Continuous Security Best Practices

9 Pillars of Continuous Security Best Practices

1. Leadership 
2. Collaborative Culture
3. Design for DevOps
4. Continuous Integration
5. Continuous Testing
6. Continuous Monitoring
7. Continuous Security
8. Elastic Infrastructure
9. Continuous Delivery/Deployment

Refer: https://devops.com/9-pillars-of-continuous-security-best-practices/

API Gateway vs. Service Mesh

 Service Mesh "How is it different from an API gateway?" It's a good question. The overlap between API gateway and service mesh patterns is significant. They can both handle service discovery, request routing, authentication, rate limiting, and monitoring, but there are differences in architectures and intentions. A service mesh's primary purpose is to manage internal service-to-service communication, while an API Gateway is primarily meant for external client-to-service communication.

Do You Need Both?

You may be wondering if you need both an API gateway and a service mesh.  Today you probably do, but as service mesh evolves, we believe it will incorporate much of what you get from an API gateway today.

The main purpose of an API gateway is to accept traffic from outside your network and distribute it internally. The main purpose of a service mesh is to route and manage traffic within your network. A service mesh can work with an API gateway to efficiently accept external traffic then effectively route that traffic once it's in your network. The combination of these technologies can be a powerful way to ensure application uptime and resiliency while ensuring your applications are easily consumable.

In a deployment with an API gateway and a service mesh, incoming traffic from outside the cluster would first be routed through the API gateway, then into the mesh. The API gateway could handle authentication, edge routing and other edge functions, while the service mesh provides fine-grained observability of and control of your architecture.

The interesting thing to note is that service mesh technologies are quickly evolving and are starting to take on some of the functions of an API gateway. A great example is the introduction of the Istio v1alpha3 routing API which is available in Aspen Mesh 1.0. Prior to this, Istio had used Kubernetes ingress control which is pretty basic so it made sense to use an API gateway for better functionality. But, the increased functionality introduced by the v1alpha3 API has made it easier to manage large applications and to work with protocols other than HTTP, which was previously something an API gateway was needed to do effectively.

What The Future Holds

The v1alpha3 API provides a good example of how a service mesh is reducing the need for API gateway capabilities. As the cloud-native space evolves and more organizations move to using Docker and Kubernetes to manage their microservice architectures, it seems highly likely that service mesh and API gateway functionality will merge. In the next few years, we believe that standalone API gateways will be used less and less as much of their functionality will be absorbed by service mesh.

References:

https://dzone.com/articles/api-gateway-vs-service-mesh

https://konghq.com/blog/the-difference-between-api-gateways-and-service-mesh/

https://medium.com/microservices-in-practice/service-mesh-vs-api-gateway-a6d814b9bf56

Choosing between the tools is at https://medium.com/@mahesh.mahadevan/my-experiences-with-api-gateways-8a93ad17c4c4