralized and microservices aligned architecture for application integration”.
- 5. There are 3 key aspects that makes an agile integration approach: Distributed integration: This approach enables a distributed integration architecture, rather than the traditional centralized integration architecture, and it empowers each teams to define and deploy the integration patterns that they need with agility. APIs: Well built APIs have a huge impact on collaboration between teams, development, and operations. APIs allow to expose key assets that can be used and reused as building blocks across the organization, with partners, and with customers. APIs can be deployed together with containers to different environments, allowing different users to interact with different sets of APIs. Containers: For both API and distributed integration technologies, containers work as the underlying deployment platform. Containers allow the exact service to be deployed within a specific environment in a way that is easy and consistent to develop, test, and maintain. Because containers are the dominant platform for DevOps environments and microservices, using containers as the integration platform produces a much more transparent and collaborative relationship between development and infrastructure teams.
- 9. DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY API M OPERATIONS API Consumer API MANAGEMENT MICRO SERVICES API Providers SECURITY APIM Operations APPLICATIONS API MANAGEMENT - CAPABILITY MODEL - STAKEHOLDERS
- 10. API MANAGEMENT - CAPABILITY MODEL - Traffic Flow DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY API MANAGEMENT APPLICATIONS & MICRO SERVICES API Providers Central Gateway (default) SECURITY /IAM+FW) Policy fetch Dedicated Gateway (option) HTTP traffic Policy store OAuth2 federated IAM Portal Access Policy Store OAuth2 providerAD
- 11. DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY APIM Operations API Consumer API MANAGEMENT API Providers SECURITY(IAM+FW) 1. Secure, Reliable and Flexible Com. 1.1 Authentication and Authorization 1.2 Threat Detection 1.3 Data Privacy 1.4 Traffic Management 1.5 QoS Management 1.6 Interface Translation 1.7 Service Routing 1.8 Service Orchestration 1.9 Policy Management and Tracking 2. API Landscape & Operations 2.1 Flexible Deployment Topology 2.2 Platform Automation 2.3 Operational Support 2.4 Developer Portal Deployment 2.5 Platform Upgrades 2.6 Platform Configuration 3. API Lifecycle and Org 3.1 Publication 3.2 Version Management 3.3 Change Notification 3.4 Issue Management 4. Capabilities That Enable Developers 4.1 Discovery Metadata 4.2 Developer Self-Support 4.3 Developer Access Provisioning 4.4 Collaboration and Community 4.5 Developer Enablement Admin 4.6 API Scenario Optimization 5. API Economy 5.1 Activity Logging 5.2 User Auditing 5.3 Business Value Reporting 5.4 Contract Management 5.5 Advanced Analytics 5.6 Service-Level Reporting APIM Operations MICRO SERVICESAPPLICATIONS API MANAGEMENT - CAPABILITY MODEL - Use cases
- 12. DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES Firewall OpenShift + Docker DNS Certificate Store 1. Secure, Reliable and Flexible Com. 1.1 Authentication and Authorization 1.2 Threat Detection 1.3 Data Privacy 1.4 Traffic Management 1.5 QoS Management 1.6 Interface Translation 1.7 Service Routing 1.8 Service Orchestration 1.9 Policy Management and Tracking 2. API Landscape & Operations 2.1 Flexible Deployment Topology 2.2 Platform Automation 2.3 Operational Support 2.4 Developer Portal Deployment 2.5 Platform Upgrades 2.6 Platform Configuration 3. API Lifecycle and Org 3.1 Publication 3.2 Version Management 3.3 Change Notification 3.4 Issue Management 4. Capabilities That Enable Developers 4.1 Discovery Metadata 4.2 Developer