Can APIGEE and Anthos Service Mesh co-exist?

Companies are increasingly adopting microservices, containers, and Kubernetes. The need to modernize, to increase developer productivity, application agility, and scalability drives this adoption across many organizations. Many are also venturing into cloud computing and adopting a distributed microservice architecture for both new and existing applications and services. While the architecture of microservices helps simplify creating individual services, it leads to additional or increased complexities as discussed below.

Security

As far as monolith applications are concerned, function-to-function calls are secure inside the monolith. In a typical microservices-based application architecture, we can identify 2 levels of security that need to be implemented as depicted in the below figure.

As per the above diagram, we need to implement security to

  • control access from external consumers (north-south traffic)

  • control access from other services (east-west traffic)

Network resiliency

While designing distributed architectures, when multiple services communicate to produce a response, this can result in increased latency and the increased overall response time. Also as far as fault tolerance is concerned, a distributed architecture needs to ensure that a service in one downstream service does not cause cascading failure in other services.

Communication policy

In distributed architectures, some services can become bottlenecks or dependencies for other services. So this requires leveraging network policies that manage quotas and rate limits for all services to ensure that a rogue service making too many calls does not overload the services it calls.

Observability

Observability is more important in microservice-based architectures compared to Monolith. In monolithic applications, log files are sufficient to identify the source of an issue. In a microservices architecture, multiple services can span a single request. Latency, errors, and failures can happen in any service within the architecture. Developers need logging, network metrics, and distributed tracing and topology to investigate problems and pinpoint their location.

Solution -> service mesh

Adding a service mesh into a microservices-based application allows network and service operators to improve reliability, increase security and compliance, and spend less time managing the environment. Just as Kubernetes helps with container orchestration, a service mesh helps to standardize complex network functions within the services. A service mesh provides deep visibility into service-to-service transactions, and simplifies and manages security controls like authentication, authorization and encryption.

APIGEE(X/Hybrid)

Organizations can extend their microservices as APIs to outside consumers such as partners, developers, web apps, mobile devices, and other business units within their organization. APIs make it easy to extend microservices to external partners and customers with security, visibility, and control. This is where an API management solution comes into play: to protect API traffic from external consumers. A full-lifecycle API management tool gives developers secure access to your microservices while providing tools to measure API consumption with analytics.

Better together: API management + Service mesh

The key differentiators between API Gateways and service mesh is that API Gateways is a key part of exposing API/Edge services where service mesh is merely an inter-service communication infrastructure which doesn’t have any business notion of your solution.

Google Cloud provides service management capabilities through Anthos Service Mesh and API management capabilities through Apigee, which are tightly integrated with one another. Here is an architecture diagram of the two solutions working together.

Both APIs and microservices are critical to application modernisation. By adopting API management and service mesh solutions together, IT teams can standardize their microservices and gain visibility into their operations with full lifecycle management and performance analytics for their APIs.

Google Cloud’s Apigee and Anthos Service Mesh work together to enable organizations to reduce microservices complexity and increase their consumption, securely extending those services to internal as well as external developers.