apidays Paris 2022 - Blurred Lines, Denis Jannot, Solo.io

Transcript

1. 1 | Copyright © 2022
   APIs the next 10 years: Software,
   Society, Sovereignty, Sustainability
   December 14, 15 & 16, 2022
   In-Person & Virtual
   Conference
   

   View Slide

2. APIs the next 10 years: Software,
   Society, Sovereignty, Sustainability
   December 14, 15 & 16, 2022
   Denis Jannot
   Director of Field Engineering - EMEA, Solo.io
   

   View Slide

3. 2023 SERIES OF EVENT
   New York
   May 16&17
   Australia
   October 11&12
   Singapore
   April 12&13
   Helsinki & North
   June 5&6
   Paris
   SEPTEMBER
   London
   November
   15&16
   June 28-30
   SILICON VALLEY
   March 14&15
   Dubai & Middle East
   February 22&23
   

   View Slide

4. 3 | Copyright © 2022
   3 | Copyright © 2022
   TODAY’S
   BUSINESS
   DIGITAL
   BUSINESS
   Sa tisfied Customers (120% Renewa ls)
   Well Funded ($135M) & Growing (300%)
   The Modern, Integra ted
   API Pla tform a nd Service Mesh
   for Kubernetes | Zero-Trust |
   Microservices | Multi-Cloud
   Accelera te a nd Simplify
   Applica tion Modernisa tion
   through
   Applica tion Networking
   Cloud-na tive Technology Lea dership
   Cloud-na tive Educa tion Lea dership
   

   View Slide

5. 4 | Copyright © 2022
   Solo Academy
   

   View Slide

6. 5 | Copyright © 2022
   How applications are exposed on Kubernetes
   MICROSERVICES
   Ingress
   

   View Slide

7. 6 | Copyright © 2022
   Kubernetes Native API gateways
   MICROSERVICES
   API
   GATEWAY
   Rate limiting
   WAF
   

   View Slide

8. 7 | Copyright © 2022
   How applications are connected on Kubernetes
   MICROSERVICES
   API
   GATEWAY
   Rate limiting
   WAF
   

   View Slide

9. 8 | Copyright © 2022
   Service Mesh
   Control
   Plane
   Encryption
   Telemetry
   Traffic
   management
   Access
   control
   Identity
   Management
   Certificate
   management
   Health check
   Data Plane
   Ingress
   gateway
   

   View Slide

10. 9 | Copyright © 2022
    Accelerate application development …
    API Gateway Service Mesh
    Secure
    Encryption (mTLS)
    Authentication (Oauth, API
    keys, JWT, …)
    Authentication (JWT, …)
    Authorization (OPA, …) Authorization (L4 and L7)
    Web Application Firewall
    … and provides visibility to the security team
    

    View Slide

11. 10 | Copyright © 2022
    Accelerate application development …
    API Gateway Service Mesh
    Control
    Retries & timeouts Retries & timeouts
    Blue/Green & canary Blue/Green & canary
    Fault injection Fault injection
    Circuit breaking Circuit breaking
    Rate limiting
    … and simplify collaboration between teams
    

    View Slide

12. 11 | Copyright © 2022
    Accelerate application development …
    API Gateway Service Mesh
    Observe
    Access logging Access logging
    Metrics Metrics
    Tracing Tracing
    … and allow standardization
    

    View Slide

13. 12 | Copyright © 2022
    2017
    Istio Launched
    2022
    Ambient Mesh
    Launched
    Data Plane
    Enhancements
    2019-20
    7 New Community Releases
    1000s Production Customers
    ~ 1000 Community Contributors
    2022
    CNCF
    2019-2022
    Istio - The Industry’s Leading Service Mesh
    

    View Slide

14. 13 | Copyright © 2022
    Istio Ambient Mesh
    A new, open source contribution to the Istio project,
    that defines a new sidecar-less data plane.
    Solo.io and Google are the lead contributors to Istio
    Ambient Mesh.
    Cost
    Reduction
    Simplify
    Operations
    Improve
    Performance
    

    View Slide

15. 14 | Copyright © 2022
    istiod
    ingress
    gateway
    Istio provides security and observability
    out of the box for east/west traffic
    => accelerate release cycles
    => reduce security risks
    => reduce down times (< TTR)
    But the Istio Ingress Gateway doesn’t
    solve the challenges for north/south
    traffic.
    And Istio introduce new challenges
    (complexity, lack of multi tenancy, …).
    Client
    productpage
    details
    ratings
    reviews
    v1 v2
    v3
    standard Pod
    Pod with Envoy
    Istio Pod
    mTLS
    Legend
    