Self-Support 4.3 Developer Access Provisioning 4.4 Collaboration and Community 4.5 Developer Enablement Admin 4.6 API Scenario Optimization 5. API Economy 5.1 Activity Logging 5.2 User Auditing 5.3 Business Value Reporting 5.4 Contract Management 5.5 Advanced Analytics 5.6 Service-Level Reporting Area 1 API MANAGEMENT APPLICATIONS, MICRO SERVICES & MIDDLEWARE API Providers FIREWALLS + IAM 1.1.1 Dev key policy mgmt 1.1.2 Identity mgmt 1.1.3 Identity fed providers 1.1.4 Authorization policies 1.2.1 NW behav. analysis 1.2.2 Content inspection 1.2.3 Error visualization 1.3.2 Data masking 1.3.3 Data filtering 1.3.4 Tokenization 1.4.1 Usage throttling 1.4.2 Dev cons. quotas OAuth2 provider XAny OAuth2 provider - 1.7.4.1 e.g. DNS record RR - 1.1.4.1 App Key - 1.1.4.2 App Key + App id - 1.1.4.3.1 OAuth2 -Client Cred - 1.1.4.3.2 OAuth2 -Owner Cred - 1.1.4.3.3 OAuth2 -Client side Grant - 1.1.4.3.4 OAuth2 -Server side Grant- 1.2.3.1 Basic Metrics - 1.2.3.1 Advanced Analytics 1.3.1 Encr. & cert. mgmt 1.5.1 Caching 1.5.2 Edge Caching1.7.1 URL mapping 1.7.2 Service dispatching 1.7.3 Connection pooling 1.7.4 Load balancing 1.8.1 Interface composition 1.8.2 Int.with remote APIs 1.9.1 Policy AuthZ tagging 1.9.2 Live policy deploym. 1.9.3 Policy scheduling 1.6.1 Format translation 1.6.2 Protocol translation 1.6.3 Service Mapping - 1.1.2.1 e.g.Customer IAM - 1.7.2.1 e.g. URI mapping pub/priv API MANAGEMENT - CAPABILITY MODEL -
- 13. DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES Firewall K8S + Docker DNS Certificate Store 1. Secure, Reliable and Flexible Com. 1.1 Authentication and Authorization 1.2 Threat Detection 1.3 Data Privacy 1.4 Traffic Management 1.5 QoS Management 1.6 Interface Translation 1.7 Service Routing 1.8 Service Orchestration 1.9 Policy Management and Tracking 2. API Landscape & Operations 2.1 Flexible Deployment Topology 2.2 Platform Automation 2.3 Operational Support 2.4 Developer Portal Deployment 2.5 Platform Upgrades 2.6 Platform Configuration 3. API Lifecycle and Org 3.1 Publication 3.2 Version Management 3.3 Change Notification 3.4 Issue Management 4. Capabilities That Enable Developers 4.1 Discovery Metadata 4.2 Developer Self-Support 4.3 Developer Access Provisioning 4.4 Collaboration and Community 4.5 Developer Enablement Admin 4.6 API Scenario Optimization 5. API Economy 5.1 Activity Logging 5.2 User Auditing 5.3 Business Value Reporting 5.4 Contract Management 5.5 Advanced Analytics 5.6 Service-Level Reporting Area 2 API MANAGEMENT APPLICATIONS, MICRO SERVICES & MIDDLEWARE API Providers FIREWALLS + IAM 2.1.1 API Mgmt Cloud Services 2.1.2 On Prem. Deploy Option 2.1.1 API Mgmt Cloud Services 2.1.2 On Prem. Deploy Option 2.1.1 API Mgmt Cloud Services 2.1.2 On Prem. Deploy Option 2.1.1 API Mgmt Cloud Services 2.1.2 On Prem. Deploy Option 2.1.1 API Mgmt Cloud Services 2.2.1 API Mgmt Platform API 2.2.2 Policy Migration Support 2.2.3 Developer Toolbox - 2.2.2.2 Staging of policy per env - 2.2.2.1 Test, QA, Prod envs 2.3.1 Sys monitoring integr. 2.3.2 Backup and dis. recovery 2.4.1 Integr. with existing IAM e.g. AD 2.4.2 Portal branding - 2.4.2.1 Custom Branding - 2.4.2.2 Custom Pages 2.5.1 Platform Update Process 2.5.2 CM for Cloud Service Update 2.6.1 Self-service deployment 2.6.2 API Provider subtenancy 2.6.3 Platform modularity - 2.6.2.1 Delegated API Admin - 2.6.1.1 New API - 2.6.1.2 Updated API - 2.6.2.2 Multiple API Portals - 2.6.3.1 Activated features API MANAGEMENT - CAPABILITY MODEL
