SlideShare a Scribd company logo

INTERFACE, by apidays - Challenges of exposing and connecting microservices

apidays
apidays

The document discusses the challenges of exposing and connecting microservices, highlighting issues such as the need for better security, visibility, and traffic management. It emphasizes the benefits of using an API gateway and service mesh for managing microservices effectively. Additionally, it underscores the importance of tools like Envoy Proxy and Istio in enhancing service communication and management.

Technology
1 of 37
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
The challenges of exposing and connecting microservices Denis Jannot Director of Field Engineering - EMEA
2022 SERIES OF EVENTS New York JULY (HYBRID) Australia SEPTEMBER (HYBRID) Singapore APRIL (VIRTUAL) Helsinki & North MARCH (VIRTUAL) Paris DECEMBER (HYBRID) London OCTOBER (HYBRID) Hong Kong AUGUST (VIRTUAL) JUNE (VIRTUAL) India MAY (VIRTUAL) APRIL (VIRTUAL) Dubai & Middle East JUNE (VIRTUAL) Check out our API Conferences www.a pida ys .globa l Want to talk at one of our conferences? apidays.typeform.com/to/ILJeAaV8
2 | Copyright © 2021 About me @djannot denis.jannot@solo.io denisjannot Denis Jannot Director of Field Engineering - EMEA @ Solo.io
3 | Copyright © 2021 From Monolith to Microservices MONOLITH MICROSERVICES
4 | Copyright © 2021 Kubernetes became the most popular platform MONOLITH MICROSERVICES
5 | Copyright © 2021 5 | Copyright © 2021 Exposing microservices
6 | Copyright © 2021 How do you expose your apps ? The Ingress way MICROSERVICES Ingress TLS Basic routing Kubernetes Service Pods
7 | Copyright © 2021 Each team reinvents the wheel MICROSERVICES Ingress
8 | Copyright © 2021 Some capabilities must be implemented downstream MICROSERVICES Ingress API GATEWAY Rate limiting WAF
9 | Copyright © 2021 Common challenges • Each team reinvents the wheel (setting up the same authentication) • Implementation is different for each language • Application teams should focus on the business logic instead • The security team doesn’t have visibility on what’s configured for each application • Other security mechanisms must be implemented outside of the Kubernetes cluster
10 | Copyright © 2021 What about a Kubernete-native API Gateway ? MICROSERVICES API GATEWAY Rate limiting WAF
11 | Copyright © 2021 That can even expose services outside of Kubernetes MICROSERVICES API GATEWAY Rate limiting WAF
12 | Copyright © 2021 Benefits • Authentication is performed at the API Gateway level • Application teams can focus on the business logic • Everything is configured through Kubernetes Custom Ressources, so it’s Gitops-friendly • Other security mechanisms are enforced by the same Gateway • Visibility for the security team
13 | Copyright © 2021 13 | Copyright © 2021 Connecting microservices
14 | Copyright © 2021 No visibility MICROSERVICES API GATEWAY Rate limiting WAF
15 | Copyright © 2021 Common challenges • No visibility • No security (plain text requests, all communications allowed in the cluster, …) • Limited traffic management • Complex cross cluster communications
16 | Copyright © 2021 Service to Service communication requirements • Observability • Identity Management • Encryption • Certificate Management • Traffic Management • Health check • Access Control • ...
17 | Copyright © 2021 Kubernetes alone doesn’t provide much Encryption Telemetry Traffic management Access control Identity Management Certificate management Health check Kubernetes Service Third Party Encryption
18 | Copyright © 2021 An API gateway could solve some problems MICROSERVICES API GATEWAY Encryption Telemetry Traffic management Access control Health check Identity Management Certificate management Third Party Encryption
19 | Copyright © 2021 But it would become a bottleneck MICROSERVICES API GATEWAY Encryption Telemetry Traffic management Access control Health check Identity Management Certificate management Third Party Encryption
20 | Copyright © 2021 Welcome Service Mesh SERVICE MESH Control Plane Encryption Telemetry Traffic management Access control Identity Management Certificate management Health check Data Plane
21 | Copyright © 2021 Benefits • Authentication and Authorization are performed at the Service Mesh level • Encryption is performed at the Service Mesh level • Advanced traffic management allows smarter deployments (canary, …) • End to end observability • Application teams can focus on the business logic
22 | Copyright © 2021 Why Envoy Proxy • Neutral Foundation (CNCF) • Large, diverse, vibrant community • Built ground up for dynamic services environment • Dynamic configuration, driven by API • Highly extensible • L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) • Deep signals telemetry out of the box • Versatile deployment options
23 | Copyright © 2021 Istio is the dominant open-source leader Source: CNCF Survey 2020 raw data
24 | Copyright © 2021 Multi-cluster operations is more involved
25 | Copyright © 2021 Istio architecture
26 | Copyright © 2021 26 | Copyright © 2021 Why Solo ?
27 | Copyright © 2021 Application networking
28 | Copyright © 2021 Gloo Edge MICROSERVICES Rate limiting WAF
29 | Copyright © 2021 Gloo Mesh
30 | Copyright © 2021 Enterprise Istio Production Support • Upstream first • Specialty builds available (FIPS, ARM, distroless, etc) • Long Term Support (LTS) N-4 • Critical security patches • Production break-fix • One hour SLA Severity 1 • Install / upgrade • Architecture and operational guidance, best practices Kubernetes Cluster Istiod Account User
31 | Copyright © 2021 First analyst report covering service mesh
32 | Copyright © 2021 32 | Copyright © 2021
33 | Copyright © 2021
34 | Copyright © 2021 34 | Copyright © 2021 https://slack.solo.io/
35 | Copyright © 2021 35 | Copyright © 2021 Thank you !
36 | Copyright © 2021

