More Related Content Similar to Cloud-native is just part of the game (20) More from Sven Bernhardt (11) Cloud-native is just part of the game1. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 1
Stuttgart, 11.05.2021
Sven Bernhardt
CLOUD-NATIVE IS JUST PART
OF THE GAME
2. © OPITZ CONSULTING 2021 / Öffentlich
THAT‘S ME
Cloud-native is just part of the game 2
Sven Bernhardt
Cloud-Native enthusiast, API & integration geek. Always curious how new
technologies and concepts can help to make things more valuable and efficient.
¢ Chief Architect / Integration Evangelist@OPITZ CONSULTING Deutschland GmbH
¢ Oracle ACE Director
@sbernhardt
https://svenbernhardt.wordpress.com/
3. © OPITZ CONSULTING 2021 / Öffentlich
AGENDA
Cloud-native is just part of the game 3
CLOUD-NATIVE
01
CHALLENGES
02
SERVICE MESH
04
API GATEWAY
03
API GATEWAY & SERVICE
MESH
05
SUMMARY
06
4. © OPITZ CONSULTING 2021 / Öffentlich
CLOUD-NATIVE :
PARADIGM TO BUILT APPS FOR
THE CLOUD!
Cloud-native is just part of the game 4
5. © OPITZ CONSULTING 2021 / Öffentlich
WHAT DOES CLOUD-NATIVE MEAN?
Cloud-native is just part of the game 5
¢ Apps follow the 12-factor app methodology for delivering software as a service (or product)
¢ Definition (published by Cloud Native Computing Foundation (CNCF)):
¢ Independent of deployment scenario:
¢ On-prem, hybrid or hybrid multi-cloud Source: https://pivotal.io/cloud-native
Cloud native technologies empower organizations to build and run
scalable applications in modern, dynamic environments such as
public, private, and hybrid clouds.
Containers, service meshes, microservices, immutable infrastructure,
and declarative APIs exemplify this approach.
These techniques enable loosely coupled systems that are resilient,
manageable, and observable. Combined with robust automation,
they allow engineers to make high-impact changes frequently and
predictably with minimal toil.
6. © OPITZ CONSULTING 2021 / Öffentlich
LOOSE COUPLING OFTEN MEANS MORE DISTRIBUTION
Cloud-native is just part of the game 6
¢ Single Deployment unit
¢ Single execution process
¢ Shared database
¢ Local, app-internal communication only
¢ Multiple Deployment units
¢ Exclusive execution process per service
¢ Database per Service (usually)
¢ Remote, inter-service communication
UI
Business
Logic
Persistence
Monolithic app architecture Cloud-native app architecture
7. © OPITZ CONSULTING 2021 / Öffentlich
SERVICE DISTRIBUTION COMES
AT A PRICE
Cloud-native is just part of the game 7
• Amount of traffic
• Number of services
• Teams autonomity
Reliability
¢ Traffic connectivity & reliability
¢ Zero-trust security
¢ Observability
¢ Log aggregation
¢ Metrics management
¢ Service tracing
Challenges
8. © OPITZ CONSULTING 2021 / Öffentlich
INCREASED COMPLEXITY AND CHALLENGES WITH RESPECT TO
DEVELOPMENT CONSISTENCY
Cloud-native is just part of the game 8
Security Security
Logging Logging
Security
Tracing
Metrics Routing
Metrics Tracing
Application
AuthN/Z
Rate-Limiting
Routing
Caching
Organization
Application
AuthN/Z
Versioning
Versioning
Rate-Limiting
9. © OPITZ CONSULTING 2021 / Öffentlich
RELIABLE CONNECTIVITY IS A MULTIDIMENSIONAL PROBLEM
Cloud-native is just part of the game 9
App App App
App
Edge Cross-App In-App
Monolith Services Microservices Serverless …
10. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 10
… BUT: WE’RE USUALLY NOT STARTING ON A GREENFIELD!
https://opitzcloud.canto.global/b/GI7R1
11. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 11
API GATEWAY
https://www.flickr.com/photos/matmatmat/20153807915/sizes/l/
12. © OPITZ CONSULTING 2021 / Öffentlich
API GATEWAY CHARACTERISTICS
Cloud-native is just part of the game 12
¢ Single entry point for clients to access Services
¢ No matter the implementation technology
¢ No matter the architecture (Monolithic or µService)
¢ Provides a consistent governance model
¢ Decouples Client and Service implementation
¢ Is deployed separately in its own instance
¢ Deployment models:
¢ Bundled data and control plane
¢ Independent data and control plane
Source: https://tinyurl.com/yxbds3cd
13. © OPITZ CONSULTING 2021 / Öffentlich
ARCHITECTURE CONSIDERATIONS
Cloud-native is just part of the game 13
¢ Supports API Design-first
¢ Allows seamless DevOps (CI / CD) integration
¢ Runs on every infrastructure (Containers, VMs, etc.)
