SlideShare a Scribd company logo

Role of edge gateways in relation to service mesh adoption

Download as PPTX, PDF
Christian Posta, profile picture
Christian Posta

The document discusses the evolving role of API gateways in the context of service mesh technologies, emphasizing challenges and trade-offs related to API management, traffic control, and security. Key topics include various gateway patterns, the functionality of Envoy proxy, and strategies for integrating gateways in microservices architecture. The presentation outlines the importance of a phased approach to gateway adoption, aiming to enhance microservices environments while improving observability and security.

Software
1 of 51
Downloaded 37 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
1 | Copyright © 2019 API Gateways are going through an identity crisis @christianposta
2 | Copyright © 2019 @christianposta CHRISTIAN POSTA • Field CTO @ Solo.io • Author of a few books • Contributor to many open-source projects • Architect, blogger, speaker, mentor, leader @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
3 | Copyright © 2019 @christianposta WROTE THE FIRST BOOK ON ISTIO…
4 | Copyright © 2019 @christianposta WRITING ISTIO BOOK FOR MANNING https://bit.ly/istio-in-action
5 | Copyright © 20195 | Copyright © 2019 Identity Crisis
6 | Copyright © 2019 @christianposta INSPIRED BY A BLOG… http://bit.ly/gateway-identity-crisis
8 | Copyright © 2019 @christianposta • API Management solutions • Kubernetes/cluster ingress • Service Mesh proxies, gateways • Application-built gateways Identity crisis?
9 | Copyright © 2019 @christianposta “I am just going to use service mesh, doesn’t that make gateways obsolete?” IDENTITY CRISIS?
10 | Copyright © 201910 | Copyright © 2019 Alternative talk title: Role of edge gateways in relation to service mesh adoption
11 | Copyright © 2019 @christianposta • Problem statement, challenges, tradeoffs • Useful patterns to set context • Envoy proxy as the foundation • Architecture patterns to consider • Demo • Wrap up What to expect from rest of this talk:
12 | Copyright © 2019 @christianposta • Augment, complement, replace existing API infrastructure • Support a microservices, cloud environment • Need better traffic control and observability • As little disruption as possible, target multiple compute • Improve security posture Goals we see
13 | Copyright © 2019 THE PROBLEM HOW DO YOU OBSERVE? HOW DO YOU MANAGE APIS? HOW CAN ENFORCE SECURITY? MONOLITH MICROSERVICES
14 | Copyright © 2019 @christianposta • Traffic control • Traffic routing • Secure communications • Application-level network observability • Policy enforcement Solving challenges between services within the organization
15 | Copyright © 2019 LARGE, CENTRALIZED, LOW-TRUST, SHARED ENVIRONMENTS
16 | Copyright © 2019 CENTRALIZED VS DECENTRALIZED
17 | Copyright © 2019 CENTRALIZED VS DECENTRALIZED WITHOUT GAPS
18 | Copyright © 201918 | Copyright © 2019 How to get there?
19 | Copyright © 2019 @christianposta
20 | Copyright © 2019 @christianposta • Start with one proxy, grow to more • Pick a subset of traffic applications • Get demonstrable value from it • Data plane matters • Leverage high-value patterns for application traffic Start with a gateway approach
21 | Copyright © 201921 | Copyright © 2019 Three important gateway patterns
22 | Copyright © 2019 @christianposta “Edge” concerns, North-South vs East-West
23 | Copyright © 2019 @christianposta “Edge” concerns, North-South vs East-West Capability Service Mesh Edge Traffic Control ✔ ✔ Traffic Routing ✔ ✔ TLS/mTLS ✔ ✔ Network Observability ✔ ✔ Policy Enforcement ✔ ✔
24 | Copyright © 2019 @christianposta “Edge” concerns, North-South vs East-West Capability Service Mesh Edge OAuth/OIDC ✘ ✔ Web Application Firewall ✘ ✔ Message transformation ✘ ✔ Request/response caching ✘ ✔ Domain-specific rate limit ✘ ✔ HMAC, request path security ✘ ✔ Understand API surface, intended decoupling ✘ ✔