More Related Content

Similar to INTERFACE, by apidays - Challenges of exposing and connecting microservices (20)

PPTX
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
PPTX
Service Mesh in the Real World [Raleigh NC Meetup]
Solo.io
 
PDF
Bringing it all together
MelissaMcKay15
 
PPTX
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
PDF
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
Reference architectures shows a microservices deployed to Kubernetes
Rakesh Gujjarlapudi
 
PDF
Cilium + Istio with Gloo Mesh
Christian Posta
 
PPTX
Do You Need A Service Mesh?
NGINX, Inc.
 
PPTX
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
PDF
Meetup 2023 - Gateway API.pdf
Red Hat
 
PPTX
Introduction to Istio for APIs and Microservices meetup
Daniel Ciruli
 
PPTX
The Truth About the Service Mesh Data Plane
Christian Posta
 
PDF
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
JamesAnderson599331
 
PDF
Introduction to Istio Service Mesh
Georgios Andrianakis
 
PDF
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
PPTX
Service Mesh 101 - Digging into your service
Huynh Thai Bao
 
PPTX
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
PDF
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
VMware Tanzu
 
PPTX
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
PDF
Service mesh in Microservice World to Manage end to end service communications
Satya Syam
 
Role of edge gateways in relation to service mesh adoption
Christian Posta
 
Service Mesh in the Real World [Raleigh NC Meetup]
Solo.io
 
Bringing it all together
MelissaMcKay15
 
Service-mesh options with Linkerd, Consul, Istio and AWS AppMesh
Christian Posta
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
Reference architectures shows a microservices deployed to Kubernetes
Rakesh Gujjarlapudi
 
Cilium + Istio with Gloo Mesh
Christian Posta
 
Do You Need A Service Mesh?
NGINX, Inc.
 
Navigating the service mesh landscape with Istio, Consul Connect, and Linkerd
Christian Posta
 
Meetup 2023 - Gateway API.pdf
Red Hat
 
Introduction to Istio for APIs and Microservices meetup
Daniel Ciruli
 
The Truth About the Service Mesh Data Plane
Christian Posta
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
JamesAnderson599331
 
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Managing Microservices With The Istio Service Mesh on Kubernetes
Iftach Schonbaum
 
Service Mesh 101 - Digging into your service
Huynh Thai Bao
 
Leveraging Envoy Proxy and GraphQL to Lower the Risk of Monolith to Microserv...
Christian Posta
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
VMware Tanzu
 
apidays LIVE Paris - Multicluster Service Mesh in Action by Denis Jannot
apidays
 
Service mesh in Microservice World to Manage end to end service communications
Satya Syam
 

More from apidays (20)

PDF
apidays Singapore 2025 - What exactly are AI Agents by Aki Ranin (Earthshots ...
apidays
 
PPTX
apidays Singapore 2025 - Enhancing Developer Productivity with UX (Government...
apidays
 
PDF
apidays Singapore 2025 - Building Finance Innovation Ecosystems by Umang Moon...
apidays
 
PPTX
apidays Singapore 2025 - 4 Identity Essentials for Scaling SaaS in Large Orgs...
apidays
 
PDF
apidays New York 2025 - Using GraphQL SDL files as executable API Contracts b...
apidays
 
