WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Architecture, Service Mesh, and More
wso2.org
272 views
47 slides
May 09, 2024
Slide 1 of 47
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
About This Presentation
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Architecture, Service Mesh, and More
Slide Content
Cloud-Native Middleware:
Domain Driven Design, Cell Based
Architecture, Service Mesh, and
more
Lakmal Warusawithana
Senior Director Cloud Architecture
WSO2
Domain Driven Design, Cell Based
Architecture, Service Mesh, and
more
Lakmal Warusawithana
Senior Director Cloud Architecture
WSO2
Software Design and Modularity
●Modularity, a fundamental principle in software design, plays a crucial role
in making software manageable and maintainable.
●It involves breaking down a system into smaller, manageable, and
interchangeable components or modules. Each module is designed to
execute one specific aspect of the desired functionality and interacts with
other modules through well-defined interfaces.
Modularity
3
in making software manageable and maintainable.
●It involves breaking down a system into smaller, manageable, and
interchangeable components or modules. Each module is designed to
execute one specific aspect of the desired functionality and interacts with
other modules through well-defined interfaces.
Modularity
3
Domain-driven design (DDD)
●Domain-Driven Design (DDD) is a methodology for software design that
involves creating detailed models to capture the business requirements of
a specific domain. These models form the conceptual basis for software
development.
●DDD helps us build a microservice architecture by splitting a big system
into smaller, independent parts. We figure out what each part does and
how they connect to each other.
Domain-driven design (DDD)
5
involves creating detailed models to capture the business requirements of
a specific domain. These models form the conceptual basis for software
development.
●DDD helps us build a microservice architecture by splitting a big system
into smaller, independent parts. We figure out what each part does and
how they connect to each other.
Domain-driven design (DDD)
5
Domain-Driven Design for microservices
6
●Strategic phase: identify the Bounded Contexts and map them out in a
context map
●Tactical phase: model each Bounded Context according to the business
rules of the subdomain.
●DDD is iterative and adaptive.
Analyze Domain
Define Bounded
Contexts
Identify
Microservices
6
●Strategic phase: identify the Bounded Contexts and map them out in a
context map
●Tactical phase: model each Bounded Context according to the business
rules of the subdomain.
●DDD is iterative and adaptive.
Analyze Domain
Define Bounded
Contexts
Identify
Microservices
●Domain-Driven Design: Tackling Complexity in the Heart of Software by
Eric Evans
●Implementing Domain-Driven Design by Vaughn Vernon
●Domain-Driven Design Distilled by Vaughn Vernon
Learn more about Domain-Driven Design
7
Eric Evans
●Implementing Domain-Driven Design by Vaughn Vernon
●Domain-Driven Design Distilled by Vaughn Vernon
Learn more about Domain-Driven Design
7
From Domain-Driven Design to
Cloud-Native Deployment
Cloud-Native Deployment
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
9
Cloud-Native Deployment
9
●Map bounded contexts into the deployment concepts
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
10
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
10
●Map bounded contexts into the deployment concepts
●Autonomous team operations
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
11
●Autonomous team operations
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
11
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
12
●Autonomous team operations
●Dependency management
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
12
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
●Service discovery and governance
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
13
●Autonomous team operations
●Dependency management
●Service discovery and governance
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
13
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
14
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
14
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
15
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
15
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
●Security implications
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
16
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
●Security implications
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
16
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
●Security implications
●Observability and monitoring
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
17
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
●Security implications
●Observability and monitoring
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
17
●Map bounded contexts into the deployment concepts
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
●Security implications
●Observability and monitoring
●Infrastructure/cloud cost
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
18
●Autonomous team operations
●Dependency management
●Service discovery and governance
●Complexity in scaling and resiliency
●Infrastructure automation and frequence release management
●Security implications
●Observability and monitoring
●Infrastructure/cloud cost
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
18
By combining the right architecture
with cloud-native middleware, these
challenges can be effectively
overcome.
with cloud-native middleware, these
challenges can be effectively
overcome.
