Showing posts with label Microservices. Show all posts
Showing posts with label Microservices. Show all posts
Monday, November 22, 2021
Monday, April 12, 2021
Microservices - Client Side Load Balancing
https://spring.io/blog/2020/03/25/spring-tips-spring-cloud-loadbalancer
The
Spring Cloud Load Balancer, we need to have a service registry up and running.
A service registry makes it trivial to programmatically query for the location of a given service in a system. There are several popular implementations for service registries, including
- Apache Zookeeper,
- Netflix’s Eureka,
- Hashicorp Consul
- Kubernetes
- Cloud Foundry
---------------------------------------------------------------------------------------------------------
Microservices don't use server side load balancing. They use client side load balancing.
Client Side Load Balancing
To understand client side load balancing, let's recap microservices architecture. We generally create a service discovery like Eureka or Consul, where each service instance registers when bootstrapped. Eureka server maintains a service registry; it maintains all the instances of the service as a key/value map, where the {service id} of your microservice serves as the key and instances serve as the value. Now, if one microservice wants to communicate with another microservice, it generally looks up the service registry using DiscoveryClient and Eureka server returns all the instances of the calling microservice to the caller service. Then it was a caller service headache which instance it calls. Here, client side load balancing stepped in. Client side load balancing maintains an algorithm like round robin or zone specific, by which it can invoke instances of calling services. The advantage is s service registry always updates itself; if one instance goes down, it removes it from its registry, so when the client side load balancer talks to the Eureka server, it always updates itself, so there is no manual intervention- unlike server side load balancing- to remove an instance.
Another advantage is, as the load balancer is in the client side, you can control its load balancing algorithm programmatically. Ribbon provides this facility, so we will use Ribbon for client side load balancing.
----------------------------------------------------------------------------------------------------------
https://spring.io/blog/2020/03/25/spring-tips-spring-cloud-loadbalancer
The @LoadBalanced Annotation
In this final example, we’ll have Spring Cloud configure the WebClient instance for us. This approach is excellent if all requests that pass through that shared WebClient instance require load balancing. Just define a provider method for the WebClient.Builder and annotate it with @LoadBalanced. You can then use that WebClient.Builder to define a WebClient that’ll load balance automatically for us.
@Bean
@LoadBalanced
WebClient.Builder builder() {
return WebClient.builder();
}
@Bean
WebClient webClient(WebClient.Builder builder) {
return builder.build();
}Monday, April 5, 2021
Microservices, Fault Tolerance and Resilience - Hystrix - Spring Cloud
https://www.youtube.com/watch?v=o8RO38KbWvA&list=PLqq-6Pq4lTTbXZY_elyGv7IkKrfkSrX5e
#### Spring Boot Microservices Level 2: Fault Tolerance and Resilience
Fault Tolerance :- How much Tolerance a System has for a particular fault in microservices
Resilience :- How many Faults a System can handle
Thursday, March 25, 2021
JavaBrains Microservices POC
[JavaBrains] [Microservices POC]
https://www.youtube.com/watch?v=y8IQb4ofjDo&list=PLqq-6Pq4lTTZSKAFG6aCDVDP86Qx4lNas
#### Spring Boot Microservices Level 1: Communication and Discovery
https://www.youtube.com/watch?v=y8IQb4ofjDo&list=PLqq-6Pq4lTTZSKAFG6aCDVDP86Qx4lNas
#### Spring Boot Microservices Level 2: Fault Tolerance and Resilience
https://www.youtube.com/watch?v=o8RO38KbWvA&list=PLqq-6Pq4lTTbXZY_elyGv7IkKrfkSrX5e
#### Spring Boot Microservices Level 3: Microservice configuration
https://www.youtube.com/watch?v=upoIwn4rWCo&list=PLqq-6Pq4lTTaoaVoQVfRJPqvNTCjcTvJB
Why , We should not hard-code URLS of Services
- Code Change for URL modification
- Dynamic Cloud URL
- Load Balancer URL - Multi Instance URL
- Multiple Environment Server URLS
When Services Call Each other, How does a Service1 knows about Service2 URL ?