¢ Support for different types of APIs (SOAP, REST,
GraphQL, gRPC)
¢ Hybrid architecture
¢ Centralized Control plane (Management)
¢ Distributed Data planes (Workers)
Source: https://tinyurl.com/y67tlr77
14. © OPITZ CONSULTING 2021 / Öffentlich
USE CASES
Cloud-native is just part of the game 14
¢ API as products
¢ API products needs to be accessible from outside and inside
¢ API Gateway as an abstraction layer
¢ Service Connectivity
¢ Enforce networking policies to connect, secure, encrypt, protect and observe communication
¢ Decoupling
¢ Client to API Gateway
¢ API Gateway to upstream service
¢ Capabilities to cover: Edge / Boundary Routing, Security, Versioning, API Monetization, API
Analytics
15. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 15
API life cycle as proposed by Luis Weir
(@luisw19) in his book „Enterprise API
Management“
API products
need proper
governance!
16. © OPITZ CONSULTING 2021 / Öffentlich
WHAT CAN API GATEWAY HELP YOU WITH?
Cloud-native is just part of the game 16
17. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 17
SERVICE MESH
https://www.flickr.com/photos/26020895@N04/15695786155/sizes/l/
18. © OPITZ CONSULTING 2021 / Öffentlich
SERVICE MESH CHARACTERISTICS
Cloud-native is just part of the game 18
¢ Platform that makes service-to-service communication more reliable, secure and observable
¢ Helps to implement cross-cutting concerns with respect to service integration challenges
more efficient
¢ Is deployed co-located with the corresponding service
¢ Deployment model: Distributed Data planes with central Control plane
¢ Can be applied on any
¢ Architecture (e.g. Monolithic or µService)
¢ Platform (e.g. VMs, Containers, Kubernetes) Service
(Business logic)
Sidecar
(Supporting
functionality like
Logging,
Configuration,
etc.)
Host / VM / Pod
19. © OPITZ CONSULTING 2021 / Öffentlich
USE CASES
Cloud-native is just part of the game 19
¢ Network management and reliable connectivity
¢ No longer Developer’s responsibility (Increased developer productivity)
¢ Consistent, declarative management at infrastructure level
¢ Zero-trust security
¢ Define traffic permissions (Who with whom?)
¢ Secure communication via mTLS
¢ Automated certificate management
¢ Capabilities to cover: Security (mTLS), Traffic routing, Observability, Resiliency
20. © OPITZ CONSULTING 2021 / Öffentlich
ARCHITECTURE CONSIDERATIONS
Cloud-native is just part of the game 20
¢ Runs on every infrastructure (Containers, VMs, etc.)
¢ Everything is a service!
¢ Cloud-native apps deployed to Kubernetes
¢ Non Cloud-native workloads
¢ Allows for multi-zone, hybrid Mesh deployment
¢ Span multiple Kubernetes Clusters
¢ Span multiple Clouds
¢ Span on-prem workloads
21. © OPITZ CONSULTING 2021 / Öffentlich
WHAT CAN SERVICE MESH HELP YOU WITH?
Cloud-native is just part of the game 21
22. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 22
API GATEWAY AND SERVICE MESH
https://opitzcloud.canto.global/b/Q93DV
23. © OPITZ CONSULTING 2021 / Öffentlich
SIMILARITIES AND DIFFERENCES
Cloud-native is just part of the game 23
API Gateway
¢ Handles external edge / boundary traffic
¢ Controls in and out data flow
¢ Bridges security trust domains (hybrid)
¢ Focus on exposing business functionality
Service Mesh
¢ Handles internal traffic
¢ Controls service-2-service communication
¢ Ensures internal trust between services
¢ Operates at the infrastructure level
Service Mesh
Security
Observability
Traffic Routing
Resilency
API Gateway
Security / Access Control
API Contracts. & limits
Developer portal & docs
API Monetization
Rate Limits
24. © OPITZ CONSULTING 2021 / Öffentlich
CONSISTENCE FROM THE EDGE TO THE TARGET SERVICE
Cloud-native is just part of the game 24
¢ External Clients access an organization’s services
through the API Gateway (Single Point of entry)
¢ API Gateways are integrated in the Mesh
¢ Just another service from the Mesh’s perspective
¢ Also get own Service Mesh Proxy (SMP)
¢ Internal traffic routing is handeled by the Mesh
¢ Benefits:
¢ Consistent security
¢ Proper insights / Observability
¢ Increased Developer’s productivity
25. © OPITZ CONSULTING 2021 / Öffentlich
API GATEWAY AND SERVICE MESH IN ACTION
Cloud-native is just part of the game 25
¢ Demo shows the Kuma demo application
¢ Service Mesh: Kuma Mesh (originary invented by Kong, but now donated to CNCF)
¢ API Gateway: Kong OSS API Gateway
Frontend
App
Kubernetes Cluster
Backend
App
Backend
App
Backend
App
Client
26. © OPITZ CONSULTING 2021 / Öffentlich
WHY KONG API GATEWAY?