Reference Architecture
Reference Architecture
21
https://github.com/wso2/reference-architecture/blob/master/platformless.md
21
https://github.com/wso2/reference-architecture/blob/master/platformless.md
Cell-based architecture (CBA)
●A Decentralized Reference Architecture for Cloud-native Applications by
Asanka Abeysinghe, CTO @WSO2 and Paul Fremantle, founder CTO
@WSO2
●Cell-based Architecture (CBA) and Domain-Driven Design (DDD) align well
together.
●CBA is an approach for modularizing a group of related capabilities from
(part of) a domain into a network cell and managing access to them
through well-defined gateways.
Cell-based architecture (CBA)
23
https://github.com/wso2/reference-architecture/blob/master/reference-architecture-cell-based.md
Asanka Abeysinghe, CTO @WSO2 and Paul Fremantle, founder CTO
@WSO2
●Cell-based Architecture (CBA) and Domain-Driven Design (DDD) align well
together.
●CBA is an approach for modularizing a group of related capabilities from
(part of) a domain into a network cell and managing access to them
through well-defined gateways.
Cell-based architecture (CBA)
23
https://github.com/wso2/reference-architecture/blob/master/reference-architecture-cell-based.md
Cell-based architecture (CBA)
24
24
Cloud-Native Middleware
●Cloud-native middleware is a software or set of software tools that
provide common services and capabilities to applications beyond those
offered by the underlying cloud infrastructure.
●It is designed to support scalability, resilience, maintainability, and
observability in cloud-native environments.
●This middleware integrates seamlessly with cloud services and caters to
the dynamic nature of cloud-native applications, enabling them to
communicate efficiently, scale, and adapt to changing demands without
compromising performance or security.
●Additionally, it includes features for monitoring and observing application
behavior, which is crucial for troubleshooting and optimizing performance.
Cloud-Native Middleware
26
provide common services and capabilities to applications beyond those
offered by the underlying cloud infrastructure.
●It is designed to support scalability, resilience, maintainability, and
observability in cloud-native environments.
●This middleware integrates seamlessly with cloud services and caters to
the dynamic nature of cloud-native applications, enabling them to
communicate efficiently, scale, and adapt to changing demands without
compromising performance or security.
●Additionally, it includes features for monitoring and observing application
behavior, which is crucial for troubleshooting and optimizing performance.
Cloud-Native Middleware
26
Cloud-Native Landscape
27
27
Reference Implementation
(Choreo)
(Choreo)
●Github
●Github Runners
●Docker
●Trivy Scanner
●Buildpacks
●Kubernetes
●Key Vault
●API Gateway
●eBPF
●Cilium Service Mesh
Cloud-Native Middleware used in Choreo Implementation
29
●Cilium CNI
●Wireguard
●Hubble
●Envoy
●Prometheus
●Opensearch
●FluentBit
●Keda
●Github Runners
●Docker
●Trivy Scanner
●Buildpacks
●Kubernetes
●Key Vault
●API Gateway
●eBPF
●Cilium Service Mesh
Cloud-Native Middleware used in Choreo Implementation
29
●Cilium CNI
●Wireguard
●Hubble
●Envoy
●Prometheus
●Opensearch
●FluentBit
●Keda
30
DDD and Dev time Deployment and Runtime
Domain Foo
S1
S2
Domain Bar
S1
S2
S3
DDD and Dev time Deployment and Runtime
Domain Foo
S1
S2
Domain Bar
S1
S2
S3
Key Vault
31
DDD and Dev time
Project Foo Project Bar
S2
S1
Domain Foo
S1
S2
Domain Bar
S1
S2
S3
S2
S3S1
Deployment and Runtime
Buildpacks
Docker Registry
Deployment
Services
Namespaces
HPA
ConfigMaps
31
DDD and Dev time
Project Foo Project Bar
S2
S1
Domain Foo
S1
S2
Domain Bar
S1
S2
S3
S2
S3S1
Deployment and Runtime
Buildpacks
Docker Registry
Deployment
Services
Namespaces
HPA
ConfigMaps
32
Dev time
Project Foo Project Bar
S2
S1
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network communication
and deny all others.
S2
S3S1
Deployment and Runtime
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Dev time
Project Foo Project Bar
S2
S1
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network communication
and deny all others.
S2
S3S1
Deployment and Runtime
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
33
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network communication
and deny all others.