- Service Discovery - Design Pattern
- Eureka - Technology used for implementing "Service Discovery"
Client Side Service Discovery vs Server Side
Client Side Service Discovery
Client -> Service Discovery Server
Looks Up IP address of Service1
<- Provides IP Address to Client
Client -> Call to Service 1
Client <- Gets a response from Server1
Server-Side Service Discovery
Client Calls Service Discovery asks it to Send "Hi" on its behalf to Service1
Service1 Sends "Hello" response to Discovery Server and its forwarded to Client
Other Technologies which have come from Netflix OSS or developed by Spring Boot
- Hysterix - Fault Tolerance Library
- Zuul - Gateway
- Ribbon
- Feign
POM Management
spring-cloud-starter-netflix-eureka-server
spring-cloud-starter-netflix-eureka-server
<properties>
<java.version>11</java.version>
<spring-cloud.version>2020.0.2</spring-cloud.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-server</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-dependencies</artifactId>
<version>${spring-cloud.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
- @LoadBalanced
- @EnableEurekaClient
- @EnableEurekaServer
EurekaClient sends heartbeat to EurekaServer
So, If A Service Goes Down, After Maybe about 30 Seconds,
The Entry gets removed from Dashboard of Eureka Server
#### Spring Boot Microservices Level 1: Communication and Discovery
https://www.youtube.com/watch?v=y8IQb4ofjDo&list=PLqq-6Pq4lTTZSKAFG6aCDVDP86Qx4lNas
#### Spring Boot Microservices Level 2: Fault Tolerance and Resilience
https://www.youtube.com/watch?v=o8RO38KbWvA&list=PLqq-6Pq4lTTbXZY_elyGv7IkKrfkSrX5e
#### Spring Boot Microservices Level 3: Microservice configuration
https://www.youtube.com/watch?v=upoIwn4rWCo&list=PLqq-6Pq4lTTaoaVoQVfRJPqvNTCjcTvJBAdding Spring Cloud To An Existing Spring Boot Application
If you an existing Spring Boot app you want to add Spring Cloud to that app, the first step is to determine the version of Spring Cloud you should use. The version you use in your app will depend on the version of Spring Boot you are using.
The table below outlines which version of Spring Cloud maps to which version of Spring Boot.
| Release Train | Boot Version |
|---|---|
2020.0.x aka Ilford | 2.4.x |
2.2.x, 2.3.x (Starting with SR5) | |
2.1.x | |
2.0.x | |
1.5.x | |
1.5.x |
Monday, March 15, 2021
Microservices - Characteristics - Martin Fowler – Microservices
https://www.youtube.com/watch?v=2yko4TbC8cI
https://martinfowler.com/articles/microservices.html#CharacteristicsOfAMicroserviceArchitecture
https://martinfowler.com/articles/microservices.html#CharacteristicsOfAMicroserviceArchitecture
Characteristics of a Microservice Architecture
• Componentization via Services
• Organized around Business Capabilities
• Products not Projects
• Smart endpoints and dumb pipes
• Decentralized Governance
• Decentralized Data Management
• Infrastructure Automation
• Design for failure
• Evolutionary Design
CHAOS Monkey - Netflix
Thursday, March 11, 2021
POC - Microservices - Java Spring Cloud
Microservices POC
https://www.youtube.com/watch?v=BnknNTN8icw [DailyCodeBuffer]
https://www.youtube.com/watch?v=tljuDMmfJz8&t=123s [Java Techie]
https://www.youtube.com/watch?v=rlS9eH5tEnY [Tech Primers]
https://www.youtube.com/watch?v=SzbeDqBSRkc [PlayJava]
--------------------------------------------------------------------------------------------------------------------
Spring Cloud
https://spring.io/projects
https://spring.io/projects
Spring Cloud Gateway
To run your own gateway use the
spring-cloud-starter-gateway dependency.Hystrix -
org.springframework.cloud:spring-cloud-starter-netflix-hystrixCircuit Breaker Pattern
Spring Boot vs Spring Cloud
API Gateway, Zuul
https://www.youtube.com/watch?v=1vjOv_f9L8I
An API gateway is a vital component in any microservice architecture. - An Edge Service
1 Microservice acts as a Gateway for rest of microservices
1 Microservice acts as a Gateway for rest of microservices
API Gateway is an abstraction layer - a FACADE
If We have microservices URL and those URLs are directly used by Client UI Developers
it would create issues later if we would like to change them in future.
So, We can have a FACADE Layer which would abstract real URLS
This can be achieved by Using API Gateway - A kind of Edge Service
Netflix has an open source library for this purpose called "Zuul"
API Composition - Making 1 Microservice out of many other
Single Point of Entry
Monitoring System for Requests/Responses
External Contract ----------> Zuul Gateway ------> Internal Rest API
Advantages
- Monitoring
- Authentication
Disadvantages & Mitigation Steps
- Little bit Slow - 1 Additional Network Hop
- Single Point of Failure - You need to have multiple redundant Zuul Gateway to overcome it
- Backend for Frontend - Different Backend for Android, Apple, Web - Layers - Different API Gateway for Different Types of Frontend
Works on Filter Based Design Pattern
PreFilter
PostFilter
etc
Wednesday, March 10, 2021
Hystrix, Zuul, Eureka
"Hystrix" is a circuit-breaker Pattern created by
Netflix.