- 14. API MANAGEMENT - CAPABILITY MODEL DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES Firewall K8St + Docker DNS Certificate Store 1. Secure, Reliable and Flexible Com. 1.1 Authentication and Authorization 1.2 Threat Detection 1.3 Data Privacy 1.4 Traffic Management 1.5 QoS Management 1.6 Interface Translation 1.7 Service Routing 1.8 Service Orchestration 1.9 Policy Management and Tracking 2. API Landscape & Operations 2.1 Flexible Deployment Topology 2.2 Platform Automation 2.3 Operational Support 2.4 Developer Portal Deployment 2.5 Platform Upgrades 2.6 Platform Configuration 3. API Lifecycle and Org 3.1 Publication 3.2 Version Management 3.3 Change Notification 3.4 Issue Management 4. Capabilities That Enable Developers 4.1 Discovery Metadata 4.2 Developer Self-Support 4.3 Developer Access Provisioning 4.4 Collaboration and Community 4.5 Developer Enablement Admin 4.6 API Scenario Optimization 5. API Economy 5.1 Activity Logging 5.2 User Auditing 5.3 Business Value Reporting 5.4 Contract Management 5.5 Advanced Analytics 5.6 Service-Level Reporting Area 3 API MANAGEMENT APPLICATIONS, MICRO SERVICES & MIDDLEWARE API Providers FIREWALLS + IAM 3.1.1 Design 3.1.2 Deployment 3.1.3 Migration 3.1.4 Rollback 3.2.1 Versioning 3.2.2 Packaging 3.2.3 Deprecation 3.2.4 Retirement 3.3.1 Release notification 3.3.2 Availability notification 3.4.1 Change and defect tracking 3.4.2 Issue analysis and reporting
- 15. API MANAGEMENT - CAPABILITY MODEL DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES Firewall K8S + Docker DNS Certificate Store 1. Secure, Reliable and Flexible Com. 1.1 Authentication and Authorization 1.2 Threat Detection 1.3 Data Privacy 1.4 Traffic Management 1.5 QoS Management 1.6 Interface Translation 1.7 Service Routing 1.8 Service Orchestration 1.9 Policy Management and Tracking 2. API Landscape & Operations 2.1 Flexible Deployment Topology 2.2 Platform Automation 2.3 Operational Support 2.4 Developer Portal Deployment 2.5 Platform Upgrades 2.6 Platform Configuration 3. API Lifecycle and Org 3.1 Publication 3.2 Version Management 3.3 Change Notification 3.4 Issue Management 4. Capabilities That Enable Developers 4.1 Discovery Metadata 4.2 Developer Self-Support 4.3 Developer Access Provisioning 4.4 Collaboration and Community 4.5 Developer Enablement Admin 4.6 API Scenario Optimization 5. API Economy 5.1 Activity Logging 5.2 User Auditing 5.3 Business Value Reporting 5.4 Contract Management 5.5 Advanced Analytics 5.6 Service-Level Reporting Area 4 API MANAGEMENT APPLICATIONS, MICRO SERVICES & MIDDLEWARE API Providers FIREWALLS + IAM 4.1.1 API Catalogue 4.1.2 Version history 4.2.1 Documentation 4.2.2 Test sandboxes 4.2.3 Sample code 4.2.4 Libraries 4.2.5 API Billing 4.2.2 Test sandboxes 4.2.3 Sample code 4.2.4 Libraries 4.3.1 Developer API key reg 4.3.2 Developer API key mgmt 4.4.1 API provider blog 4.4.2 Developer forums 4.4.2 Change notification reg. 4.4.3 Developer issue reporting 4.5.1 Developer forum mgmt 4.5.2 Content management 4.5.3 API Doc Management 4.6.1 Mobile Scenarios 4.6.2 IoT Scenarios 4.6.3 Cloud Scenarios 4.6.4 Web App Scenarios
- 16. API MANAGEMENT - CAPABILITY MODEL DEVELOPER PORTAL API MANAGER PORTAL API Consumers API GATEWAY OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES Firewall K8S + Docker DNS Certificate Store 1. Secure, Reliable and Flexible Com. 1.1 Authentication and Authorization 1.2 Threat Detection 1.3 Data Privacy 1.4 Traffic Management 1.5 QoS Management 1.6 Interface Translation 1.7 Service Routing 1.8 Service Orchestration 1.9 Policy Management and Tracking 2. API Landscape & Operations 2.1 Flexible Deployment Topology 2.2 Platform Automation 2.3 Operational Support 2.4 Developer Portal Deployment 2.5 Platform Upgrades 2.6 Platform Configuration 3. API Lifecycle and Org 3.1 Publication 3.2 Version Management 3.3 Change Notification 3.4 Issue Management 4. Capabilities That Enable Developers 4.1 Discovery Metadata 4.2 Developer Self-Support 4.3 Developer Access Provisioning 4.4 Collaboration and Community 4.5 Developer Enablement Admin 4.6 API Scenario Optimization 