In a world of disaggregated API-based architectures, developers are increasingly adopting microservices — and Service Mesh is being used to control many service-to-service communications. But Service Mesh is not addressing the concern of how the exploding number of APIs can be exposed in a controlled and secure manner to their API consumers.
In this meetup, we will discuss how to augment service mesh functionality with API management capabilities, so you can create an end-to-end solution for your entire business functionality — from microservices to APIs, to end-user applications.
2. Agenda
● Evolution of Applications
● Why Microservice Architecture?
● Challenges with Microservices
● Why Service Mesh?
● Why API Management?
● Demo
4. Monolith to Microservice
● Easy to scale with customer
demands.
● Agility, flexibility and speed to
market.
● Smaller teams, agile software
development life cycles.
● Freedom to use heterogeneous
technologies, early feedback
cycles
10. Service Mesh
A service mesh is a dedicated infrastructure layer that
controls service-to-service communication over a network.
It provides a method in which separate parts of an
application can communicate with each other.
source:techtarget.com
13. Istio is an open source service mesh implementation which
provides behavioral insights and operational control over
the service mesh as a whole, offering a complete solution
to satisfy the diverse requirements of microservice
applications.
Istio
15. Type Service Mesh API Management
Routing • L3/L4 • HTTP, GRPC, GraphQL
Security • Service identity and mTLS • User/App Authentication
and Authorization (OAuth /
JWT)
Analytics • Service Operational Analytics • Business and Developer
focus Analytics
Rate Limiting • RPC level rate limiting • Business related rate
limiting
Personas and
Portal
• DevOps portals
• Publisher, Developer, CXO
portals
16. When is API Management required in a Service Mesh
● When users need to expose microservices to outside in
a secured and a controlled manner.
● When fine grained security should be enforced on APIs
exposed.
● When stats need to be collected on API usage for
monetization and billing.
● When it is required to offer a marketplace for APIs for
easy discovery and adoption.