Cloud-native is just part of the game 26
¢ Kong Microservice API Gateway
¢ Lightweight
¢ Scalable
¢ Modular
¢ Infrastructure-agnostic
¢ Deployed on top of reliable technologies
¢ Extensible using Plugins and other Open Source
compnents (Lua, Go and JavaScript)
¢ API-driven: Fully configurable using a REST API
¢ Smooth integration in existing CI/CD Pipelines
Flexible Deployment approach
Classic deployment
K8s Microgateway deployment K8s Ingress deployment
Hybrid deployment
27. © OPITZ CONSULTING 2021 / Öffentlich
WHY KUMA MESH?
Cloud-native is just part of the game 27
¢ Provides a modern distributed Control Plane and uses Envoy for depiciting the Data Plane
¢ Platform agnostic open-source control plane for Service Mesh
¢ Hence Kuma is
¢ Universal
¢ Simple
¢ Scalable
¢ Envoy-based
¢ Supports different deployment models
¢ Standalone deployment
¢ Multi-Zone deployment
Source: https://tinyurl.com/rbp4t8m3
28. © OPITZ CONSULTING 2021 / Öffentlich
KUMA DEPLOYMENT MODES
Cloud-native is just part of the game 28
Standalone
Multi-Zone
Source: https://tinyurl.com/khradpjk Source: https://tinyurl.com/4jktvunk
29. © OPITZ CONSULTING 2021 / Öffentlich
API GATEWAY ALTERNATIVES TO KONG
Cloud-native is just part of the game 29
Source: Smartbear “State of API 2020”
Source: Magic Quadrant for Full Life Cycle API Management, Sept. 2020
Source: CNCF Cloud Naitve Landscape (Category: API Gateway)
30. © OPITZ CONSULTING 2021 / Öffentlich
SERVICE MESH ALTERNATIVES TO KUMA MESH
Cloud-native is just part of the game 30
Source: CNCF Survey Report 2020
Source: CNCF Cloud Naitve Landscape (Category: Service Mesh)
Source: https://servicemesh.es
31. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 31
SUMMARY
https://opitzcloud.canto.global/b/RPPN0
32. © OPITZ CONSULTING 2021 / Öffentlich
CLOUD-NATIVE BECOMES MORE AND MORE IMPORTANT
Cloud-native is just part of the game 32
¢ The future is Cloud-native
¢ Hybrid, Multi-Cloud architectures will be the norm
Source: CNCF Survey Report 2020
Data center usage Cloud-native benefits
33. © OPITZ CONSULTING 2021 / Öffentlich
RELEVANCY OF API GATEWAYS AND SERVICE
MESH
Cloud-native is just part of the game 33
Service Mesh usage
Source: CNCF Survey Report 2020
Source: Smartbear “State of API 2020”
Source: Smartbear “State of API 2020”
34. © OPITZ CONSULTING 2021 / Öffentlich
KEY TAKEAWAYS
Cloud-native is just part of the game 34
¢ API Gateway and Service mesh can be combined (depending on the use case)
¢ Both Patterns help to increase developers efficiency
¢ Devs can focus on business code, while things like connectivity challenges are solved on an
infrastructure level (by a mesh)
¢ Central management
¢ BUT: Could also be seen critical by developers, since it also decreases a team’s autonomy!
¢ Using either API Gateway or Serivce mesh does not depend on the direction, but on the use
case (North-South vs. East-West)
35. © OPITZ CONSULTING 2021 / Öffentlich
Cloud-native is just part of the game 35
Q & A
https://opitzcloud.canto.global/b/H0EMG
36. © OPITZ CONSULTING 2021 / Öffentlich
USEFUL LINKS / RESOURCES
Cloud-native is just part of the game 36
¢ Blog Christian Posta: Do I Need an API Gateway if I Use a Service Mesh?
¢ CNCF: Cloud-native Trail Map
¢ CNCF: CNCF Cloud-native landscape
¢ Smartbear: The State of API 2020 Report
¢ INNOQ: Service Mesh Comparison
¢ Github: Kuma Demo Application
¢ Kuma Mesh
¢ Kong OSS Gateway
37. © OPITZ CONSULTING 2021 / Öffentlich
IN CASE OF ANY QUESTIONS…
Cloud-native is just part of the game 37
Sven Bernhardt
Chief Architect / Integration Evangelist |
Oracle ACE Director
OPITZ CONSULTING Deutschland GmbH
Kirchstrasse 6, 51647 Gummersbach, Germany
Phone: +49 172 2193529
Mail: sven.bernhardt@opitz-consulting.com
Twitter: @sbernhardt
Blog: https://svenbernhardt.wordpress.com
38. © OPITZ CONSULTING 2021 / Öffentlich
VIRTUELLES FEIERABENDBIER
Cloud-native is just part of the game Seite 38