Presentation from Devops Barcelona conference on June 2019.
Step by step process to migrate from a monolith to several microservices in the cloud.
See with transitions at https://docs.google.com/presentation/d/10PvqjwDwBv96Ga2k0ZLrfi83NrQQnGQyLPKn0XsYC40/edit#slide=id.g585eb34422_0_592
6. 2019 KrakenD API Gateway6 Photo by @voyagefervor, Instagram
Service Mesh
API Gateways
Proxies with GW
GraphQL
API Managers
7. 2019 KrakenD API Gateway7
Proxy with GW 1:1 mapping endpoint-backends - No business logic - Offload cross-cutting
concerns. No aggregation
Products with overlapping features
GraphQL HTTP only - Single Endpoint - Allows the client to choose exactly the data in
the response. E.g: you provide an API to developers out of your organization
API Gateway Services aggregation - Business logic - API Contract - No coupling to
backend - Offload cross-cutting concerns. Can implement the BFF pattern.
Service Mesh Internal communication between services (not for the end-user). No business
logic
API Managers Access management (generate API Keys), billing, developer portal, usage
statistics
11. 2019 KrakenD API Gateway11
A gateway is not the new monolith
★ Coordination required
★ Data synchronization
★ Datastore as source of truth
★ Complexity
★ Multi-region lag
★ Mutable configuration
NON-LINEAR SCALABILITY
Stateless Stateful
★ No node coordination
★ No synchronization
★ Zero complexity
★ No challenges for Multi-region
★ Declarative configuration
★ Immutable infrastructure
LINEAR SCALABILITY
12. 2019 KrakenD API Gateway12
API GW
APIGW:North-southtraffic
Mesh: east-west traffic
18. 2019 KrakenD API Gateway18
Migration strategies
NEW
functionality
INCREMENTAL
Migration
(piece by piece, new and old)
ALL IN
Swap
19. 2019 KrakenD API Gateway19
Incremental move to µservices
Database
Catalog
Promotions
Basket
Payments
Orders
Pricing
Stock
Authentication
20. 2019 KrakenD API Gateway20
Migration
steps
TL;DR
2 Move authorization to the GW
1 Add the gateway
3 Break a piece of the monolith
4 Aggregate the microservice
5 Deployment and Observability
22. 2019 KrakenD API Gateway22
Add the gateway, as a proxy
Web + API
MONOLITH
/foo
/bar
/foo
/bar
Proxy
1
Keep the existing API contract
Forward cookies
25. 2019 KrakenD API Gateway25
Unified interface
Service 1
v1.1 XML
Service 2
v3.2 JSON
Service 3
v2.9 RSS
你好
Hello
Привет
KrakenD
/v1/hello-world
➔ Automatic API generation
and integration
➔ Consumers (iOS, Android,
Web, Server devs) in control
of the API
➔ Homogeneous consumption
of data formats and
encodings
➔ Reduced bandwidth and
errors
➔ Increased speed
➔ Better quality of service
26. 2019 KrakenD API Gateway26
Gateway added
At this point...
- The gateway is in the cloud
- Plugged to the onprem
monolith (VPN?)
- It’s hybrid (cloud+onprem)
- We defined all endpoints
- Transparent for the client
- Session Cookies still allowed
API contract kept
1
27. 2019 KrakenD API Gateway27
The weakest punishes the stronger
When weakly typed languages harm the strongly typed ones
{
"id_user": 2,
"alias": "bob"
}
Output from weakly typed lang
Strongly
typed
{
"id_user": "2",
"alias": "bob"
}
😱
HORROR
STORIES
😱
31. 2019 KrakenD API Gateway31
Login controller in the monolith (BEFORE)
if ($user_data = $this->login($username, $password)) {
// Start the session (COOKIE)
startUserSession($user_data);
// Set the “remind me” cookie:
setRemindMeCookie($user_data['auto_login']);
...
}
2
35. 2019 KrakenD API Gateway35
At this point...
- All desired endpoints are
protected by the gateway
(sign + validation)
- “Authentication” header is
the only needed header,
but not cookies.
- The monolith gets session
data from token
JWT tokens
implemented
No more sessions
2
41. 2019 KrakenD API Gateway41
Pick a first service to extract
Catalog
Promotions
Basket
Payments
Orders
Pricing
Stock
/login
Authentication
MONOLITH
3
42. 2019 KrakenD API Gateway42
Idempotent and safe services?
Gateway
It’s a read operation but….
Service
GET
DB
Read data
UPDATE
HORROR
STORIES
😱
47. 2019 KrakenD API Gateway47
Aggregating the hard way
Backends
/splash
x68
Screen Calls
First App Launch 68
Onboarding Tour 178
Wake-up after background 208
Front Page (w/ scroll) 39
Select Category 21
Apply a Filter 30
Product detail 22
Go to basket 51
My account 92
Help 42
To Checkout 57
TOTAL DURING THE SESSION
808
HORROR
STORIES
😱
49. 2019 KrakenD API Gateway49
Avoid the “take it all” pattern
Client
Providing a lot of data to the client, just in case it’s needed
Gateway
Your 10MB, thank you
HORROR
STORIES
😱
50. 2019 KrakenD API Gateway50
Directly connect to message brokers
Catalog
/notify
Notifications
QUEUE
Azure Service
Bus Topic
4
52. 2019 KrakenD API Gateway52
Simple deployment (stateless)
FROM devopsfaith/krakend
COPY krakend.json
/etc/krakend/krakend.json
+ ≃
40MB
Dockerfile
53. 2019 KrakenD API Gateway53
Deploy anywhere
Orchestration
Platforms
54. 2019 KrakenD API Gateway54
Assign a KrakenD to each team (client type)
Catalog
Promotions
Basket
Payments
Orders
Pricing
Stock
Authentication
Android
iOS
SPA
55. 2019 KrakenD API Gateway55
Assign a KrakenD to each team (micro frontends)
}
}
}
56. 2019 KrakenD API Gateway56
Not necessarily the single point of entry
Catalog
Promotions
Payments
Orders
Pricing
Stock
Authentication
67. 2019 KrakenD API Gateway67
Questions?
