[WSO2 API Day Chicago 2019] Extending Service Mesh with API Management
1 like215 views
The document discusses the evolution of applications towards microservice architecture and the importance of service mesh and API management in addressing the associated challenges. It highlights the benefits of microservices, such as agility, innovation, and scalability, while outlining challenges like operational complexity and network resiliency. The presentation emphasizes the integration of WSO2 API Manager with Istio for enhanced security, analytics, and control over microservices deployment.
[WSO2 API Day Chicago 2019] Extending Service Mesh with API Management
- 1. Extending Service Mesh with API Management Nirmal Fernando Senior Lead Solutions Engineer
- 2. Agenda: • Evolution of Applications • Why microservice architecture? • Challenges with microservices? • Why Service Mesh? • Why API Management? • WSO2 API Manager with Istio / Demo
- 3. Evolution of Applications Disaggregated architectures drive 50 billion endpoints to grow >1 trillion CONSUMER DEMAND SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND 1 10 102 103 105 109 MONOLITHIC BUSINESS APP ENTERPRISE APPS DEPARTME NTAL APPS SAAS APPS PUBLIC / PRIVATE APIS 1970s | MAINFRAME 1980s | IT AWAKENING 1990s | INTERNET 2000s | MOBILE 2010s | IoT/AI 2020+ | DIGITAL NATIVE SERVERLESS & MICROSERVICES
- 4. What is Microservices Architecture? ● Architectural and organizational approach to software development ● Designed to speed-up deployment cycles, foster innovation and ownership, improve maintainability and scalability ● Composed of small independent services, each of which is built around a single business capability ● Services are owned by small self-contained teams
- 5. Why Microservices Architecture? ● Agility - small independent teams are empowered to work independently and quickly, thus shortening the cycle times ● Innovation - teams can act autonomously and choose appropriate technologies, frameworks and low cost of failure ● Quality - dividing into small well-defined modules improves reusability, composability and maintainability of code ● Scalability - fine-grained decoupling of microservices allows you to horizontally scale each service independently from each other ● Availability - easier to implement failure isolation, thus improve the overall availability of your application
- 7. • Network resiliency (retry, failover, circuit breaker) • Architectural complexity (complexity in interactions) – service discovery – service authentication • Operational complexity – Analytics, tracing, monitoring (Observability) – How to deploy a new version of a service (roll out new version - Canary deployment) Challenges with Microservices
- 8. How to address these challenges?
- 9. Service Mesh A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. source:techtarget.com
- 10. Istio is an open source service mesh implementation which provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications. Istio
- 11. Istio Component Overview • Pilot is responsible for configuring the data plane, defining basic proxy behaviour, providing service discovery for the Envoy sidecars, traffic management capabilities for intelligent routing, and resiliency. • Mixer can respond to various queries from the data plane such as authorization, access control or quota checks, and collects telemetry data from the Envoy proxy and other services. • Citadel enables strong service-to-service and end-user authentication with built-in identity and credential management. Allows you to build zero-trust environments.
- 12. Istio Component Overview Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)
- 13. Demo
- 14. Type Service Mesh API Management Routing L3/L4 HTTP, GRPC, GraphQL Security Service identity and mTLS User/App Authentication and Authorization(OAuth / JWT) Analytics Service operational analytics Business and developer focus analytics Rate Limiting RPC level rate limiting Business related rate limiting Personas and Portal DevOps portals Publisher, Developer, CXO portal
- 15. • When users need to expose microservices services to outside in a secured and a controlled manner. • When fine grained security should be enforced on APIs exposed. • When stats need to be collected on API usage for monetization and billing. • When it is required to offer a marketplace for APIs for easy discovery and adoption. When is API Management required in a Service Mesh
- 16. Istio + WSO2 API Manager Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/) WSO2 Mixer Adaptor Separately Hosted WSO2 API Manager
- 17. Service Mesh and API Management
- 22. JWT Token Validation Process
- 23. OAuth 2.0 Validation Process
- 25. API Analytics
- 27. WSO2 - Istio adapter https://github.com/wso2/istio-apim/tree/1.0 WSO2 - Istio Web Page https://wso2.com/api-management/microservices/istio/