SlideShare ist ein Scribd-Unternehmen logo
1 von 38
API Gateways and Service Meshes:
Opening the Door to Application Modernisation
Daniel Bryant
Product Architect, Datawire
tl;dr
▪ App modernisation is often about incrementally decoupling apps from infra
– An API gateway and service mesh can help with this migration
▪ API gateway handles ingress traffic
▪ Service mesh handles service-to-service comms
▪ You can decouple apps via two patterns
– Outside-in, using an API gateway
– Balkanization, using a service mesh on a segment of services
Product Architect at Datawire
Freelance Tech Consultant and Writer
@danielbryantuk
Why App Modernisation?
▪ Lead time
▪ Deployment frequency
▪ Mean time to restore (MTTR)
▪ Change fail percentage
CIOs: “We want to go faster, and not fall over
(and if it breaks we want to detect and fix it fast)”
App Modernisation
▪ Refactoring, repurposing, or consolidation of heritage software to align it
more closely with current business needs
▪ Decoupling applications from infrastructure
– Moving workloads to take advantage of cloud-based (AI) services
– Retiring old systems (saving infra/hosting costs)
– Reducing operational burden (e.g. toil and security patching)
App Modernisation
▪ Microservices!
▪ Cloud!
▪ Containers!
▪ Kubernetes!
App modernisation: Not an overnight thing
Decoupling Infrastructure Strategies
▪ Bring the cloud hardware to you
▪ Bring the cloud experience to you
▪ Bring the cloud software to you
▪ Bring the cloud traffic management to you
Decoupling Infrastructure Strategies
▪ Bring the cloud hardware to you:
– AWS Outposts; custom hardware that is fully managed by AWS.
▪ Bring the cloud experience to you:
– Azure Stack; run hybrid applications across the Azure cloud and via on-
premises hardware.
Decoupling Infrastructure Strategies
▪ Bring the cloud software to you:
– Google Anthos; software abstraction (VMware -> k8s/GKE, Istio, Stackdriver)
▪ Bring the cloud traffic management to you:
– API gateway + service mesh; dynamically route traffic across any
infrastructure (which is routable via the network)
Software-focusedHardware-focused
Small commitmentBig commitment
Complete access to
cloud primitives
Reliance on abstractions
Decoupling Infrastructure Strategies
▪ Bring the cloud hardware to you
▪ Bring the cloud experience to you
▪ Bring the cloud software to you
▪ Bring the cloud traffic management to you
Outside-in migration: API gateway
Outside-in migration: API gateway
Outside-in migration: API gateway
API Gateway: Edge proxy, ingress, ADC...
▪ Exposes internal services to end-users (often via multiple domains)
▪ Encapsulates backends: k8s, VMs, bare metal etc.
▪ Focused on managing ingress (“north-south”) traffic
https://bit.ly/2NnUXt9
https://www.getambassador.io/resources/challenges-api-gateway-kubernetes
API Gateway: Edge proxy, ingress, ADC...
▪ Exposes internal services to end-users (often via multiple domains)
▪ Encapsulates backends: k8s, VMs, bare metal etc.
▪ Focused on managing ingress (“north-south”) traffic
▪ Engineer-driven product release (often) happens here
▪ You don’t control the client
API Gateway: Self-Serve Routing & Security
▪ Self-serve routing
– Traffic routing, splitting, and shaping (to dynamic backends)
– Release functionality (A/B, canary, dark launch etc)
▪ Security
– End-user authentication/authorization
– TLS termination, rate limiting, WAF, DDoS protection, etc
API Gateway Options
Ambassador config
Balkanization: service-to-service comms
“Service mesh”, you say?
https://twitter.com/cesarTronLozai/status/1175327326218915840
https://twitter.com/wm/status/1173350339946274816
Service Mesh: Proxy mesh, Fabric model...
▪ Exposes internal services to internal consumers
▪ Encapsulates service infra: across k8s, VMs, bare metal etc
▪ Dynamic routing for service-to-service (“east-west”) traffic
▪ Ops apply “sane defaults” and top-level platform monitoring
▪ You generally control the client (or at least can influence this...)
Service mesh architecture: Envoy Proxy
Service Mesh: Three Pillars
▪ Observability
– “Golden signals”: latency, errors, traffic, saturation (USE, RED)
– Both global and service-to-service
▪ Reliability
– Abstracting health checks, retries, circuit breakers etc.
– Providing sane default to protect system
▪ Security
– Authn/z propagation, mTLS, ACLs, network segmentation
Service Mesh: Three Pillars
▪ Observability
– “Golden signals”: latency, errors, traffic, saturation (USE, RED)
– Both global and service-to-service
▪ Reliability
– Abstracting health checks, retries, circuit breakers etc.
– Providing sane default to protect system
▪ Security
– Authn/z propagation, mTLS, ACLs, network segmentation
https://www.infoq.com/podcasts/
Service Mesh Options
Consul config
Migration tactics: Outside-in
Balkanization: service-to-service comms
Migration tactics
▪ Outside in
– Start with an API gateway
– Identify a endpoint/service
▪ Balkanization
– Start with a service mesh
– Identify a service segment
▪ Easy install
▪ Conceptually easy to understand
▪ Less intrusive for all platforms
▪ (Potentially) higher blast radius
▪ Less new functionality
▪ Potentially higher value functionality
▪ “Easy” to deploy in Kubernetes
▪ Can support multicluster (beta)
▪ Operationally complex
▪ (Potentially) challenging to unwind
▪ Expectation management… :-)
bit.ly/2mr58C1
Learn more
Explore in your browser
https://instruqt.com/hashicorp/tracks/sock-shop-tutorial
Conclusion
▪ App modernisation is often about decoupling apps from infra
– One way to do this is via an API gateway and service mesh
▪ API gateway handles ingress traffic
▪ Service mesh handles service-to-service comms
▪ You can decouple apps via two patterns
– Outside-in, using an API gateway
– Balkanization, using a service mesh
References
▪ Context:
– https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/
▪ Reference:
– https://www.getambassador.io/user-guide/consul-connect-ambassador/
– https://www.getambassador.io/user-guide/consul/
– https://www.consul.io/docs/platform/k8s/ambassador.html
– https://www.hashicorp.com/blog/hashicorp-consul-supports-microsoft-s-new-service-mesh-framework
Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial
Code examples: https://github.com/emojify-app
Copyright © 2019 HashiCorp
Thanks!
@danielbryantuk

