Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
U.S. BANK
Moving traditional
microservice to Service
Mesh
Polerio Babao III MS, CEH, CHFI, ACSA
Assistant Vice President,
Senior Technology Architect
U.S. Bank
Oct. 9, 2019 API World – San Jose, CA
2 U.S. BANK |
Polerio Babao III MS, CEH, CHFI, ACSA
Assistant Vice President, Senior Technology Architect - U.S. Bank
Enterprise API Solutions Engineering
PolerioBabao @ LinkedIn
3 U.S. BANK |
Agenda
• What is a traditional microservice?
• What is service mesh?
• How do we convert the microservice to use
service mesh?
4 U.S. BANK |
What is a traditional microservice?
High Cohesion
Autonomous
Business Domain
Resiliency
Observable
Automation
5 U.S. BANK |
Payments
Microservice
Notification
Microservice
DB
Stripe
Adapter
Twilio
Adapter
AWS SES
Adapter
Recoveries
Microservice
DB
REST
API
REST
API
Mortgage
Microservice
DB
Collections
Microservice
DB
Partnerships
Microservice DB
REST
API
REST
API REST
API
REST
API
API
Gateway
Bank
Web UI
Experience
API
REST
API REST
API
Traditional Microservices
6 U.S. BANK |
2010 2020 2000 1990 1980
Client Server Cloud Container
AWS
Azure
Infrastructure Landscape Journey
7 U.S. BANK |
2000 2016 2010 2018 2013 2019 2014 2006
Technology Landscape Journey
8 U.S. BANK |
Load Balancer
•Layer 4 (TCP) load balancing
•Path-based routing
•Port-based routing
•SSL/TLS termination
Traditional Services Deployment Pattern
Microservices
•Circuit breakers
•Rate limiting
•Service registration and discovery
•Routing
•Load Balancing
•TLS/MTLS
Autoscaling
•Scale virtual machines or pods
•Desired capacity/size
•Min/max size
•CPU, memory, disk, network metrics
•Health check
•Scaling policies
9 U.S. BANK |
Modern Microservice Deployment
Pattern
What is Service Mesh?
10 U.S. BANK |
Service Discovery
Load balancing
Encryption
Observability
Traceability
Authentication & Authorization
Circuit Breaker
Canary Deployment
Autoscaling
Traffic mirroring
Modern Microservices using Service Mesh
11 U.S. BANK |
Service Mesh
Sidecar Proxy
12 U.S. BANK |
Microservice B Microservice A
Control Plane
• Control Plane UI/CLI
• Workload scheduler
• Service discovery
• Sidecar proxy configuration APIs
Data Plane A
• Resiliency
• Canary Deployment
• Authentication & Authorization
• Observability
Service Mesh
Data Plane B
…
13 U.S. BANK |
Pod A
Microservice A
Sidecar Proxy A
Security / MTLS
• Encryption
• Data Integrity
• Authentication
Fault tolerance
• Circuit breaking
• Rate limiting
• Bulkheading
• Automatic retrying
• Response caching
Ingress
Gateway
TLS/MTLS
Egress
Gateway
Service Mesh using Istio & Kubernetes
• Business logic
14 U.S. BANK |
Code vs deployment configuration
Application Service Mesh
Business
Logic
Circuit
Breaker
Canary / AB
Testing
TLS/MTLS Business
Logic
Application
Circuit
Breaker
Canary / AB
Testing
TLS/MTLS
High
Concurrency High
Concurrency
…
…
15 U.S. BANK |
2016 2017 2015
Data Planes
Control Planes
2019 2013
SmartStack
2001
Istio
Evolution of Service Mesh Technology
16 U.S. BANK |
How do we convert the microservice to use
Service Mesh?
17 U.S. BANK |
Tracing
Payments
Microservice
Notification
Microservice
DB
Stripe
Adapter
Twilio
Adapter
AWS SES
Adapter
REST
API
REST
API
Mortgage
Microservice
DB
Collection
Microservice
DB
Branded
Microservice
DB
REST
API
REST
API
REST
API
API
Gateway
Credentials
Management
Bank
Web
UI
Sidecar
proxy
Sidecar
proxy
Sidecar
proxy
Sidecar
proxy Sidecar
proxy
Sidecar
proxy
Ingress Gateway
Service Mesh
Control Plane
Monitoring
Microservices Infrastructure in Service Mesh
using Istio
18 U.S. BANK |
Questions Contact me at LinkedIn: Polerio Babao III