API GW
API GW
API GW
API GW
AA AA
AA
AAAuthn & Authz
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network communication
and deny all others.
API GW
API GW
API GW
API GW
AA AA
AA
AAAuthn & Authz
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
34
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network communication
and deny all others.
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
API GW
AAAuthn & Authz
AA
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network communication
and deny all others.
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
API GW
AAAuthn & Authz
AA
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
35
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network
communication and
deny all others.
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
●S1 need to expose to
public
●S1−>S2
Bar
●S2 need to expose to
public
●S2−>S3
Cross Domain
●Foo/S2−>Bar/S1
●Service Discovery
Security
●Authentication and
Authorization
●All network call need to
be encrypted
●Allow only defined
network
communication and
deny all others.
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
36
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
37
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
38
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Metrics
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Metrics
Deployment and RuntimeDev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
39
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
Deployment and RuntimeDev time
Service Mesh
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
Deployment and RuntimeDev time
Service Mesh
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
40
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and RuntimeDev time
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
●Logs: access, debugs
etc
●System metrics:
memory, cpu etc
●Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
●Resiliency: retry, circuit
breaker etc
Serverless
●Scale to zero
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and RuntimeDev time
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
41
Project Foo Project Bar
S2
S1
S1
S2
S3
●Never Trust, Always
Verify
●Verify Explicitly
●Least Privilege Access
●Micro-Segmentation
●Layered Security
Controls and MFA
●Assume Breach
●End-to-End Encryption
●Full User and System
Visibility
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and RuntimeZero Trust Principals
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
●Never Trust, Always
Verify
●Verify Explicitly
●Least Privilege Access
●Micro-Segmentation
●Layered Security
Controls and MFA
●Assume Breach
●End-to-End Encryption
●Full User and System
Visibility
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and RuntimeZero Trust Principals
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
42
Project Foo Project Bar
S2
S1
S1
S2
S3
●Map bounded contexts
into the deployment
concepts
●Autonomous team
operations
●Dependency
management
●Service discovery and
governance
●Complexity in scaling
and resiliency
●Infrastructure
automation frequence
release management
●Security Implications
●Observability,
Monitoring and
Maintenance
●Infrastructure/cloud
cost
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and RuntimeRevisit Challengers
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
Project Foo Project Bar
S2
S1
S1
S2
S3
●Map bounded contexts
into the deployment
concepts
●Autonomous team
operations
●Dependency
management
●Service discovery and
governance
●Complexity in scaling
and resiliency
●Infrastructure
automation frequence
release management
●Security Implications
●Observability,
Monitoring and
Maintenance
●Infrastructure/cloud
cost
API GW
API GW
API GW
E
E
E
E
E
E
EEncrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny API GW
AAAuthn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and RuntimeRevisit Challengers
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
After building this platform, you'll
streamline the development process,
enhance productivity, and accelerate
time-to-market, all of which are
essential for business success.
streamline the development process,
enhance productivity, and accelerate
time-to-market, all of which are
essential for business success.
Platformless
●Platformless by Sanjiva, Paul and Asanka
●Cell-Based Architecture by Paul and Asanka
●Unlocking the Power of Programmable Data Planes in Kubernetes with
eBPF by Lakmal
●How We Implemented Zero Trust in Choreo by Lakmal
●Scaling Smart: Introducing Choreo’s Scale-to-Zero for Optimal Resource
Utilization by Lakmal
●Reference Architecture for a Cloud Native Digital Enterprise by Lakmal
●Reference Implementation for a Cloud Native Digital Enterprise by Lakmal
Read more…
45
●Cell-Based Architecture by Paul and Asanka
●Unlocking the Power of Programmable Data Planes in Kubernetes with
eBPF by Lakmal
●How We Implemented Zero Trust in Choreo by Lakmal
●Scaling Smart: Introducing Choreo’s Scale-to-Zero for Optimal Resource
Utilization by Lakmal
●Reference Architecture for a Cloud Native Digital Enterprise by Lakmal
●Reference Implementation for a Cloud Native Digital Enterprise by Lakmal
Read more…
45
Question Time!
46
46
Thank You!
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 272
- Slides 47
- Age 571 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
20 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views