5. API Economy 5.1 Activity Logging 5.2 User Auditing 5.3 Business Value Reporting 5.4 Contract Management 5.5 Advanced Analytics 5.6 Service-Level Reporting Area 5 API MANAGEMENT APPLICATIONS, MICRO SERVICES & MIDDLEWARE API Providers FIREWALLS + IAM 5.1.1 Access logging 5.1.2 Consumption logging 5.1.3 Performance logging 5.1.3 Error logging 5.1.4 Audit logging 5.2.1 Access reporting 5.2.2 Usage reporting 5.3.1 Revenue reporting 5.3.2 Value reporting 5.3.3 Report & data export 5.4.1 Terms of service Mgmt 5.4.2 Dev Rate Tier Admin 5.5.1 Pluggable reporting 5.5.2 Custom Reporting 5.6.1 Remote monitoring 5.6.2 Availability statistics 5.6.3 Performance statisticsAdvanced Analytics 5.6.4 Exception statistics 5.6.5 Service-level alerts
- 22. ● OpenAPI Spec ● Implementation code ● Infrastructure code ● Integration config ● API Management config ● API Gateway config ● API Catalog ● Deployment config
- 23. GITOPS & KEY BENEFITS ● Empowers developers to treat the configuration of infrastructure and deployment of code in a very similar manner to how they manage their software development process using a familiar tool: Git. ● Configuration of applications and the deployment environments should be declarative and version controlled. ● Application deployment and lifecycle management should be simple, automated, and auditable. ● Application deployments should be fast, reliable, and idempotent. ● Any deviation from the version controlled configuration should be immediately detected and remediated. •An operating model for Kubernetes providing guidelines which unify deployment, management and monitoring for containerized clusters and applications. CICD pipelines and git workflows are applied to both operations, and development.
- 24. GITOPS & CONTINUOUS INTEGRATION During a Continuous Integration (CI) practice, developers merge code changes in a central repository (Git). With CI, each change in code (commit) triggers an automated build-and-test stage for the given repo and provides feedback to the developer(s) who made the change. GitOps CI Pipeline differs from traditional CI pipeline , where in the CI pipeline performs updates to the application manifest with the new image version after the build and test stages have completed successfully.
- 25. GITOPS & CONTINUOUS INTEGRATION FLOW GitOps CI pipeline enables to 1. Build the application and run unit testing as needed. 2. Push a new container image to a container registry 3. Update the Kubernetes manifests in Git to reflect the new image
- 26. GITOPS & CONTINUOUS DEPLOYMENT During Continuous Delivery (CD) involves the process of automating the entire software release process. Continuous Delivery includes infrastructure provisioning in addition to deployment. GitOps CD differs from from traditional CD through the use of a GitOps operator to monitor the manifest changes and orchestrate the deployment. As long as the CI build is complete and the manifest is updated, GitOps Operator takes care of the eventual deployment.
- 27. GITOPS & CONTINUOUS DEPLOYMENT FLOW Below are the phases performed by the GitOps operator to deploy based on manifest change. Git Clone Config Repo The GitOps operator detects changes in your repo and performs a git clone to get the latest manifests from your Git repo. Discover Manifests The GitOps Operator also determines if there is any delta between the manifests in Kubernetes vs. the latest manifests from Git Repo. If there is no difference, GitOps Operator stops at this point. Kubectl Apply If the GitOps Operator determines there are differences between Kubernetes manifests vs. Git Repo manifests, GitOps Operator applies the new manifests to Kubernetes using the kubectl apply command.
- 28. DEVOPS using PULL REQUESTS
- 29. Reference
- 30. Thank you !