Istio service mesh CC0

With the rise of microservices architectures, companies are looking for a way to connect, secure, control, and observe their microservices. Currently, a service mesh such as Istio is the best option to reach this goal.

  • Connect: Istio can intelligently control the flow of traffic between services, conduct a range of tests and upgrade gradually with blue/green deployments.
  • Secure: Automatically secure your services through managed authentication, authorization, and encryption of communication between services.
  • Control: Apply policies and ensure that they are enforced and that resources are fairly distributed among consumers.
  • Observe: See what’s happening with rich automatic tracing, monitoring, logging of all your services.

And, as explained in "Distributed microservices architecture: Istio, managed API gateways and, enterprise integration", a service mesh does not relieve the need for an API management solution. A service mesh manages services and the connections between them, whereas an API management solution manages APIs and their consumers. In this article, I'll describe how to manage APIs using the Red Hat Integration adapter for Istio.

Red Hat Integration offers an API management capability that let companies build an ecosystem of consumers around their APIs and then drive new revenue from them.

  • Visibility: Get insights on your APIs usage (most used methods of your API, top consuming applications, API Health, etc.).
  • Control: Manage the client applications and their consumption (quotas, SLAs, pricing, etc.).
  • Monetization: Drive new revenue with per-usage pricing.
  • Hybrid API management: Connect APIs wherever they are (on-premises, SaaS, or in various cloud providers), manage them from a single location.
  • API lifecycle: Scale from an idea to the realization, from the inception of an API program up to management at scale throughout your whole company (see “Full API lifecycle management: A primer” for more information).

When APIs meet the service mesh

The latest release of Red Hat Integration adds an Istio adapter that connects the Istio service mesh to it so that you can upgrade any service in your service mesh to a full-featured API.

This adapter brings to the Istio service mesh the API management capabilities of Red Hat Integration:

  • Developer self-service and on-boarding
  • API documentation
  • Monetization
  • Usage analytics

In Istio, an adapter is a pluggable component that handles various aspects of the service mesh. An adapter can handle aspects such as Authorization and Telemetry, for example. The Red Hat Integration adapter plugs in the Mixer component to validate an API Key (Authorization) and report usage (Telemetry).

Tutorial

In the rest of this article, I'll describe the first steps for using the Red Hat Integration adapter. These steps assume Istio is already installed on your Minishift instance or on your Red Hat OpenShift cluster, as well as Red Hat Integration.

Before managing APIs in the service mesh, we need to deploy a few sample components in it: start by deploying the bookstore application as explained here:

oc new-project bookstore
oc adm policy add-scc-to-user privileged -z default -n bookstore
oc adm policy add-scc-to-user anyuid -z default -n bookstore
oc apply -n bookstore -f https://raw.githubusercontent.com/Maistra/bookinfo/master/bookinfo.yaml
oc apply -n bookstore -f https://raw.githubusercontent.com/Maistra/bookinfo/master/bookinfo-gateway.yaml

Confirm the bookstore application is working with:

$ export GATEWAY_URL=$(oc get route -n istio-system istio-ingressgateway -o jsonpath='{.spec.host}')
$ curl -s http://$GATEWAY_URL/api/v1/products |jq
[
  {
    "descriptionHtml": "<a href=\"https://en.wikipedia.org/wiki/The_Comedy_of_Errors\">Wikipedia Summary</a>: The Comedy of Errors is one of <b>William Shakespeare's</b> early plays. It is his shortest and one of his most farcical comedies, with a major part of the humour coming from slapstick and mistaken identity, in addition to puns and word play.",
    "id": 0,
    "title": "The Comedy of Errors"
  }
]

As you can see, the bookstore application exposes an API which is not yet managed (anyone can query it freely).

Discover how to manage this API using the Red Hat Integration adapter for Istio in the following video.

Last updated: January 12, 2024