The document discusses enabling API management using a GitOps framework. It describes key components needed for API management like the OpenAPI spec, implementation code, infrastructure code, integration configuration, API management configuration, API gateway configuration, and API catalog. Using GitOps provides benefits like empowering developers to manage infrastructure configuration similarly to code using Git, keeping configurations declarative and version controlled, and enabling simple, automated, auditable deployments that detect deviations from the configuration.
5. There are 3 key aspects that makes an agile integration approach:
Distributed integration:
This approach enables a distributed integration architecture, rather than the traditional centralized integration architecture,
and it empowers each teams to define and deploy the integration patterns that they need with agility.
APIs: Well built APIs have a huge impact on collaboration between teams, development, and operations. APIs allow to expose key assets that
can be used and reused as building blocks across the organization, with partners, and with customers. APIs can be deployed together with
containers to different environments, allowing different users to interact with different sets of APIs.
Containers: For both API and distributed integration technologies, containers work as the underlying
deployment platform. Containers allow the exact service to be deployed within a specific
environment in a way that is easy and consistent to develop, test, and maintain. Because containers
are the dominant platform for DevOps environments and microservices, using containers
as the integration platform produces a much more transparent and collaborative relationship
between development and infrastructure teams.
6.
7.
8.
9. DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
API M OPERATIONS
API Consumer
API MANAGEMENT
MICRO SERVICES
API Providers
SECURITY
APIM Operations
APPLICATIONS
API MANAGEMENT - CAPABILITY MODEL - STAKEHOLDERS
10. API MANAGEMENT - CAPABILITY MODEL - Traffic Flow
DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
API MANAGEMENT
APPLICATIONS & MICRO SERVICES
API Providers
Central
Gateway
(default)
SECURITY /IAM+FW)
Policy
fetch
Dedicated
Gateway
(option)
HTTP
traffic
Policy
store
OAuth2
federated
IAM
Portal
Access
Policy
Store
OAuth2 providerAD
11. DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
APIM
Operations
API Consumer
API MANAGEMENT
API Providers
SECURITY(IAM+FW)