Let’s have a beer!
@devopsfaith | @alombarte
Email: albert@krakend.io
Photo by Patrick Fore
Notes de l'éditeur
From on-premises monolith to cloud microservices
BEST VIEWED IN PRESENTATION MODE TO UNDERSTAND TRANSITIONS
SLACK: https://invite.slack.golangbridge.org/ → #krakend channel
The LOGIC needs to persist its state in an external DATA, that is queried by all nodes. It’s the SOURCE OF TRUTH
Scaling the Gateway means scaling a database.
WHEN we go to multiple regions, this data needs to be synchronized.
The gateway does not work without a DB
In a STATELESS gateway everything needed to provide the service, lives inside the configuration of the application and there is no need of centralization and shared state (database).
Every node only knows about its own state and it does not need to know about the other nodes
Because a GW is a piece usually in the middle of your backend consumption is too tempting to do certain stuff.
We think that a gateway cannot be the new monolith and shouldn’t have centralization.
API GATEWAY -> Connects EXTERNAL TRAFFIC with INTERNAL SERVICES.
As it can provide AGGREGATED consumption of services for the client is also associated to the BACKEND FOR FRONTEND
SERVICE MESH → Internal communication
A proxy might solve some of these SHARED problems (cross-cutting concerns), like security, rate limiting or circuit breaking. (HAPROXY, NGINX PLUS)
**
A Proxy ADDS ROUTING capabilities. We can have a group of URLs pointint to a specific service
But the problem of this approach is this is a 1 to 1 . ONE-SERVICE-CONSUMED-AT-A-TIME
The clients are totally COUPLED to the Backend. Specially inconvenient for Mobile apps that cannot change the contract at wil once they are published in the AppStore or GooglePlay
All these proxies call themselves API GATEWAYS or even API Managers! There is a lot of controversy on the term, thanks to marketing
BUT A PROXY IS NOT SUITABLE FOR A MICROSERVICES MIGRATION, AS IT IS UNABLE TO AGGREGATE SOURCES
The term “traditional api gw” is sometimes used to stateful api gw.
The API Gateway can implement the BFF because you build it while thinking about the needs of the client app.
Add the gateway keeping the API contract, as proxy - backward compatibility
Microservices do not need to implement security - Replace cookies, use JWT
Chop the monolith and create a microservice
Use the gateway to aggreagate the services. The client won’t notice anything
Traces, loging and metrics
Go to 3 until monolith disappears
Put the krakend in the cloud, to face problems for being in a different network from the beginning (connection)
We put the gateway as proxy (not a GW yet)
We make sure we forward all cookies, as our example monolith uses them
We replicate all the endpoints of the monolith in the GW. Backwards compatibility: Keep the contract
Test and Change DNS
When we have this, the client doesn’t know that we added a GW
KEEP SHORT TOKENS
REFRESH TOKEN can be handled automatically, many libraries do it already.
The Social aspect usually weights more than the technical
Social = What is the size of your team, and their experience with MS? Growing plans (x4)? Responsibilities?
Tech = Domain of the components, dependencies BTW components, latency constraints, persistence model
When designing the microservices and how to extract them is very important to not create dependencies over the network
Heavy artifacts!
A good first candidate is usually the authentication service
A request method is considered "idempotent" when multiple identical requests have the same effect.
Request methods should be "safe" when theri semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change
DEVELOPER FOCUSES ON FUNCTIONALITY
A lot of this calls are due to drag and drop SDKs
More with:
Flatmap
DSL Language, Martian
Lua Scripts
Aggregation is done automatically but filter out those attributes that you don’t need
The gateway can be very fast, but if you pack the entire Internet in the response it won’t be a good experience.
Deploying a stateless GW is very easy as there is no persistence associated.
As there is only a configuration file, all you need to do is to COPY the file in your immutable container.
Doing a Blue/green deployment is very easy and superfast as the artifact is so small, and the nodes start without coordination.
It’s very important that such a complicated Grafana
Zipkin example
Instana (enteprise subscription) and Zipkin
REPEAT THE OPERATION WITH ANOTHER SERVICE:
Move to a microservice
Aggregate in the gateway with its corresponding use cases
IN MANY CASES, the effort of going fully to microservices is too high. You can keep your REDUCED MONOLITH as another service, preferably now inside the cloud
2'5 YEARS AGO we built from scratch an extensible API Gateway.
We LEARNED the hard way. Doing consultancy all this time helped us improve and grow our product with the real problems of the companies, at a crazy rythm.
- We provide today an open source project that brings all the Enterprise features at no cost.
- We are provably the only company in Barcelona developing 100% in Go.
In late 2016 we decided to repeat to create a Gateway for the public audience and started running in production