Weitere ähnliche Inhalte

Was ist angesagt?

ONAP TOSCA Orchestration with Cloudify
ONAP TOSCA Orchestration with CloudifyONAP TOSCA Orchestration with Cloudify
ONAP TOSCA Orchestration with CloudifyCloudify Community
 
Software-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StorySoftware-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StoryCisco Enterprise Networks
 
How to create custom dashboards in Elastic Search / Kibana with Performance V...
How to create custom dashboards in Elastic Search / Kibana with Performance V...How to create custom dashboards in Elastic Search / Kibana with Performance V...
How to create custom dashboards in Elastic Search / Kibana with Performance V...PerformanceVision (previously SecurActive)
 
The Interoperability Challenge in Telecom and NFS Environments
The Interoperability Challenge in Telecom and NFS EnvironmentsThe Interoperability Challenge in Telecom and NFS Environments
The Interoperability Challenge in Telecom and NFS EnvironmentsOpen Networking Summit
 
PLNOG16: The visionary style of ADC, Detlef Lilje
PLNOG16: The visionary style of ADC, Detlef LiljePLNOG16: The visionary style of ADC, Detlef Lilje
PLNOG16: The visionary style of ADC, Detlef LiljePROIDEA
 
Cloud computing-2 (1)
Cloud computing-2 (1)Cloud computing-2 (1)
Cloud computing-2 (1)JUDYFLAVIAB
 
Atf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network controlAtf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network controlMason Mei
 
Cloud Automation Manager
Cloud Automation ManagerCloud Automation Manager
Cloud Automation ManagerNithin Babu
 