25 | Copyright © 2019 @christianposta API Gateway Pattern “A service that’s the entry point into the microservices- based application … is responsible for request routing, API composition, protocol translation … and edge functions like authentication, authorization, rate limiting, caching, et. al.” See also: https://microservices.io/patterns/apigateway.html https://www.manning.com/books/microservices-patterns
26 | Copyright © 2019 @christianposta API Gateway Pattern: what it does • Tailored API for different kinds of clients • Abstracts backend services, protocols, message shapes, etc • Powerful matching/routing, discovery, transformation, aggregation, protocol translation • Backends for front-ends • A developer-first construct • Intended to be decentralized and change at the pace of your applications • Network-level functions including rate-limiting, authentication/authorization, caching, metrics collection
27 | Copyright © 2019 @christianposta Mediator pattern http://en.wikipedia.org/wiki/Design_Patterns Credit: https://springframework.guru/gang-of-four-design-patterns/mediator-pattern/
28 | Copyright © 2019 @christianposta
29 | Copyright © 2019 @christianposta
30 | Copyright © 2019 @christianposta
31 | Copyright © 2019 @christianposta
32 | Copyright © 201932 | Copyright © 2019 Envoy proxy as a gateway
33 | Copyright © 2019 @christianposta Meet Envoy Proxy http://envoyproxy.io
34 | Copyright © 2019 @christianposta Envoy Proxy implements: • zone aware, least request load balancing • circuit breaking • outlier detection • retries, retry policies • timeout (including budgets) • traffic shadowing • rate limiting • access logging, statistics collection • Many other features!
35 | Copyright © 2019 @christianposta
36 | Copyright © 2019 @christianposta
37 | Copyright © 2019 @christianposta Edge Gateway built on Envoy https://github.com/solo-io/gloo
38 | Copyright © 2019 @christianposta What is Gloo? ● Enterprise Envoy Proxy ● API-level routing, decoupling ● Complements any service mesh ● Traffic control, canary releases ● OAuth flows ● TLS termination, passthrough, mTLS ● Rate limiting, Caching ● Request/Response transformation ● Kubernetes CRDs (when deployed to Kubernetes) https://gloo.solo.io
39 | Copyright © 2019 @christianposta Edge Gateway built on Envoy
40 | Copyright © 2019 @christianposta Gloo companion project: Sqoop Query Monolith Microservice s Cloud Functions Result https://sqoop.solo.io
41 | Copyright © 2019 @christianposta Demo!
42 | Copyright © 201942 | Copyright © 2019 Gateway adoption patterns (waypoint architecture) on the journey to service mesh
43 | Copyright © 2019 @christianposta Start with single proxy
44 | Copyright © 2019 @christianposta Bring in decoupling points (multi-tier gateway)
45 | Copyright © 2019 @christianposta Gateway per product/domain/bounded context
46 | Copyright © 2019 @christianposta Push gateways down as you grow, avoid death star architecture!
47 | Copyright © 2019 @christianposta Push gateways down as you grow, avoid death star architecture!
48 | Copyright © 2019 @christianposta • Crawl, walk, run approach • Leverage shared gateways, path for decentralization • Envoy/Gloo proven open-source projects, successful adoption • Reduce risk, target multi-platform compute, move at your own pace Final thoughts
49 | Copyright © 2019 @christianposta Check out Solo.io!
50 | Copyright © 2019 @christianposta Sneak peak, https://servicemeshhub.io
51 | Copyright © 2019 @christianposta CHRISTIAN POSTA @christianposta christian@solo.io https://blog.christianposta.com https://slideshare.net/ceposta
52 | Copyright © 201952 | Copyright © 2019 @soloio_inc

More Related Content

PPT
Multi-cluster service mesh with GlooMesh
Christian Posta
 
PPTX
The Truth About the Service Mesh Data Plane
Christian Posta
 
PPTX
Chaos Debugging for Microservices
Christian Posta
 
PPTX
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
PPTX
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
PPTX
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
PPTX
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
PPTX
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 
Multi-cluster service mesh with GlooMesh
Christian Posta
 
The Truth About the Service Mesh Data Plane
Christian Posta
 
Chaos Debugging for Microservices
Christian Posta
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
Multicluster Kubernetes and Service Mesh Patterns
Christian Posta
 

What's hot (20)

PPTX
API World: The service-mesh landscape
Christian Posta
 
PPTX
Intro Istio and what's new Istio 1.1
Christian Posta
 
PDF
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
PDF
Open Source Networking Days- Service Mesh
CloudOps2005
 
PPTX
Deep Dive: Building external auth plugins for Gloo Enterprise
Christian Posta
 
PPTX
Evolution of integration and microservices patterns with service mesh
Christian Posta
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
PPTX
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
PPTX
Making sense of microservices, service mesh, and serverless
Christian Posta
 
PDF
The Service Mesh: It's about Traffic
C4Media
 
PDF
Running Consul on Kubernetes and Beyond
Mitchell Pronschinske
 
PDF
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
Jiun-Yi Chen
 
PPTX
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
Sam Vanhoutte
 
PDF
Microservices Integration Patterns with Kafka
Kasun Indrasiri
 
PDF
Service mesh on Kubernetes - Istio 101
Huy Vo
 
PDF
A Peering Strategy for the Pacific Islands
APNIC
 
PDF
Integration Microservices
Kasun Indrasiri
 
PDF
Microservices for Enterprises
Kasun Indrasiri
 
PPTX
Communication in a Microservice Architecture
Per Bernhardt
 
PPTX
NGINX MRA Fabric Model Release and Ask Me Anything Part 4
NGINX, Inc.
 
API World: The service-mesh landscape
Christian Posta
 
Intro Istio and what's new Istio 1.1
Christian Posta
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
Open Source Networking Days- Service Mesh
CloudOps2005
 
Deep Dive: Building external auth plugins for Gloo Enterprise
Christian Posta
 
Evolution of integration and microservices patterns with service mesh
Christian Posta
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Making sense of microservices, service mesh, and serverless
Christian Posta
 
The Service Mesh: It's about Traffic
C4Media
 
Running Consul on Kubernetes and Beyond
Mitchell Pronschinske
 
20190727 HashiCorp Consul Workshop: 管管你們家 config 啦
Jiun-Yi Chen
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
Sam Vanhoutte
 
Microservices Integration Patterns with Kafka
Kasun Indrasiri
 
Service mesh on Kubernetes - Istio 101
Huy Vo
 
A Peering Strategy for the Pacific Islands
APNIC
 
Integration Microservices
Kasun Indrasiri
 
Microservices for Enterprises
Kasun Indrasiri
 
Communication in a Microservice Architecture
Per Bernhardt
 
NGINX MRA Fabric Model Release and Ask Me Anything Part 4
NGINX, Inc.
 
Ad

Similar to Role of edge gateways in relation to service mesh adoption (20)

PPTX
Service Mesh in the Real World [Raleigh NC Meetup]
Solo.io
 
PPTX
API Gateways are going through an identity crisis
Christian Posta
 
PDF
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
Don't Assume Your API Gateway is Ready for Microservices
Ambassador Labs
 
PDF
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
SoftwareCircus 2020 "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
xConf-2022-api-gateway-service-mesh.pdf
Wesley Reisz
 
PPTX
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
PDF
ADDO 2020: "The past, present, and future of cloud native API gateways"
Daniel Bryant
 
PPTX
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
Daniel Bryant
 
PPTX
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...
Daniel Bryant
 
PDF
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
Daniel Bryant
 
PDF
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
VMware Tanzu
 
PDF
Docker microservices and the service mesh
Docker, Inc.
 
PDF
apidays Australia 2023 - Transforming Your Network To Secure, Control And Obs...
apidays
 
PDF
[QCon London 2020] The Future of Cloud Native API Gateways - Richard Li
Ambassador Labs
 
PPTX
Docker, Microservices, and the Service Mesh
Tony Pujals
 
PPTX
Microservices and Integration: what's next with Istio service mesh
Christian Posta
 
PDF
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
Service Mesh in the Real World [Raleigh NC Meetup]
Solo.io
 
API Gateways are going through an identity crisis
Christian Posta
 
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
Don't Assume Your API Gateway is Ready for Microservices
Ambassador Labs
 
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
SoftwareCircus 2020 "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
xConf-2022-api-gateway-service-mesh.pdf
Wesley Reisz
 
CloudNativeLondon 2019 "API Gateways and Service Meshes: Opening the Door to ...
Daniel Bryant
 
ADDO 2020: "The past, present, and future of cloud native API gateways"
Daniel Bryant
 