PDF
apidays New York 2025 - The Future of Small Business Lending with Open Bankin...
apidays
 
PDF
apidays New York 2025 - Life is But a (Data) Stream by Sandon Jacobs (Confluent)
apidays
 
PDF
apidays New York 2025 - Beyond Webhooks: The Future of Scalable API Event Del...
apidays
 
PPTX
apidays New York 2025 - API Security and Observability at Scale in Kubernetes...
apidays
 
PDF
apidays New York 2025 - Unifying OpenAPI & AsyncAPI by Naresh Jain & Hari Kri...
apidays
 
PPTX
apidays New York 2025 - The Challenge is Not the Pattern, But the Best Integr...
apidays
 
PPTX
apidays New York 2025 - Why an SDK is Needed to Protect APIs from Mobile Apps...
apidays
 
PPTX
apidays New York 2025 - The FINOS Common Domain Model for Capital Markets by ...
apidays
 
PPTX
apidays New York 2025 - Fast, Repeatable, Secure: Pick 3 with FINOS CCC by Le...
apidays
 
PPTX
apidays New York 2025 - Boost API Development Velocity with Practical AI Tool...
apidays
 
PPTX
apidays New York 2025 - Why I Built Another Carbon Measurement Tool for LLMs ...
apidays
 
PPTX
apidays New York 2025 - Building Scalable AI Systems by Sai Prasad Veluru (Ap...
apidays
 
PPTX
apidays New York 2025 - Lessons From Two Technical Transformations by Leah Hu...
apidays
 
PDF
apidays New York 2025 - Breaking Barriers: Lessons Learned from API Integrati...
apidays
 
PPTX
apidays New York 2025 - Building Agentic Workflows with FDC3 Intents by Nick ...
apidays
 
apidays Singapore 2025 - What exactly are AI Agents by Aki Ranin (Earthshots ...
apidays
 
apidays Singapore 2025 - Enhancing Developer Productivity with UX (Government...
apidays
 
apidays Singapore 2025 - Building Finance Innovation Ecosystems by Umang Moon...
apidays
 
apidays Singapore 2025 - 4 Identity Essentials for Scaling SaaS in Large Orgs...
apidays
 
apidays New York 2025 - Using GraphQL SDL files as executable API Contracts b...
apidays
 
apidays New York 2025 - The Future of Small Business Lending with Open Bankin...
apidays
 
apidays New York 2025 - Life is But a (Data) Stream by Sandon Jacobs (Confluent)
apidays
 
apidays New York 2025 - Beyond Webhooks: The Future of Scalable API Event Del...
apidays
 
apidays New York 2025 - API Security and Observability at Scale in Kubernetes...
apidays
 
apidays New York 2025 - Unifying OpenAPI & AsyncAPI by Naresh Jain & Hari Kri...
apidays
 
apidays New York 2025 - The Challenge is Not the Pattern, But the Best Integr...
apidays
 
apidays New York 2025 - Why an SDK is Needed to Protect APIs from Mobile Apps...
apidays
 
apidays New York 2025 - The FINOS Common Domain Model for Capital Markets by ...
apidays
 
apidays New York 2025 - Fast, Repeatable, Secure: Pick 3 with FINOS CCC by Le...
apidays
 
apidays New York 2025 - Boost API Development Velocity with Practical AI Tool...
apidays
 
apidays New York 2025 - Why I Built Another Carbon Measurement Tool for LLMs ...
apidays
 
apidays New York 2025 - Building Scalable AI Systems by Sai Prasad Veluru (Ap...
apidays
 
apidays New York 2025 - Lessons From Two Technical Transformations by Leah Hu...
apidays
 
apidays New York 2025 - Breaking Barriers: Lessons Learned from API Integrati...
apidays
 
apidays New York 2025 - Building Agentic Workflows with FDC3 Intents by Nick ...
apidays
 
Ad

Recently uploaded (20)

PDF
“Scaling i.MX Applications Processors’ Native Edge AI with Discrete AI Accele...
Edge AI and Vision Alliance
 
PPTX
𝙳𝚘𝚠𝚗𝚕𝚘𝚊𝚍—Wondershare Filmora Crack 14.0.7 + Key Download 2025
sebastian aliya
 
PDF
Automating the Geo-Referencing of Historic Aerial Photography in Flanders
Safe Software
 
PPTX
UserCon Belgium: Honey, VMware increased my bill
stijn40
 
PDF
FME as an Orchestration Tool with Principles From Data Gravity
Safe Software
 
PDF
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical Universes
Saikat Basu
 
