U.S. BANK

Moving traditional

microservice to Service

Mesh

Polerio Babao III MS, CEH, CHFI, ACSA

Assistant Vice President,

Senior Technology Architect

U.S. Bank

Oct. 9, 2019 API World – San Jose, CA

2 U.S. BANK |

Polerio Babao III MS, CEH, CHFI, ACSA

Assistant Vice President, Senior Technology Architect - U.S. Bank

Enterprise API Solutions Engineering

PolerioBabao @ LinkedIn

3 U.S. BANK |

Agenda

• What is a traditional microservice?

• What is service mesh?

• How do we convert the microservice to use

service mesh?

4 U.S. BANK |

What is a traditional microservice?

High Cohesion

Autonomous

Business Domain

Resiliency

Observable

Automation

5 U.S. BANK |

Payments

Microservice

Notification

Microservice

DB

Stripe

Adapter

Twilio

Adapter

AWS SES

Adapter

Recoveries

Microservice

DB

REST

API

REST

API

Mortgage

Microservice

DB

Collections

Microservice

DB

Partnerships

Microservice DB

REST

API

REST

API REST

API

REST

API

API

Gateway

Bank

Web UI

Experience

API

REST

API REST

API

Traditional Microservices

6 U.S. BANK |

2010 2020 2000 1990 1980

Client Server Cloud Container

AWS

Google

Azure

Infrastructure Landscape Journey

7 U.S. BANK |

2000 2016 2010 2018 2013 2019 2014 2006

Technology Landscape Journey

8 U.S. BANK |

Load Balancer

•Layer 4 (TCP) load balancing

•Path-based routing

•Port-based routing

•SSL/TLS termination

Traditional Services Deployment Pattern

Microservices

•Circuit breakers

•Rate limiting

•Service registration and discovery

•Routing

•Load Balancing

•TLS/MTLS

Autoscaling

•Scale virtual machines or pods

•Desired capacity/size

•Min/max size

•CPU, memory, disk, network metrics

•Health check

•Scaling policies

9 U.S. BANK |

Modern Microservice Deployment

Pattern

What is Service Mesh?

10 U.S. BANK |

Service Discovery

Load balancing

Encryption

Observability

Traceability

Authentication & Authorization

Circuit Breaker

Canary Deployment

Autoscaling

Traffic mirroring

Modern Microservices using Service Mesh

11 U.S. BANK |

Service Mesh

Sidecar Proxy

12 U.S. BANK |

Microservice B Microservice A

Control Plane

• Control Plane UI/CLI

• Workload scheduler

• Service discovery

• Sidecar proxy configuration APIs

Data Plane A

• Resiliency

• Canary Deployment

• Authentication & Authorization

• Observability

Service Mesh

Data Plane B

…

13 U.S. BANK |

Pod A

Microservice A

Sidecar Proxy A

Security / MTLS

• Encryption

• Data Integrity

• Authentication

Fault tolerance

• Circuit breaking

• Rate limiting

• Bulkheading

• Automatic retrying

• Response caching

Ingress

Gateway

TLS/MTLS

Egress

Gateway

Service Mesh using Istio & Kubernetes

• Business logic

14 U.S. BANK |

Code vs deployment configuration

Application Service Mesh

Business

Logic

Circuit

Breaker

Canary / AB

Testing

TLS/MTLS Business

Logic

Application

Circuit

Breaker

Canary / AB

Testing

TLS/MTLS

High

Concurrency High

Concurrency

…

…

15 U.S. BANK |

2016 2017 2015

Data Planes

Control Planes

2019 2013

SmartStack

2001

Istio

Evolution of Service Mesh Technology

16 U.S. BANK |

How do we convert the microservice to use

Service Mesh?

17 U.S. BANK |

Tracing

Payments

Microservice

Notification

Microservice

DB

Stripe

Adapter

Twilio

Adapter

AWS SES

Adapter

REST

API

REST

API

Mortgage

Microservice

DB

Collection

Microservice

DB

Branded

Microservice

DB

REST

API

REST

API

REST

API

API

Gateway

Credentials

Management

Bank

Web

UI

Sidecar

proxy

Sidecar

proxy

Sidecar

proxy

Sidecar

proxy Sidecar

proxy

Sidecar

proxy

Ingress Gateway

Service Mesh

Control Plane

Monitoring

Microservices Infrastructure in Service Mesh

using Istio

18 U.S. BANK |

Questions Contact me at LinkedIn: Polerio Babao III