SACON EU 2019 "API Gateways and Service Meshes: Opening the Door to Applicati...
Daniel Bryant
 
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...
Daniel Bryant
 
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
Daniel Bryant
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
VMware Tanzu
 
Docker microservices and the service mesh
Docker, Inc.
 
apidays Australia 2023 - Transforming Your Network To Secure, Control And Obs...
apidays
 
[QCon London 2020] The Future of Cloud Native API Gateways - Richard Li
Ambassador Labs
 
Docker, Microservices, and the Service Mesh
Tony Pujals
 
Microservices and Integration: what's next with Istio service mesh
Christian Posta
 
NYC Kubernetes Meetup: Ambassador and Istio - Flynn, Datawire
Ambassador Labs
 
Ad

More from Christian Posta (13)

PDF
What Istio Got Wrong: Learnings from the last seven years of service mesh
Christian Posta
 
PDF
Move Auth, Policy, and Resilience to the Platform
Christian Posta
 
PDF
Comparing Sidecar-less Service Mesh from Cilium and Istio
Christian Posta
 
PDF
Understanding Wireguard, TLS and Workload Identity
Christian Posta
 
PDF
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
PDF
Cilium + Istio with Gloo Mesh
Christian Posta
 
PPTX
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
PPTX
Intro to Knative
Christian Posta
 
PPTX
Come for the traffic management, stay for the security
Christian Posta
 
PPTX
A microservices journey - Round 2
Christian Posta
 
PDF
An eventful tour from enterprise integration to serverless and functions
Christian Posta
 
PDF
Lowering the risk of monolith to microservices
Christian Posta
 
PDF
Istio: solving challenges of hybrid cloud
Christian Posta
 
What Istio Got Wrong: Learnings from the last seven years of service mesh
Christian Posta
 
Move Auth, Policy, and Resilience to the Platform
Christian Posta
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Christian Posta
 
Understanding Wireguard, TLS and Workload Identity
Christian Posta
 
Compliance and Zero Trust Ambient Mesh
Christian Posta
 
Cilium + Istio with Gloo Mesh
Christian Posta
 
KubeCon NA 2018: Evolution of Integration and Microservices with Service Mesh...
Christian Posta
 
Intro to Knative
Christian Posta
 
Come for the traffic management, stay for the security
Christian Posta
 
A microservices journey - Round 2
Christian Posta
 
An eventful tour from enterprise integration to serverless and functions
Christian Posta
 
Lowering the risk of monolith to microservices
Christian Posta
 
Istio: solving challenges of hybrid cloud
Christian Posta
 

Recently uploaded (20)

DOCX
Can You Build Dashboards Using Open Source Visualization Tool.docx
Varsha Nayak
 
PDF
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
PDF
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
PDF
On Software Engineers' Productivity - Beyond Misleading Metrics
Romén Rodríguez-Gil
 
PDF
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
PDF
Bandai Playdia The Book - David Glotz
BluePanther6
 
PDF
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
PDF
Generating Union types w/ Static Analysis
K. Matthew Dupree
 
PDF
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
PPTX
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
PDF
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
PDF
Applitools Platform Pulse: What's New and What's Coming - July 2025
Applitools
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PPT
Activate_Methodology_Summary presentatio
annapureddyn
 
PPTX
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
PPTX
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
PDF
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
PPT
Why Reliable Server Maintenance Service in New York is Crucial for Your Business
Sam Vohra
 
PPTX
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
PPTX
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 
Can You Build Dashboards Using Open Source Visualization Tool.docx
Varsha Nayak
 
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
On Software Engineers' Productivity - Beyond Misleading Metrics
Romén Rodríguez-Gil
 
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
Bandai Playdia The Book - David Glotz
BluePanther6
 
49785682629390197565_LRN3014_Migrating_the_Beast.pdf
Abilash868456
 
Generating Union types w/ Static Analysis
K. Matthew Dupree
 
49784907924775488180_LRN2959_Data_Pump_23ai.pdf
Abilash868456
 
The-Dawn-of-AI-Reshaping-Our-World.pptxx
parthbhanushali307
 
Key Features to Look for in Arizona App Development Services
Net-Craft.com
 
Applitools Platform Pulse: What's New and What's Coming - July 2025
Applitools
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
Activate_Methodology_Summary presentatio
annapureddyn
 