    View Slide

16. 15 | Copyright © 2022
    Gloo Platform
    productpage
    details
    ratings
    reviews
    istiod
    Gloo Mesh
    agent
    Kubernetes API
    server
    v1 v2
    v3
    Gloo Platform automates the Istio
    lifecycle and provides a simpler API
    with multi tenancy built-in
    => reduce management costs
    Client
    standard Pod
    Pod with Envoy
    Gloo Platform Pod
    Istio Pod
    mTLS
    Legend
    VirtualGateway
    RouteTable
    RetryTimeoutPolicy
    …
    Gateway
    VirtualService
    DestinationRule
    …
    ingress
    gateway
    

    View Slide

17. 16 | Copyright © 2022
    Gloo Platform
    productpage
    details
    ratings
    reviews
    istiod
    Gloo Mesh
    agent
    Kubernetes API
    server
    extauth
    rate limiter
    redis
    v1 v2
    v3
    ingress
    gateway
    Gloo Platform enhances the Istio
    Ingress Gateway to provide all the
    functionalities you expect from an
    Enterprise API gateway (extauth, rate
    limiting, WAF, …)
    => accelerate release cycles
    => reduce security risks
    Client
    standard Pod
    Pod with Envoy
    Gloo Platform Pod
    Istio Pod
    mTLS
    Legend
    

    View Slide

18. 17 | Copyright © 2022
    Gloo Platform
    ingress
    gateway
    eastwest
    gateway
    istiod Gloo Mesh
    agent
    productpage
    details
    ratings
    reviews
    productpage
    details
    ratings
    reviews
    extauth
    rate limiter
    redis
    istiod
    Gloo Mesh
    agent
    Kubernetes API
    server
    Kubernetes API
    server
    extauth
    rate limiter
    redis
    v1 v2 v1 v2
    v3
    eastwest
    gateway
    ingress
    gateway
    Gloo Platform simplifies the
    management of multiple Istio
    meshes
    => reduce management costs
    Client
    standard Pod
    Pod with Envoy
    Gloo Platform Pod
    Istio Pod
    mTLS
    Legend
    

    View Slide

19. 18 | Copyright © 2022
    Gloo Platform
    ingress
    gateway
    istiod Gloo Mesh
    agent
    productpage
    details
    ratings
    reviews
    productpage
    details
    ratings
    reviews
    extauth
    rate limiter
    redis
    istiod
    Gloo Mesh
    agent
    Kubernetes API
    server
    Kubernetes API
    server
    extauth
    rate limiter
    redis
    v1 v2 v1 v2
    v3
    eastwest
    gateway
    ingress
    gateway
    Gloo Platform makes it insanely
    easy for services to communicate
    across cluster securely and with
    high availability
    => reduce security risks
    => reduce down times
    eastwest
    gateway
    Client
    standard Pod
    Pod with Envoy
    Gloo Platform Pod
    Istio Pod
    mTLS
    Legend
    

    View Slide

20. 19 | Copyright © 2022
    ingress
    gateway
    eastwest
    gateway
    istiod Gloo Mesh
    agent
    bookinfo
    workspace
    gateways
    workspace
    productpage
    details
    ratings
    reviews
    productpage
    details
    ratings
    reviews
    extauth
    rate limiter
    redis
    istiod
    Gloo Mesh
    agent
    Gloo Platform
    Kubernetes API
    server
    Kubernetes API
    server
    eastwest
    gateway
    extauth
    rate limiter
    redis
    v1 v2 v1 v2
    v3
    Gloo Platform has multi tenancy
    built-in, base on Workspaces
    => reduce security risks
    => reduce management costs
    The productpage service is
    exported by the bookinfo
    Workspace to the gateways
    Workspace
    ingress
    gateway
    Client
    standard Pod
    Pod with Envoy
    Gloo Platform Pod
    Istio Pod
    mTLS
    Legend
    

    View Slide

21. 20 | Copyright © 2022
    

    View Slide

22. 21 | Copyright © 2022
    https://slack.solo.io/
    

    View Slide

23. Thank You!
    

    View Slide