1. Secure, Reliable and Flexible Com.
1.1 Authentication and Authorization
1.2 Threat Detection
1.3 Data Privacy
1.4 Traffic Management
1.5 QoS Management
1.6 Interface Translation
1.7 Service Routing
1.8 Service Orchestration
1.9 Policy Management and Tracking
2. API Landscape & Operations
2.1 Flexible Deployment Topology
2.2 Platform Automation
2.3 Operational Support
2.4 Developer Portal Deployment
2.5 Platform Upgrades
2.6 Platform Configuration
3. API Lifecycle and Org
3.1 Publication
3.2 Version Management
3.3 Change Notification
3.4 Issue Management
4. Capabilities That Enable Developers
4.1 Discovery Metadata
4.2 Developer Self-Support
4.3 Developer Access Provisioning
4.4 Collaboration and Community
4.5 Developer Enablement Admin
4.6 API Scenario Optimization
5. API Economy
5.1 Activity Logging
5.2 User Auditing
5.3 Business Value Reporting
5.4 Contract Management
5.5 Advanced Analytics
5.6 Service-Level Reporting
APIM Operations
MICRO SERVICESAPPLICATIONS
API MANAGEMENT - CAPABILITY MODEL - Use cases
12. DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES
Firewall
OpenShift + Docker
DNS
Certificate Store
1. Secure, Reliable and Flexible Com.
1.1 Authentication and Authorization
1.2 Threat Detection
1.3 Data Privacy
1.4 Traffic Management
1.5 QoS Management
1.6 Interface Translation
1.7 Service Routing
1.8 Service Orchestration
1.9 Policy Management and Tracking
2. API Landscape & Operations
2.1 Flexible Deployment Topology
2.2 Platform Automation
2.3 Operational Support
2.4 Developer Portal Deployment
2.5 Platform Upgrades
2.6 Platform Configuration
3. API Lifecycle and Org
3.1 Publication
3.2 Version Management
3.3 Change Notification
3.4 Issue Management
4. Capabilities That Enable Developers
4.1 Discovery Metadata
4.2 Developer Self-Support
4.3 Developer Access Provisioning
4.4 Collaboration and Community
4.5 Developer Enablement Admin
4.6 API Scenario Optimization
5. API Economy
5.1 Activity Logging
5.2 User Auditing
5.3 Business Value Reporting
5.4 Contract Management
5.5 Advanced Analytics
5.6 Service-Level Reporting
Area 1
API MANAGEMENT
APPLICATIONS, MICRO SERVICES & MIDDLEWARE
API Providers
FIREWALLS + IAM
1.1.1 Dev key policy mgmt
1.1.2 Identity mgmt
1.1.3 Identity fed providers
1.1.4 Authorization policies
1.2.1 NW behav. analysis
1.2.2 Content inspection
1.2.3 Error visualization
1.3.2 Data masking
1.3.3 Data filtering
1.3.4 Tokenization
1.4.1 Usage throttling
1.4.2 Dev cons. quotas
OAuth2 provider XAny OAuth2 provider
- 1.7.4.1 e.g. DNS record RR
- 1.1.4.1 App Key
- 1.1.4.2 App Key + App id
- 1.1.4.3.1 OAuth2 -Client Cred
- 1.1.4.3.2 OAuth2 -Owner Cred
- 1.1.4.3.3 OAuth2 -Client side Grant
- 1.1.4.3.4 OAuth2 -Server side Grant- 1.2.3.1 Basic Metrics
- 1.2.3.1 Advanced Analytics
1.3.1 Encr. & cert. mgmt
1.5.1 Caching
1.5.2 Edge Caching1.7.1 URL mapping
1.7.2 Service dispatching
1.7.3 Connection pooling
1.7.4 Load balancing
1.8.1 Interface composition
1.8.2 Int.with remote APIs
1.9.1 Policy AuthZ tagging
1.9.2 Live policy deploym.
1.9.3 Policy scheduling
1.6.1 Format translation
1.6.2 Protocol translation
1.6.3 Service Mapping
- 1.1.2.1 e.g.Customer IAM
- 1.7.2.1 e.g. URI mapping pub/priv
API MANAGEMENT - CAPABILITY MODEL
-
13. DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES
Firewall
K8S + Docker
DNS
Certificate Store
1. Secure, Reliable and Flexible Com.
1.1 Authentication and Authorization
1.2 Threat Detection
1.3 Data Privacy
1.4 Traffic Management
1.5 QoS Management
1.6 Interface Translation
1.7 Service Routing
1.8 Service Orchestration
1.9 Policy Management and Tracking
2. API Landscape & Operations
2.1 Flexible Deployment Topology
2.2 Platform Automation
2.3 Operational Support
2.4 Developer Portal Deployment
2.5 Platform Upgrades
2.6 Platform Configuration
3. API Lifecycle and Org
3.1 Publication
3.2 Version Management
3.3 Change Notification
3.4 Issue Management
4. Capabilities That Enable Developers
4.1 Discovery Metadata
4.2 Developer Self-Support
4.3 Developer Access Provisioning
4.4 Collaboration and Community
4.5 Developer Enablement Admin
4.6 API Scenario Optimization
5. API Economy
5.1 Activity Logging
5.2 User Auditing
5.3 Business Value Reporting
5.4 Contract Management
5.5 Advanced Analytics
5.6 Service-Level Reporting
Area 2
API MANAGEMENT