PDF
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...
Edge AI and Vision Alliance
 
PDF
Python Conference Singapore - 19 Jun 2025
ninefyi
 
PPTX
Smarter Governance with AI: What Every Board Needs to Know
OnBoard
 
PDF
Kubernetes - Architecture & Components.pdf
geethak285
 
PDF
Why aren't you using FME Flow's CPU Time?
Safe Software
 
PDF
My Journey from CAD to BIM: A True Underdog Story
Safe Software
 
DOCX
Daily Lesson Log MATATAG ICT TEchnology 8
LOIDAALMAZAN3
 
PPTX
MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Poster...
Michele Kryston
 
PPTX
Enabling the Digital Artisan – keynote at ICOCI 2025
Alan Dix
 
PPTX
Curietech AI in action - Accelerate MuleSoft development
shyamraj55
 
PDF
UiPath Agentic AI ile Akıllı Otomasyonun Yeni Çağı
UiPathCommunity
 
PDF
The Growing Value and Application of FME & GenAI
Safe Software
 
PDF
Java 25 and Beyond - A Roadmap of Innovations
Ana-Maria Mihalceanu
 
PDF
Salesforce Summer '25 Release Frenchgathering.pptx.pdf
yosra Saidani
 
“Scaling i.MX Applications Processors’ Native Edge AI with Discrete AI Accele...
Edge AI and Vision Alliance
 
𝙳𝚘𝚠𝚗𝚕𝚘𝚊𝚍—Wondershare Filmora Crack 14.0.7 + Key Download 2025
sebastian aliya
 
Automating the Geo-Referencing of Historic Aerial Photography in Flanders
Safe Software
 
UserCon Belgium: Honey, VMware increased my bill
stijn40
 
FME as an Orchestration Tool with Principles From Data Gravity
Safe Software
 
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical Universes
Saikat Basu
 
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...
Edge AI and Vision Alliance
 
Python Conference Singapore - 19 Jun 2025
ninefyi
 
Smarter Governance with AI: What Every Board Needs to Know
OnBoard
 
Kubernetes - Architecture & Components.pdf
geethak285
 
Why aren't you using FME Flow's CPU Time?
Safe Software
 
My Journey from CAD to BIM: A True Underdog Story
Safe Software
 
Daily Lesson Log MATATAG ICT TEchnology 8
LOIDAALMAZAN3
 
MARTSIA: A Tool for Confidential Data Exchange via Public Blockchain - Poster...
Michele Kryston
 