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
AI-Ready Handoff: Auto-Summaries & Draft Emails from MQL to Slack in One Flow
bbedford2
 
Using licensed Data Loss Prevention (DLP) as a strategic proactive data secur...
Q-Advise
 
Why Reliable Server Maintenance Service in New York is Crucial for Your Business
Sam Vohra
 
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
ASSIGNMENT_1[1][1][1][1][1] (1) variables.pptx
kr2589474
 

Role of edge gateways in relation to service mesh adoption

  • 1. 1 | Copyright © 2019 API Gateways are going through an identity crisis @christianposta
  • 2. 2 | Copyright © 2019 @christianposta CHRISTIAN POSTA • Field CTO @ Solo.io • Author of a few books • Contributor to many open-source projects • Architect, blogger, speaker, mentor, leader @christianposta [email protected] https://blog.christianposta.com https://slideshare.net/ceposta
  • 3. 3 | Copyright © 2019 @christianposta WROTE THE FIRST BOOK ON ISTIO…
  • 4. 4 | Copyright © 2019 @christianposta WRITING ISTIO BOOK FOR MANNING https://bit.ly/istio-in-action
  • 5. 5 | Copyright © 20195 | Copyright © 2019 Identity Crisis
  • 6. 6 | Copyright © 2019 @christianposta INSPIRED BY A BLOG… http://bit.ly/gateway-identity-crisis
  • 7. 8 | Copyright © 2019 @christianposta • API Management solutions • Kubernetes/cluster ingress • Service Mesh proxies, gateways • Application-built gateways Identity crisis?
  • 8. 9 | Copyright © 2019 @christianposta “I am just going to use service mesh, doesn’t that make gateways obsolete?” IDENTITY CRISIS?
  • 9. 10 | Copyright © 201910 | Copyright © 2019 Alternative talk title: Role of edge gateways in relation to service mesh adoption
  • 10. 11 | Copyright © 2019 @christianposta • Problem statement, challenges, tradeoffs • Useful patterns to set context • Envoy proxy as the foundation • Architecture patterns to consider • Demo • Wrap up What to expect from rest of this talk:
  • 11. 12 | Copyright © 2019 @christianposta • Augment, complement, replace existing API infrastructure • Support a microservices, cloud environment • Need better traffic control and observability • As little disruption as possible, target multiple compute • Improve security posture Goals we see
  • 12. 13 | Copyright © 2019 THE PROBLEM HOW DO YOU OBSERVE? HOW DO YOU MANAGE APIS? HOW CAN ENFORCE SECURITY? MONOLITH MICROSERVICES
  • 13. 14 | Copyright © 2019 @christianposta • Traffic control • Traffic routing • Secure communications • Application-level network observability • Policy enforcement Solving challenges between services within the organization
  • 14. 15 | Copyright © 2019 LARGE, CENTRALIZED, LOW-TRUST, SHARED ENVIRONMENTS
  • 15. 16 | Copyright © 2019 CENTRALIZED VS DECENTRALIZED
  • 16. 17 | Copyright © 2019 CENTRALIZED VS DECENTRALIZED WITHOUT GAPS
  • 17. 18 | Copyright © 201918 | Copyright © 2019 How to get there?
  • 18. 19 | Copyright © 2019 @christianposta
  • 19. 20 | Copyright © 2019 @christianposta • Start with one proxy, grow to more • Pick a subset of traffic applications • Get demonstrable value from it • Data plane matters • Leverage high-value patterns for application traffic Start with a gateway approach
  • 20. 21 | Copyright © 201921 | Copyright © 2019 Three important gateway patterns
  • 21. 22 | Copyright © 2019 @christianposta “Edge” concerns, North-South vs East-West
  • 22. 23 | Copyright © 2019 @christianposta “Edge” concerns, North-South vs East-West Capability Service Mesh Edge Traffic Control ✔ ✔ Traffic Routing ✔ ✔ TLS/mTLS ✔ ✔ Network Observability ✔ ✔ Policy Enforcement ✔ ✔
  • 23. 24 | Copyright © 2019 @christianposta “Edge” concerns, North-South vs East-West Capability Service Mesh Edge OAuth/OIDC ✘ ✔ Web Application Firewall ✘ ✔ Message transformation ✘ ✔ Request/response caching ✘ ✔ Domain-specific rate limit ✘ ✔ HMAC, request path security ✘ ✔ Understand API surface, intended decoupling ✘ ✔