Introducing ONAP for OpenStack St Louis Meetup
Introducing ONAP for OpenStack St Louis MeetupIntroducing ONAP for OpenStack St Louis Meetup
Introducing ONAP for OpenStack St Louis Meetupdjzook
 
Cloud integration patterns for it pros - itprceed
Cloud integration patterns for it pros - itprceedCloud integration patterns for it pros - itprceed
Cloud integration patterns for it pros - itprceedSam Vanhoutte
 
Orchestration of Microservices - Google dev fest 2017 Berlin
Orchestration of Microservices - Google dev fest 2017 BerlinOrchestration of Microservices - Google dev fest 2017 Berlin
Orchestration of Microservices - Google dev fest 2017 BerlinZeebe
 
Shedding Light on LINE Token Economy You Won't Find in Our White Paper
Shedding Light on LINE Token Economy You Won't Find in Our White PaperShedding Light on LINE Token Economy You Won't Find in Our White Paper
Shedding Light on LINE Token Economy You Won't Find in Our White PaperLINE Corporation
 
The Power to Declare Network Independence - VeloCloud
The Power to Declare Network Independence - VeloCloudThe Power to Declare Network Independence - VeloCloud
The Power to Declare Network Independence - VeloCloudVeloCloud Networks, Inc.
 
Anatomy of the modern application stack
Anatomy of the modern application stackAnatomy of the modern application stack
Anatomy of the modern application stackBoyan Dimitrov
 
Microservices with .Net - NDC Sydney, 2016
Microservices with .Net - NDC Sydney, 2016Microservices with .Net - NDC Sydney, 2016
Microservices with .Net - NDC Sydney, 2016Richard Banks
 
Ss Esb
Ss EsbSs Esb
Ss EsbWSO2
 

Was ist angesagt? (20)

ONAP TOSCA Orchestration with Cloudify
ONAP TOSCA Orchestration with CloudifyONAP TOSCA Orchestration with Cloudify
ONAP TOSCA Orchestration with Cloudify
 
Software-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success StorySoftware-Defined WAN: A Real World Success Story
Software-Defined WAN: A Real World Success Story
 
How to create custom dashboards in Elastic Search / Kibana with Performance V...
How to create custom dashboards in Elastic Search / Kibana with Performance V...How to create custom dashboards in Elastic Search / Kibana with Performance V...
How to create custom dashboards in Elastic Search / Kibana with Performance V...
 
The Interoperability Challenge in Telecom and NFS Environments
The Interoperability Challenge in Telecom and NFS EnvironmentsThe Interoperability Challenge in Telecom and NFS Environments
The Interoperability Challenge in Telecom and NFS Environments
 
PLNOG16: The visionary style of ADC, Detlef Lilje
PLNOG16: The visionary style of ADC, Detlef LiljePLNOG16: The visionary style of ADC, Detlef Lilje
PLNOG16: The visionary style of ADC, Detlef Lilje
 
Cloud computing-2 (1)
Cloud computing-2 (1)Cloud computing-2 (1)
Cloud computing-2 (1)
 
Workshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance AnalysisWorkshop on CIFS / SMB Protocol Performance Analysis
Workshop on CIFS / SMB Protocol Performance Analysis
 
Atf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network controlAtf 3 q15-5 - streamlining and automating virtual network control
Atf 3 q15-5 - streamlining and automating virtual network control
 
Cloud Automation Manager
Cloud Automation ManagerCloud Automation Manager
Cloud Automation Manager
 
Introducing ONAP for OpenStack St Louis Meetup
Introducing ONAP for OpenStack St Louis MeetupIntroducing ONAP for OpenStack St Louis Meetup
Introducing ONAP for OpenStack St Louis Meetup
 
Cloud integration patterns for it pros - itprceed
Cloud integration patterns for it pros - itprceedCloud integration patterns for it pros - itprceed
Cloud integration patterns for it pros - itprceed
 
