This document discusses how API gateways and service meshes can help with application modernization by incrementally decoupling applications from infrastructure. An API gateway handles ingress traffic and exposes internal services externally. A service mesh handles communication between services and provides observability, reliability, and security for service-to-service calls. There are two common patterns for decoupling applications: using an API gateway in an "outside-in" approach or deploying a service mesh within a "balkanized" segment of services. Both tools can help modernize applications in a gradual manner.
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to Application Modernisation"
1. API Gateways and Service Meshes:
Opening the Door to Application Modernisation
Daniel Bryant
Product Architect, Datawire
2. tl;dr
▪ App modernisation is often about incrementally decoupling apps from infra
– An API gateway and service mesh can help with this migration
▪ API gateway handles ingress traffic
▪ Service mesh handles service-to-service comms
▪ You can decouple apps via two patterns
– Outside-in, using an API gateway
– Bulkanization, using a service mesh on a segment of services
3. Product Architect at Datawire
Freelance Tech Consultant and Writer
@danielbryantuk
4. Why App Modernisation?
▪ Lead time
▪ Deployment frequency
▪ Mean time to restore (MTTR)
▪ Change fail percentage
CIOs: “We want to go faster, and not fall over
(and if it breaks we want to detect and fix it fast)”
5. App Modernisation
▪ Refactoring, repurposing, or consolidation of “heritage” software to align it
more closely with current business needs
▪ Decoupling applications from infrastructure
– Moving workloads to take advantage of cloud-based (AI) services
– Retiring old systems (saving infra/hosting costs)
– Reducing operational burden (e.g. toil and security patching)
8. Decoupling Infrastructure Strategies
▪ Bring the cloud hardware to you:
– AWS Outposts; custom hardware that is fully managed by AWS.
▪ Bring the cloud experience to you:
– Azure Stack; run hybrid applications across the Azure cloud and their own
on-premises hardware.
9. Decoupling Infrastructure Strategies
▪ Bring the cloud software to you:
– Google Anthos; software abstraction (VMware -> k8s/GKE, Istio, Stackdriver)
▪ Bring the cloud traffic management to you
– API gateway + service mesh; dynamically route traffic across any
infrastructure (which is routable via the network)
14. API Gateway: Edge proxy, ingress, ADC...
▪ Exposes internal services to end-users (often via multiple domains)
▪ Encapsulates backends: k8s, VMs, bare metal etc
▪ Focused on managing ingress (“north-south”) traffic
▪ Engineer-driven product release (often) happens here
▪ You don’t control the client
19. “Service mesh”, you say?
https://twitter.com/cesarTronLozai/status/1175327326218915840
https://twitter.com/wm/status/1173350339946274816
20. Service Mesh: Proxy mesh, Fabric model...
▪ Exposes internal services to internal consumers
▪ Encapsulates service infra: across k8s, VMs, bare metal etc
▪ Dynamic routing for service-to-service (“east-west”) traffic
▪ Ops apply “sane defaults” and top-level platform monitoring
▪ You generally control the client (or at least can influence this...)
27. Migration tactics
▪ Outside in
– Start with a gateway
– Identify a endpoint/service
▪ Balkanization
– Start with a service mesh
– Identify a service segment
▪ Easy install
▪ Conceptually easy to understand
▪ Less intrusive for all platforms
▪ (Potentially) higher blast radius
▪ Less new functionality
▪ Potentially high value functionality
▪ “Easy” to deploy in Kubernetes
▪ Can support multi-cluster (beta)
▪ Operationally complex
▪ (Potentially) challenging to unwind
▪ Expectation management… :-)
30. Conclusion
▪ App modernisation is often about decoupling apps from infra
– One way to do this incrementally is via an API gateway and service mesh
▪ API gateway handles ingress traffic
▪ Service mesh handles service-to-service comms
▪ You can decouple apps via two patterns
– Outside-in, using an API gateway
– Bulkanization, using a service mesh