  • 24. 25 | Copyright © 2019 @christianposta API Gateway Pattern “A service that’s the entry point into the microservices- based application … is responsible for request routing, API composition, protocol translation … and edge functions like authentication, authorization, rate limiting, caching, et. al.” See also: https://microservices.io/patterns/apigateway.html https://www.manning.com/books/microservices-patterns
  • 25. 26 | Copyright © 2019 @christianposta API Gateway Pattern: what it does • Tailored API for different kinds of clients • Abstracts backend services, protocols, message shapes, etc • Powerful matching/routing, discovery, transformation, aggregation, protocol translation • Backends for front-ends • A developer-first construct • Intended to be decentralized and change at the pace of your applications • Network-level functions including rate-limiting, authentication/authorization, caching, metrics collection
  • 26. 27 | Copyright © 2019 @christianposta Mediator pattern http://en.wikipedia.org/wiki/Design_Patterns Credit: https://springframework.guru/gang-of-four-design-patterns/mediator-pattern/
  • 27. 28 | Copyright © 2019 @christianposta
  • 28. 29 | Copyright © 2019 @christianposta
  • 29. 30 | Copyright © 2019 @christianposta
  • 30. 31 | Copyright © 2019 @christianposta
  • 31. 32 | Copyright © 201932 | Copyright © 2019 Envoy proxy as a gateway
  • 32. 33 | Copyright © 2019 @christianposta Meet Envoy Proxy http://envoyproxy.io
  • 33. 34 | Copyright © 2019 @christianposta Envoy Proxy implements: • zone aware, least request load balancing • circuit breaking • outlier detection • retries, retry policies • timeout (including budgets) • traffic shadowing • rate limiting • access logging, statistics collection • Many other features!
  • 34. 35 | Copyright © 2019 @christianposta
  • 35. 36 | Copyright © 2019 @christianposta
  • 36. 37 | Copyright © 2019 @christianposta Edge Gateway built on Envoy https://github.com/solo-io/gloo
  • 37. 38 | Copyright © 2019 @christianposta What is Gloo? ● Enterprise Envoy Proxy ● API-level routing, decoupling ● Complements any service mesh ● Traffic control, canary releases ● OAuth flows ● TLS termination, passthrough, mTLS ● Rate limiting, Caching ● Request/Response transformation ● Kubernetes CRDs (when deployed to Kubernetes) https://gloo.solo.io
  • 38. 39 | Copyright © 2019 @christianposta Edge Gateway built on Envoy
  • 39. 40 | Copyright © 2019 @christianposta Gloo companion project: Sqoop Query Monolith Microservice s Cloud Functions Result https://sqoop.solo.io
  • 40. 41 | Copyright © 2019 @christianposta Demo!
  • 41. 42 | Copyright © 201942 | Copyright © 2019 Gateway adoption patterns (waypoint architecture) on the journey to service mesh
  • 42. 43 | Copyright © 2019 @christianposta Start with single proxy
  • 43. 44 | Copyright © 2019 @christianposta Bring in decoupling points (multi-tier gateway)
  • 44. 45 | Copyright © 2019 @christianposta Gateway per product/domain/bounded context
  • 45. 46 | Copyright © 2019 @christianposta Push gateways down as you grow, avoid death star architecture!
  • 46. 47 | Copyright © 2019 @christianposta Push gateways down as you grow, avoid death star architecture!
  • 47. 48 | Copyright © 2019 @christianposta • Crawl, walk, run approach • Leverage shared gateways, path for decentralization • Envoy/Gloo proven open-source projects, successful adoption • Reduce risk, target multi-platform compute, move at your own pace Final thoughts
  • 48. 49 | Copyright © 2019 @christianposta Check out Solo.io!
  • 49. 50 | Copyright © 2019 @christianposta Sneak peak, https://servicemeshhub.io
  • 50. 51 | Copyright © 2019 @christianposta CHRISTIAN POSTA @christianposta [email protected] https://blog.christianposta.com https://slideshare.net/ceposta
  • 51. 52 | Copyright © 201952 | Copyright © 2019 @soloio_inc