APPLICATIONS, MICRO SERVICES & MIDDLEWARE
API Providers
FIREWALLS + IAM
2.1.1 API Mgmt Cloud Services
2.1.2 On Prem. Deploy Option
2.1.1 API Mgmt Cloud Services
2.1.2 On Prem. Deploy Option
2.1.1 API Mgmt Cloud Services
2.1.2 On Prem. Deploy Option
2.1.1 API Mgmt Cloud Services
2.1.2 On Prem. Deploy Option
2.1.1 API Mgmt Cloud Services
2.2.1 API Mgmt Platform API
2.2.2 Policy Migration Support
2.2.3 Developer Toolbox
- 2.2.2.2 Staging of policy per env
- 2.2.2.1 Test, QA, Prod envs
2.3.1 Sys monitoring integr.
2.3.2 Backup and dis. recovery
2.4.1 Integr. with existing IAM
e.g. AD
2.4.2 Portal branding
- 2.4.2.1 Custom Branding
- 2.4.2.2 Custom Pages
2.5.1 Platform Update Process
2.5.2 CM for Cloud Service Update
2.6.1 Self-service deployment
2.6.2 API Provider subtenancy
2.6.3 Platform modularity
- 2.6.2.1 Delegated API Admin
- 2.6.1.1 New API
- 2.6.1.2 Updated API
- 2.6.2.2 Multiple API Portals
- 2.6.3.1 Activated features
API MANAGEMENT - CAPABILITY MODEL
14. API MANAGEMENT - CAPABILITY MODEL
DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES
Firewall
K8St + Docker
DNS
Certificate Store
1. Secure, Reliable and Flexible Com.
1.1 Authentication and Authorization
1.2 Threat Detection
1.3 Data Privacy
1.4 Traffic Management
1.5 QoS Management
1.6 Interface Translation
1.7 Service Routing
1.8 Service Orchestration
1.9 Policy Management and Tracking
2. API Landscape & Operations
2.1 Flexible Deployment Topology
2.2 Platform Automation
2.3 Operational Support
2.4 Developer Portal Deployment
2.5 Platform Upgrades
2.6 Platform Configuration
3. API Lifecycle and Org
3.1 Publication
3.2 Version Management
3.3 Change Notification
3.4 Issue Management
4. Capabilities That Enable Developers
4.1 Discovery Metadata
4.2 Developer Self-Support
4.3 Developer Access Provisioning
4.4 Collaboration and Community
4.5 Developer Enablement Admin
4.6 API Scenario Optimization
5. API Economy
5.1 Activity Logging
5.2 User Auditing
5.3 Business Value Reporting
5.4 Contract Management
5.5 Advanced Analytics
5.6 Service-Level Reporting
Area 3
API MANAGEMENT
APPLICATIONS, MICRO SERVICES & MIDDLEWARE
API Providers
FIREWALLS + IAM
3.1.1 Design
3.1.2 Deployment
3.1.3 Migration
3.1.4 Rollback
3.2.1 Versioning
3.2.2 Packaging
3.2.3 Deprecation
3.2.4 Retirement
3.3.1 Release notification
3.3.2 Availability notification
3.4.1 Change and defect tracking
3.4.2 Issue analysis and reporting
15. API MANAGEMENT - CAPABILITY MODEL
DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES
Firewall
K8S + Docker
DNS
Certificate Store
1. Secure, Reliable and Flexible Com.
1.1 Authentication and Authorization
1.2 Threat Detection
1.3 Data Privacy
1.4 Traffic Management
1.5 QoS Management
1.6 Interface Translation
1.7 Service Routing
1.8 Service Orchestration
1.9 Policy Management and Tracking
2. API Landscape & Operations
2.1 Flexible Deployment Topology
2.2 Platform Automation
2.3 Operational Support
2.4 Developer Portal Deployment
2.5 Platform Upgrades
2.6 Platform Configuration
3. API Lifecycle and Org
3.1 Publication
3.2 Version Management
3.3 Change Notification
3.4 Issue Management
4. Capabilities That Enable Developers
4.1 Discovery Metadata
4.2 Developer Self-Support
4.3 Developer Access Provisioning
4.4 Collaboration and Community
4.5 Developer Enablement Admin
4.6 API Scenario Optimization
5. API Economy
5.1 Activity Logging
5.2 User Auditing
5.3 Business Value Reporting
5.4 Contract Management
5.5 Advanced Analytics
5.6 Service-Level Reporting
Area 4
API MANAGEMENT
APPLICATIONS, MICRO SERVICES & MIDDLEWARE
API Providers
FIREWALLS + IAM
4.1.1 API Catalogue 4.1.2 Version history
4.2.1 Documentation
4.2.2 Test sandboxes
4.2.3 Sample code
4.2.4 Libraries
4.2.5 API Billing
4.2.2 Test sandboxes
4.2.3 Sample code
4.2.4 Libraries
4.3.1 Developer API key reg
4.3.2 Developer API key mgmt
4.4.1 API provider blog
4.4.2 Developer forums
4.4.2 Change notification reg.
4.4.3 Developer issue reporting
4.5.1 Developer forum mgmt
4.5.2 Content management
4.5.3 API Doc Management
4.6.1 Mobile Scenarios
4.6.2 IoT Scenarios
4.6.3 Cloud Scenarios
4.6.4 Web App Scenarios
16. API MANAGEMENT - CAPABILITY MODEL
DEVELOPER PORTAL
API MANAGER PORTAL
API Consumers
API GATEWAY
OTHER DEPENDENCIES (e.g. integration middleware, analytics etc) API MGMT INFRA DEPENDENCIES
