Api Management with Service Mesh
•
0 likes•109 views
In a world of disaggregated API-based architectures, developers are increasingly adopting microservices — and Service Mesh is being used to control many service-to-service communications. But Service Mesh is not addressing the concern of how the exploding number of APIs can be exposed in a controlled and secure manner to their API consumers. In this meetup, we will discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.
Report
Share
Api Management with Service Mesh
- 1. API Management with Service Mesh Lakmal Warusawithana @lakwarus
- 2. Agenda ● Evolution of Applications ● Why Microservice Architecture? ● Challenges with Microservices ● Why Service Mesh? ● Why API Management? ● Demo
- 4. Monolith to Microservice ● Easy to scale with customer demands. ● Agility, flexibility and speed to market. ● Smaller teams, agile software development life cycles. ● Freedom to use heterogeneous technologies, early feedback cycles
- 5. Microservices Challenges - Resiliency
- 6. Microservices Challenges - Security
- 7. Microservices Challenges - Observability
- 8. Microservices Challenges - Risk of Code Releases
- 9. How can this be solved?
- 10. Service Mesh A service mesh is a dedicated infrastructure layer that controls service-to-service communication over a network. It provides a method in which separate parts of an application can communicate with each other. source:techtarget.com
- 11. Sidecar
- 12. Service Mesh
- 13. Istio is an open source service mesh implementation which provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications. Istio
- 15. Type Service Mesh API Management Routing • L3/L4 • HTTP, GRPC, GraphQL Security • Service identity and mTLS • User/App Authentication and Authorization (OAuth / JWT) Analytics • Service Operational Analytics • Business and Developer focus Analytics Rate Limiting • RPC level rate limiting • Business related rate limiting Personas and Portal • DevOps portals • Publisher, Developer, CXO portals
- 16. When is API Management required in a Service Mesh ● When users need to expose microservices to outside in a secured and a controlled manner. ● When fine grained security should be enforced on APIs exposed. ● When stats need to be collected on API usage for monetization and billing. ● When it is required to offer a marketplace for APIs for easy discovery and adoption.
- 17. WSO2 API Manager and Istio
- 20. Demo
- 22. JWT Token Validation Process
- 23. OAuth 2.0 Validation Process
- 25. Q & A