Open in app

Sign in

Write

Sign in

API Management and Service Mesh are Amazing Together

Lakmal Warusawithana
7 min readApr 1, 2019

--

Key Takeaways

  • Microservice architecture (MSA) offers many advantages to developers to make their development agile, leading to faster innovation. But it is coming with its own complexity.
  • Service mesh is a modern software architecture, tries to help developers and DevOps by taking away these complexities.
  • The business logic is contained within the microservices. To gain value, these services need to be exposed to internal and external parties via APIs. API management goes beyond just managing the development, deployment, and resilience communication of microservices to provide broader business value for organizations in all stages of the API lifecycle. This includes designing, publishing, documenting, analyzing, and monetizing APIs in a secure environment.
  • Istio is the most matured opensource service mesh implementation in the industry support Dev and DevOps to the development and runs resilience application alongside with MSA.
  • WSO2 API Manager is fully open source product support the full spectrum of the API lifecycle management, monetization and policy enforcement.
  • WSO2 API Manager with Istio is complementing each other and provide a powerful, fully open-sourced solution which supports development, operation, control, and manage for a total business application.

Need for Service Mesh

With the emergence of microservice architecture, software architects and developers adapt microservice development for fast innovation. Smaller teams, agile software development life cycles, freedom to use heterogeneous technologies, early feedback cycles are the key drivers for success stories.

While having all good things in microservices it is coming with its own challenges. Because of this disaggregation of architectures, the number of endpoints is exploded. Communication among these endpoints will be a key challenge. Service discovery, network resiliency, and secure communication are some of the key challenger’s that development teams have to deal with other than solving the real business problem.

While having developer challenges, DevOps will have a separate set of challenges. They have to tune their deployment engine to roll out frequent releases without disrupting the end users. Also increasing the number of endpoints means tracing a runtime issue will be harder and harder and it required extra effort on putting observability on all distributed components.

As a solution to these challenges, software architects come up with a very promising, future proof software architecture call Service Mesh.

API Management in a Nutshell

For all modern organizations required some kind of IT systems to run their business effectively in the competitive market. Services or microservices are the core of these IT systems and they are designed and developed to do the real business functionalities. With the nature of modern business, these services will be consumed by a wide range of people, devices or other systems. People are using mobile devices for varies activities like online shopping, hotel reservation, taxi booking, doctor channeling, bank transactions and the devices like the smartwatch, smart TV, smart cars and smart homes are connecting with other systems within their operations.

While these channels are opening for business expansions, now organization need to deal with a deferent set of challenges. API Management is a solution which helps to overcome these challenges. In the modern IT industry, we can find few complete API Management solutions which are offering by deferent vendors. These solutions are helping to design, implement, expose and manage these service as APIs. The main characteristics of these APIs are;

  • Access control and security — Control who can access and how can access
  • Rate limiting — How many requests can user or application do?
  • Monitoring — How API is doing?
  • Self-service portal — Help developers to discover and use the APIs
  • Monetization — Bill and charged for API usage

Clear the Confusion

One of the major confusion in the current industry is, people are thinking there is no need for an API Management solution if they use a service mesh. But like I explained above, service mesh and API Management are solving two deferent problems.

There are a few reasons for this confusion.

  • Both solutions are capable of handling security and access control and which is an overlap to some degree, but all other functionalities have well-defined boundaries.
  • Service mesh is capturing all operational metrics and provide operational insights while API Analytics capturing business-critical metrics for business insights.
  • Service mesh provides rate limiting withing microservices. But API Management is more about adding rate limits or subscription plan to align with their business requirements in addition to technical requirements.

The important point is if we combined these two solutions together, it will provide a platform which will cover the full spectrum from service development, deployment, control, security, manage, expose, observe and monetize all of the business functionalities.

Let’s look at the power and synergy of two open source solutions available from both service mesh and API Management domains.

Istio: An Opensource Service Mesh Implementation

Istio is an opensource service mesh implementation which provides behavioral insights and operational control over the service mesh as a whole, offering a complete solution to satisfy the diverse requirements of microservice applications.

Istio Architecture (source — https://istio.io/docs/concepts/what-is-istio/)

Istio uses an extended version of the Envoy as the service proxy which deploys as a sidecar to the microservice. Istio control plane architecture consists of four main components. Pilot pushes all necessary configurations, like service discovery, routing rules for different deployment strategies, resiliency parameters, into service proxy with a standard format with the Envoy data plane APIs can consume. This will allows Istio to run on multiple environments such as Kubernetes, Consul, or Nomad, while maintaining the same operator interface for traffic management.

The Mixer is the main observability and policy enforcement component in the Istio and its enforces access control and usage policies across the service mesh and collects telemetry data from the Envoy proxy and other services. Galley is Istio’s configuration validation, ingestion, processing, and distribution component.

Citadel provides strong service-to-service and end-user authentication with built-in identity and credential management. You can find very comprehensive documentation of the Istio architecture in the Istio website.

WSO2 API Manager: An Open Source Full API Lifecycle Management Product

WSO2 API Manager supports full lifecycle management of APIs from API designing, mocking, implementation, exposing, observing, managing and monetization.

WSO2 API Manager is composed of few components namely Publisher, Developer Portal, Key Manager, Traffic Manager, Analytics and API Gateway.

The publisher is mainly focused for API Developers and it is facilitating API design and implementation by using rich UI or importing or referencing an Open API specification document. Its also support the mock implementation of backend service if it is not fully implemented. Developer portal is provided self-service API store where application developers can use these APIs in their application with a suitable subscription plan. Traffic Manager is controlling traffic route of APIs and Key Manager is responsible for handling security activities of all kind of tokens. API Analytics is providing all business insights related to APIs and help business users tale their business decision.

More details can be found at https://wso2.com/api-management/

WSO2 API Manager and Istio together

While Istio provides Data Plane and Control Plane capabilities, WSO2 API Manager provides Management Plane capabilities to manage microservices and APIs.

Whenever service developer deploys a microservice, Istio injects envoy sidecar as service proxy. For each request sent to the microservice, the sidecar proxy will capture a set of data and publish it to the Mixer.

The Mixer is a core Istio component which runs in the control plane of the service mesh. Mixer’s plugin model enables new rules and policies to be added to groups of services in the mesh without modifying the individual services or the nodes where they run. API management policies such as authentication (by API key validation), rate-limiting, etc can be deployed and managed at API Manager without doing any changes to the actual microservice or sidecar proxy.

When need to expose this service to outside in a managed way, API developer can use WSO2 API Publisher portal to create the API by attaching necessary policies like security, rate limiting, etc. The Publisher is capable of pushing all these policies into Envoy proxy via Pilot and then Mixer for them to take action of policy enforcement. After publishing this API, it will appear in the WSO2 API Developer portal. Now app developer can discover these APIs and use in their application along with all the capabilities provided by developer portal like getting a subscription plan, adding application security, etc. The business user can use API Analytics to get more business insights by looking at API Analytics.

For more information please visit

Website: https://wso2.com/api-management/microservices/istio/

Github: https://github.com/wso2/istio-apim/releases

Summary

Service mesh and API management are not competing with each other but rather complement and provide a comprehensive solution to create, operate and manage microservices alongside their business requirement.

Microservices
Istio
Api Management
Service Mesh
Open Source

--

--

Lakmal Warusawithana
Lakmal Warusawithana

Written by Lakmal Warusawithana

367 Followers
193 Following

Senior Director Cloud Architecture at WSO2 Inc.

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams