Cloud Native API Management : Microservices to APIs in Kubernetes
- 1. Cloud Native API Management :
Microservices to APIs in Kubernetes
September 16, 2020
- 3. ● Microservices architecture and service mesh
● API management in Service Mesh Paradigm
● API Operator
● API Operator With Istio Service Mesh
● API Management Ecosystem
● Exposing microservices as APIs
● Applying API Management to Microservices in a Service Mesh(Demo)
What’s covered...
3
- 5. 5
Microservices Architecture & Service Mesh
● Microservices Architecture enables to deploy applications
⦿ Independently
⦿ Frequently
⦿ Loosely coupled
⦿ Scale
● Service Mesh is to handle service to service(inter service) communication
⦿ Load Balancing
⦿ Service discovery
⦿ Authentication
⦿ Traffic Management
⦿ Circuit Breaking
- 6. Micoservice Architeture & Service Mesh
Istio Ingress Gateway
Products
Service
Inventory
Service
Review
Service
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Namespace: Istio-system Namespace: micro
Consumer
- 8. API Management in Service Mesh Paradigm
8
● Gateway handles north-south
traffic
● Service Mesh handles east-west
traffic
● Fully fledged API management
system for microservices is a
combination of both
- 10. 10
API Operator for Kubernetes
● Makes API a first class citizen in Kubernetes eco
system
● Easier to deploy
● Imposese
⦿ Security
⦿ Throttling
⦿ Mediation
⦿ Monitoring
For your microservices
● Build in deployment patterns
● Fully automated experience for cloud native API
management
● Single source of truth
- 11. 11
API Operator Overview
API CRD API Controller
API Operator
K8s API Server
Docker Registry
apictl add api -n products-api
--from-file=products_swagger.yaml
- 13. 13
API Operator with Istio in Permissive Mode
● Services running in a namespace where Istio
injection enabled
● API gateway running in a different namespace
● Works with both HTTP and MTLS traffic
- 14. 14
API Operator with Istio in MTLS Mode
● When Istio is deployed in MTLS mode
● The communication between API gateway and the
services are happened via Istio Ingress Gateway.
● Virtual Service in Istio to route the traffic from Istio
ingress gateway to backend services
- 15. 15
API Operator with Istio in Sidecar Mode
● API gateway resides in the Istio enabled namespace
● Istio ingress gateway works as the edge gateway and talk to API gateway
● API gateway routes the traffic
● Works with both permissive and MTLS scenario
- 17. Overview of Control Plane, Management Plane and Data Plane
Inventory
Service
API
Microgateway
17
Products
Service
Review
Service
API Publisher
Developer
Portal
Key Manager
Data plane - K8S
Traffic
ManagerAPI Analytics
Management Plane Control Plane
- 22. 22
Expose microservices as an API Product
1 Swagger first approach AKA Developer first approach
2 Start from API Publisher AKA Design first approach
- 23. 23
Swagger First Approach
Start from the Swagger definition
Deploy the API Gateway in Kubernetes
Import the API to the API Publisher
Productize the API and publish the API
Productize the API by adding necessary
information and publish the API for public
access
Access the API from the DevPortal
By giving the Swagger definition to Kubernetes
Using apictl (command line tool) import
the API to the API PublisherCreate/ Generate a Swagger definition for
the microservices
Using an access token, invoke the API
from the devportal
- 24. 24
Start from API Publisher
Create an API in the API Publisher
Productize the API and publish the API in Kubernetes
Deploy the API Gateway in Kubernetes
Access the API from the DevPortal
Using an access token, invoke the API from the
devportal
By selecting a Kubernetes environment, publish
the API in Kubernetes
As of the API Manager and Kubernetes
integration, an API Gateway gets deployed
in Kubernetes
Using the API publisher, create an API
- 26. 26
Demo outline
● Deploying microservices in Istio service mesh
● Applying API Management to the microservices using API Operator in sidecar mode
⦿ Swagger first approach
⦾ Deploy an API Microgateway using K8s API Operator
⦾ Import the API to the API Publisher
⦾ Productize and publish the API
⦿ Publisher first approach
⦾ Create an API in the API Publisher
⦾ Publish the API in Private Jet Mode
● Discover the APIs in the Marketplace
● Invoking the secured API
- 27. Prerequisites
● Kubectl
● Kubernetes Cluster with Kubernetes version v1.15 or above
⦿ Minimum CPU 8vCPU
⦿ Minimum Memory 8GB
● Istio v1.6.5 or above
● An account in a docker registry (Docker Hub/ECR/GCR etc)
● K8S API Operator and API controller (CLI tool) installed in Istio mode
● API manager with private jet mode enabled deployed(Could be either k8s
cluster in a separate VM)
Documentation for the above steps are mentioned in a later slides as learning materials.
27
- 28. Deploying Microservices
Istio Ingress Gateway
Products
Service
Inventory
Service
Review
Service
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Namespace: Istio-system Namespace: micro
28
- 29. Deploying API Microgateway for microservices
Istio Ingress Gateway
Products
Service
Inventory
Service
Review
Service
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
API
Microgateway
Namespace: Istio-system Namespace: micro
29
- 30. Expose API Microgateway to outside traffic
Istio Ingress Gateway
Products
Service
Inventory
Service
Review
Service
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
API
Microgateway
Namespace: Istio-system Namespace: micro
30
- 31. Access the API
Istio Ingress Gateway
Products
Service
Inventory
Service
Review
Service
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
Sidecar Proxy
(Envoy)
API
Microgateway
API
Consumer
Namespace: Istio-system Namespace: micro
31
- 32. Learning Materials
● Configuring Kubectl :
⦿ https://kubernetes.io/docs/tasks/tools/install-kubectl/
● Configuring APICTL :
⦿ https://apim.docs.wso2.com/en/latest/learn/api-controller/getting-started-with-wso2-api-controll
er/
● Install API Operator & deploy API Manager on Kubernetes:
⦿ https://github.com/wso2/k8s-api-operator/blob/v1.2.0/README.md
● API Operator with Istio
⦿ https://github.com/wso2/k8s-api-operator/tree/v1.2.0/scenarios/scenario-13
● API Manager private jet mode:
⦿ https://apim.docs.wso2.com/en/latest/learn/kubernetes-operators/k8s-api-operator/enabling-pri
vatejet-mode-to-deploy-apis/
32