Orchestration of Microservices - Google dev fest 2017 Berlin
Orchestration of Microservices - Google dev fest 2017 BerlinOrchestration of Microservices - Google dev fest 2017 Berlin
Orchestration of Microservices - Google dev fest 2017 Berlin
 
Micro service architecture
Micro service architecture  Micro service architecture
Micro service architecture
 
Shedding Light on LINE Token Economy You Won't Find in Our White Paper
Shedding Light on LINE Token Economy You Won't Find in Our White PaperShedding Light on LINE Token Economy You Won't Find in Our White Paper
Shedding Light on LINE Token Economy You Won't Find in Our White Paper
 
Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Building Hyperscale Networks
Building Hyperscale NetworksBuilding Hyperscale Networks
Building Hyperscale Networks
 
The Power to Declare Network Independence - VeloCloud
The Power to Declare Network Independence - VeloCloudThe Power to Declare Network Independence - VeloCloud
The Power to Declare Network Independence - VeloCloud
 
Anatomy of the modern application stack
Anatomy of the modern application stackAnatomy of the modern application stack
Anatomy of the modern application stack
 
Microservices with .Net - NDC Sydney, 2016
Microservices with .Net - NDC Sydney, 2016Microservices with .Net - NDC Sydney, 2016
Microservices with .Net - NDC Sydney, 2016
 
Ss Esb
Ss EsbSs Esb
Ss Esb
 

Ähnlich wie SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Application Modernisation"

ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep DiveYong Feng
 
Changing Views on Integration (AUSOUG Webinar Series, May 2020)
Changing Views on Integration (AUSOUG Webinar Series, May 2020)Changing Views on Integration (AUSOUG Webinar Series, May 2020)
Changing Views on Integration (AUSOUG Webinar Series, May 2020)Lucas Jellema
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60PolarSeven Pty Ltd
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersSaiLinnThu2
 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & BeyondImesh Gunaratne
 
Cloud Computing E-Lect.ppt
Cloud Computing E-Lect.pptCloud Computing E-Lect.ppt
Cloud Computing E-Lect.pptarunimaarunima1
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingBharat Kalia
 
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWSNext-Generation Security Operations with AWS
Next-Generation Security Operations with AWSAmazon Web Services
 
Cloud and its job oppertunities
Cloud and its job oppertunitiesCloud and its job oppertunities
Cloud and its job oppertunitiesRamya SK
 
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)SDN_Paris
 
Embracing SDN in the Next Gen Network
Embracing SDN in the Next Gen NetworkEmbracing SDN in the Next Gen Network
Embracing SDN in the Next Gen NetworkNetCraftsmen
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Eurotech
 
lect15_cloud.ppt
lect15_cloud.pptlect15_cloud.ppt
lect15_cloud.pptAjit Mali
 
Monitoring microservices platform
Monitoring microservices platformMonitoring microservices platform
Monitoring microservices platformBoyan Dimitrov
 
Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Judy Breedlove
 

Ähnlich wie SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Application Modernisation" (20)

ISTIO Deep Dive
ISTIO Deep DiveISTIO Deep Dive
ISTIO Deep Dive
 
Changing Views on Integration (AUSOUG Webinar Series, May 2020)
Changing Views on Integration (AUSOUG Webinar Series, May 2020)Changing Views on Integration (AUSOUG Webinar Series, May 2020)
Changing Views on Integration (AUSOUG Webinar Series, May 2020)
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60
 
Istio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform EngineersIstio Service Mesh for Developers and Platform Engineers
Istio Service Mesh for Developers and Platform Engineers
 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
 
Cloud Computing E-Lect.ppt
Cloud Computing E-Lect.pptCloud Computing E-Lect.ppt
Cloud Computing E-Lect.ppt
 
Session
SessionSession
Session
 
Introduction To Cloud Computing
Introduction To Cloud ComputingIntroduction To Cloud Computing
Introduction To Cloud Computing
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Salesforce - classification of cloud computing
Salesforce - classification of cloud computingSalesforce - classification of cloud computing
Salesforce - classification of cloud computing
 
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWSNext-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
 