Firewall
K8S + Docker
DNS
Certificate Store
1. Secure, Reliable and Flexible Com.
1.1 Authentication and Authorization
1.2 Threat Detection
1.3 Data Privacy
1.4 Traffic Management
1.5 QoS Management
1.6 Interface Translation
1.7 Service Routing
1.8 Service Orchestration
1.9 Policy Management and Tracking
2. API Landscape & Operations
2.1 Flexible Deployment Topology
2.2 Platform Automation
2.3 Operational Support
2.4 Developer Portal Deployment
2.5 Platform Upgrades
2.6 Platform Configuration
3. API Lifecycle and Org
3.1 Publication
3.2 Version Management
3.3 Change Notification
3.4 Issue Management
4. Capabilities That Enable Developers
4.1 Discovery Metadata
4.2 Developer Self-Support
4.3 Developer Access Provisioning
4.4 Collaboration and Community
4.5 Developer Enablement Admin
4.6 API Scenario Optimization
5. API Economy
5.1 Activity Logging
5.2 User Auditing
5.3 Business Value Reporting
5.4 Contract Management
5.5 Advanced Analytics
5.6 Service-Level Reporting
Area 5
API MANAGEMENT
APPLICATIONS, MICRO SERVICES & MIDDLEWARE
API Providers
FIREWALLS + IAM
5.1.1 Access logging
5.1.2 Consumption logging
5.1.3 Performance logging
5.1.3 Error logging
5.1.4 Audit logging
5.2.1 Access reporting
5.2.2 Usage reporting
5.3.1 Revenue reporting
5.3.2 Value reporting
5.3.3 Report & data export
5.4.1 Terms of service Mgmt
5.4.2 Dev Rate Tier Admin
5.5.1 Pluggable reporting
5.5.2 Custom Reporting
5.6.1 Remote monitoring
5.6.2 Availability statistics
5.6.3 Performance statisticsAdvanced Analytics
5.6.4 Exception statistics
5.6.5 Service-level alerts
22. ● OpenAPI Spec
● Implementation code
● Infrastructure code
● Integration config
● API Management config
● API Gateway config
● API Catalog
● Deployment config
23. GITOPS & KEY BENEFITS
● Empowers developers to treat the configuration of infrastructure and deployment of code in a very similar
manner to how they manage their software development process using a familiar tool: Git.
● Configuration of applications and the deployment environments should be declarative and version controlled.
● Application deployment and lifecycle management should be simple, automated, and auditable.
● Application deployments should be fast, reliable, and idempotent.
● Any deviation from the version controlled configuration should be immediately detected and remediated.
•An operating model for Kubernetes providing guidelines which unify deployment, management and
monitoring for containerized clusters and applications.
CICD pipelines and git workflows are applied to both operations, and development.
24. GITOPS & CONTINUOUS INTEGRATION
During a Continuous Integration (CI) practice, developers merge code changes in a central
repository (Git). With CI, each change in code (commit) triggers an automated build-and-test
stage for the given repo and provides feedback to the developer(s) who made the change.
GitOps CI Pipeline differs from traditional CI pipeline , where in the CI pipeline performs
updates to the application manifest with the new image version after the build and test stages
have completed successfully.
25. GITOPS & CONTINUOUS INTEGRATION FLOW
GitOps CI pipeline enables to
1. Build the application and run unit
testing as needed.
2. Push a new container image to a
container registry
3. Update the Kubernetes
manifests in Git to reflect the new
image
26. GITOPS & CONTINUOUS DEPLOYMENT
During Continuous Delivery (CD) involves the process of automating the entire software
release process. Continuous Delivery includes infrastructure provisioning in addition to
deployment.
GitOps CD differs from from traditional CD through the use of a GitOps operator to monitor the
manifest changes and orchestrate the deployment. As long as the CI build is complete and the
manifest is updated, GitOps Operator takes care of the eventual deployment.
27. GITOPS & CONTINUOUS DEPLOYMENT FLOW
Below are the phases performed by the GitOps
operator to deploy based on manifest change.
Git Clone Config Repo
The GitOps operator detects changes in your repo
and performs a git clone to get the latest
manifests from your Git repo.
Discover Manifests
The GitOps Operator also determines if there is
any delta between the manifests in Kubernetes
vs. the latest manifests from Git Repo. If there is
no difference, GitOps Operator stops at this point.
Kubectl Apply
If the GitOps Operator determines there are
differences between Kubernetes manifests vs. Git
Repo manifests, GitOps Operator applies the new
manifests to Kubernetes using the kubectl apply
command.