Enabling the Digital Artisan – keynote at ICOCI 2025
Alan Dix
 
Curietech AI in action - Accelerate MuleSoft development
shyamraj55
 
UiPath Agentic AI ile Akıllı Otomasyonun Yeni Çağı
UiPathCommunity
 
The Growing Value and Application of FME & GenAI
Safe Software
 
Java 25 and Beyond - A Roadmap of Innovations
Ana-Maria Mihalceanu
 
Salesforce Summer '25 Release Frenchgathering.pptx.pdf
yosra Saidani
 
Ad

INTERFACE, by apidays - Challenges of exposing and connecting microservices

  • 1. The challenges of exposing and connecting microservices Denis Jannot Director of Field Engineering - EMEA
  • 2. 2022 SERIES OF EVENTS New York JULY (HYBRID) Australia SEPTEMBER (HYBRID) Singapore APRIL (VIRTUAL) Helsinki & North MARCH (VIRTUAL) Paris DECEMBER (HYBRID) London OCTOBER (HYBRID) Hong Kong AUGUST (VIRTUAL) JUNE (VIRTUAL) India MAY (VIRTUAL) APRIL (VIRTUAL) Dubai & Middle East JUNE (VIRTUAL) Check out our API Conferences www.a pida ys .globa l Want to talk at one of our conferences? apidays.typeform.com/to/ILJeAaV8
  • 3. 2 | Copyright © 2021 About me @djannot [email protected] denisjannot Denis Jannot Director of Field Engineering - EMEA @ Solo.io
  • 4. 3 | Copyright © 2021 From Monolith to Microservices MONOLITH MICROSERVICES
  • 5. 4 | Copyright © 2021 Kubernetes became the most popular platform MONOLITH MICROSERVICES
  • 6. 5 | Copyright © 2021 5 | Copyright © 2021 Exposing microservices
  • 7. 6 | Copyright © 2021 How do you expose your apps ? The Ingress way MICROSERVICES Ingress TLS Basic routing Kubernetes Service Pods
  • 8. 7 | Copyright © 2021 Each team reinvents the wheel MICROSERVICES Ingress
  • 9. 8 | Copyright © 2021 Some capabilities must be implemented downstream MICROSERVICES Ingress API GATEWAY Rate limiting WAF
  • 10. 9 | Copyright © 2021 Common challenges • Each team reinvents the wheel (setting up the same authentication) • Implementation is different for each language • Application teams should focus on the business logic instead • The security team doesn’t have visibility on what’s configured for each application • Other security mechanisms must be implemented outside of the Kubernetes cluster
  • 11. 10 | Copyright © 2021 What about a Kubernete-native API Gateway ? MICROSERVICES API GATEWAY Rate limiting WAF
  • 12. 11 | Copyright © 2021 That can even expose services outside of Kubernetes MICROSERVICES API GATEWAY Rate limiting WAF
  • 13. 12 | Copyright © 2021 Benefits • Authentication is performed at the API Gateway level • Application teams can focus on the business logic • Everything is configured through Kubernetes Custom Ressources, so it’s Gitops-friendly • Other security mechanisms are enforced by the same Gateway • Visibility for the security team
  • 14. 13 | Copyright © 2021 13 | Copyright © 2021 Connecting microservices
  • 15. 14 | Copyright © 2021 No visibility MICROSERVICES API GATEWAY Rate limiting WAF
  • 16. 15 | Copyright © 2021 Common challenges • No visibility • No security (plain text requests, all communications allowed in the cluster, …) • Limited traffic management • Complex cross cluster communications
  • 17. 16 | Copyright © 2021 Service to Service communication requirements • Observability • Identity Management • Encryption • Certificate Management • Traffic Management • Health check • Access Control • ...
  • 18. 17 | Copyright © 2021 Kubernetes alone doesn’t provide much Encryption Telemetry Traffic management Access control Identity Management Certificate management Health check Kubernetes Service Third Party Encryption
  • 19. 18 | Copyright © 2021 An API gateway could solve some problems MICROSERVICES API GATEWAY Encryption Telemetry Traffic management Access control Health check Identity Management Certificate management Third Party Encryption
  • 20. 19 | Copyright © 2021 But it would become a bottleneck MICROSERVICES API GATEWAY Encryption Telemetry Traffic management Access control Health check Identity Management Certificate management Third Party Encryption
  • 21. 20 | Copyright © 2021 Welcome Service Mesh SERVICE MESH Control Plane Encryption Telemetry Traffic management Access control Identity Management Certificate management Health check Data Plane
  • 22. 21 | Copyright © 2021 Benefits • Authentication and Authorization are performed at the Service Mesh level • Encryption is performed at the Service Mesh level • Advanced traffic management allows smarter deployments (canary, …) • End to end observability • Application teams can focus on the business logic
  • 23. 22 | Copyright © 2021 Why Envoy Proxy • Neutral Foundation (CNCF) • Large, diverse, vibrant community • Built ground up for dynamic services environment • Dynamic configuration, driven by API • Highly extensible • L7 filters (HTTP/1, HTTP/2, gRPC, redis, mysql, Kafka, etc) • Deep signals telemetry out of the box • Versatile deployment options
  • 24. 23 | Copyright © 2021 Istio is the dominant open-source leader Source: CNCF Survey 2020 raw data
  • 25. 24 | Copyright © 2021 Multi-cluster operations is more involved
  • 26. 25 | Copyright © 2021 Istio architecture
  • 27. 26 | Copyright © 2021 26 | Copyright © 2021 Why Solo ?
  • 28. 27 | Copyright © 2021 Application networking
  • 29. 28 | Copyright © 2021 Gloo Edge MICROSERVICES Rate limiting WAF
  • 30. 29 | Copyright © 2021 Gloo Mesh
  • 31. 30 | Copyright © 2021 Enterprise Istio Production Support • Upstream first • Specialty builds available (FIPS, ARM, distroless, etc) • Long Term Support (LTS) N-4 • Critical security patches • Production break-fix • One hour SLA Severity 1 • Install / upgrade • Architecture and operational guidance, best practices Kubernetes Cluster Istiod Account User
  • 32. 31 | Copyright © 2021 First analyst report covering service mesh
  • 33. 32 | Copyright © 2021 32 | Copyright © 2021
  • 34. 33 | Copyright © 2021
  • 35. 34 | Copyright © 2021 34 | Copyright © 2021 https://slack.solo.io/
  • 36. 35 | Copyright © 2021 35 | Copyright © 2021 Thank you !
  • 37. 36 | Copyright © 2021