Cloud and its job oppertunities
Cloud and its job oppertunitiesCloud and its job oppertunities
Cloud and its job oppertunities
 
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)Nuage meetup - Flexible and agile Software Defined Networking (SDN)
Nuage meetup - Flexible and agile Software Defined Networking (SDN)
 
Embracing SDN in the Next Gen Network
Embracing SDN in the Next Gen NetworkEmbracing SDN in the Next Gen Network
Embracing SDN in the Next Gen Network
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
 
lect15_cloud.ppt
lect15_cloud.pptlect15_cloud.ppt
lect15_cloud.ppt
 
Taw opening session
Taw opening sessionTaw opening session
Taw opening session
 
Monitoring microservices platform
Monitoring microservices platformMonitoring microservices platform
Monitoring microservices platform
 
Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith Agile integration: Decomposing the monolith
Agile integration: Decomposing the monolith
 

Mehr von Daniel Bryant

ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysDaniel Bryant
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...Daniel Bryant
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"Daniel Bryant
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Daniel Bryant
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"Daniel Bryant
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Daniel Bryant
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Daniel Bryant
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...Daniel Bryant
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"Daniel Bryant
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextDaniel Bryant
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Daniel Bryant
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"Daniel Bryant
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...Daniel Bryant
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Daniel Bryant
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Daniel Bryant
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"Daniel Bryant
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...Daniel Bryant
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...Daniel Bryant
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 

Mehr von Daniel Bryant (20)

ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API GatewaysITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"Fall 22: "From Kubernetes to PaaS to... err, what's next"
Fall 22: "From Kubernetes to PaaS to... err, what's next"
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's NextKubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
 

Kürzlich hochgeladen

Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROmotivationalword821
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 

Kürzlich hochgeladen (20)

Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTRO
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 

SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Application Modernisation"

  • 1. API Gateways and Service Meshes: Opening the Door to Application Modernisation Daniel Bryant Product Architect, Datawire
  • 2. tl;dr ▪ App modernisation is often about incrementally decoupling apps from infra – An API gateway and service mesh can help with this migration ▪ API gateway handles ingress traffic ▪ Service mesh handles service-to-service comms ▪ You can decouple apps via two patterns – Outside-in, using an API gateway – Balkanization, using a service mesh on a segment of services
  • 3. Product Architect at Datawire Freelance Tech Consultant and Writer @danielbryantuk
  • 4. Why App Modernisation? ▪ Lead time ▪ Deployment frequency ▪ Mean time to restore (MTTR) ▪ Change fail percentage CIOs: “We want to go faster, and not fall over (and if it breaks we want to detect and fix it fast)”
  • 5. App Modernisation ▪ Refactoring, repurposing, or consolidation of heritage software to align it more closely with current business needs ▪ Decoupling applications from infrastructure – Moving workloads to take advantage of cloud-based (AI) services – Retiring old systems (saving infra/hosting costs) – Reducing operational burden (e.g. toil and security patching)
  • 6. App Modernisation ▪ Microservices! ▪ Cloud! ▪ Containers! ▪ Kubernetes!
  • 7. App modernisation: Not an overnight thing
  • 8. Decoupling Infrastructure Strategies ▪ Bring the cloud hardware to you ▪ Bring the cloud experience to you ▪ Bring the cloud software to you ▪ Bring the cloud traffic management to you
  • 9. Decoupling Infrastructure Strategies ▪ Bring the cloud hardware to you: – AWS Outposts; custom hardware that is fully managed by AWS. ▪ Bring the cloud experience to you: – Azure Stack; run hybrid applications across the Azure cloud and via on- premises hardware.
  • 10. Decoupling Infrastructure Strategies ▪ Bring the cloud software to you: – Google Anthos; software abstraction (VMware -> k8s/GKE, Istio, Stackdriver) ▪ Bring the cloud traffic management to you: – API gateway + service mesh; dynamically route traffic across any infrastructure (which is routable via the network)
  • 11. Software-focusedHardware-focused Small commitmentBig commitment Complete access to cloud primitives Reliance on abstractions
  • 12. Decoupling Infrastructure Strategies ▪ Bring the cloud hardware to you ▪ Bring the cloud experience to you ▪ Bring the cloud software to you ▪ Bring the cloud traffic management to you
  • 16. API Gateway: Edge proxy, ingress, ADC... ▪ Exposes internal services to end-users (often via multiple domains) ▪ Encapsulates backends: k8s, VMs, bare metal etc. ▪ Focused on managing ingress (“north-south”) traffic
  • 18. API Gateway: Edge proxy, ingress, ADC... ▪ Exposes internal services to end-users (often via multiple domains) ▪ Encapsulates backends: k8s, VMs, bare metal etc. ▪ Focused on managing ingress (“north-south”) traffic ▪ Engineer-driven product release (often) happens here ▪ You don’t control the client
  • 19. API Gateway: Self-Serve Routing & Security ▪ Self-serve routing – Traffic routing, splitting, and shaping (to dynamic backends) – Release functionality (A/B, canary, dark launch etc) ▪ Security – End-user authentication/authorization – TLS termination, rate limiting, WAF, DDoS protection, etc
  • 23. “Service mesh”, you say? https://twitter.com/cesarTronLozai/status/1175327326218915840 https://twitter.com/wm/status/1173350339946274816
  • 24. Service Mesh: Proxy mesh, Fabric model... ▪ Exposes internal services to internal consumers ▪ Encapsulates service infra: across k8s, VMs, bare metal etc ▪ Dynamic routing for service-to-service (“east-west”) traffic ▪ Ops apply “sane defaults” and top-level platform monitoring ▪ You generally control the client (or at least can influence this...)
  • 25.
  • 27. Service Mesh: Three Pillars ▪ Observability – “Golden signals”: latency, errors, traffic, saturation (USE, RED) – Both global and service-to-service ▪ Reliability – Abstracting health checks, retries, circuit breakers etc. – Providing sane default to protect system ▪ Security – Authn/z propagation, mTLS, ACLs, network segmentation
  • 28. Service Mesh: Three Pillars ▪ Observability – “Golden signals”: latency, errors, traffic, saturation (USE, RED) – Both global and service-to-service ▪ Reliability – Abstracting health checks, retries, circuit breakers etc. – Providing sane default to protect system ▪ Security – Authn/z propagation, mTLS, ACLs, network segmentation https://www.infoq.com/podcasts/
  • 33. Migration tactics ▪ Outside in – Start with an API gateway – Identify a endpoint/service ▪ Balkanization – Start with a service mesh – Identify a service segment ▪ Easy install ▪ Conceptually easy to understand ▪ Less intrusive for all platforms ▪ (Potentially) higher blast radius ▪ Less new functionality ▪ Potentially higher value functionality ▪ “Easy” to deploy in Kubernetes ▪ Can support multicluster (beta) ▪ Operationally complex ▪ (Potentially) challenging to unwind ▪ Expectation management… :-)
  • 35. Explore in your browser https://instruqt.com/hashicorp/tracks/sock-shop-tutorial
  • 36. Conclusion ▪ App modernisation is often about decoupling apps from infra – One way to do this is via an API gateway and service mesh ▪ API gateway handles ingress traffic ▪ Service mesh handles service-to-service comms ▪ You can decouple apps via two patterns – Outside-in, using an API gateway – Balkanization, using a service mesh
  • 37. References ▪ Context: – https://www.infoq.com/articles/api-gateway-service-mesh-app-modernisation/ ▪ Reference: – https://www.getambassador.io/user-guide/consul-connect-ambassador/ – https://www.getambassador.io/user-guide/consul/ – https://www.consul.io/docs/platform/k8s/ambassador.html – https://www.hashicorp.com/blog/hashicorp-consul-supports-microsoft-s-new-service-mesh-framework Experiment in an Instruqt sandbox: https://instruqt.com/hashicorp/tracks/sock-shop-tutorial Code examples: https://github.com/emojify-app
  • 38. Copyright © 2019 HashiCorp Thanks! @danielbryantuk