Its basically a fault-tolerance management library from spring
<!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-hystrix --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-hystrix</artifactId> <version>1.4.7.RELEASE</version> </dependency>
Spring Cloud Starter Hystrix
Spring Cloud Starter Hystrix (deprecated, please use spring-cloud-starter-netflix-hystrix)
"Zuul" -> API Gateway
"Eureka" -> Service Discovery
"Eureka" -> Service Discovery
Friday, March 5, 2021
Microservices -1 | Eventual Consistency | Transient Exception | Compensating Transaction|Timeout Retry
Hard Consistency - ACID does not apply to microservices
It may have been applicable via 2 Phase Commit in case of Distributed Transaction but the database was still the same
Now its time for Eventual Consistency
ACID on Local Transactions
Multiple steps in Transaction Boundary - Because its just 1
one fails, all Fails
Multiple steps in Transaction Boundary - Because its just 1
one fails, all Fails
Distributed Transactions
More than 1 Database
More than 1 Database
Using Multiple Local Transaction
One is committed, Another Fails
Compensatory Transaction(Workaround Steps) - Not Always a Good Practice
https://www.youtube.com/watch?v=jGJT1FRYGcY
Stale Data - Multiple Write -> Dual Write
One is committed, Another Fails
Compensatory Transaction(Workaround Steps) - Not Always a Good Practice
https://www.youtube.com/watch?v=jGJT1FRYGcY
Stale Data - Multiple Write -> Dual Write
Begin Txn
Lock
Mutate
Release Lock (Commit) or Rollback ---- Goto State
Lock
Mutate
Release Lock (Commit) or Rollback ---- Goto State
https://www.youtube.com/watch?v=pSz0Fpvu2Gk
Older Distributed Transaction or Monolithic Architecture
ACID Principles to Multiple External System
2 Phase Commit - Distributed Transactions - Not a Good Fit for Microservices
Older Distributed Transaction or Monolithic Architecture
ACID Principles to Multiple External System
2 Phase Commit - Distributed Transactions - Not a Good Fit for Microservices
Distributed Transaction - how ??
Saga
2 Phase Commit --- -Prepare and Commit --> 2 Phases
Prepare1 -> Prepared1 -> Commit1
Prepare2 -> Prepared2 -> Commit2
Commit1 + Commit2 = Commit ----Txn Cordinator ---> Application
Saga
2 Phase Commit --- -Prepare and Commit --> 2 Phases
Prepare1 -> Prepared1 -> Commit1
Prepare2 -> Prepared2 -> Commit2
Commit1 + Commit2 = Commit ----Txn Cordinator ---> Application
2 Phase Commit - Discouraged in Microservices -- HTTP Slowness, LOCKED Resource , Slow
Co-ordinator Fails ? What Then ?
Co-ordinator Fails ? What Then ?
3 Phase allows any Participant to be a Co-ordinator
2Phase / 3-Phase - biggest drawback is - they have a wrapper aroun TXN -
So its long living and synchronous
So its long living and synchronous
2 Phase is Okay for - Simple Monolithic Application
But Microservices is already slow,uses HTTP and now u put 2phase commit , Its worse
But Microservices is already slow,uses HTTP and now u put 2phase commit , Its worse
Asynchronous -- SAGA
Txn1 -> Message
Txn2 -> Message (If Failure, Then Rollback Message)
Txn1 -> Message
Txn2 -> Message (If Failure, Then Rollback Message)
Rollback Service will rollback Txns
https://thorben-janssen.com/data-and-communication-patterns-for-microservices-waitlist/
https://www.youtube.com/watch?v=SUQxXg229Xg
https://thorben-janssen.com/data-and-communication-patterns-for-microservices-waitlist/
https://www.youtube.com/watch?v=SUQxXg229Xg
https://youtu.be/H6F4BorD49g - Hussein Nasser
What is a Distributed Transaction in Microservices?
What 3 Methods
1)Atomic Clocks - Rollback The steps
2)Event Based - Kafka/Rabbit MQ -> Publish/Subscribe -> Reverse
3)MiniMonolith - MacroService [Combine homogenous txns in 1 Service]
Distributed Transactions - Txns between Multiple Processes - Each with their own commit/rollback
2)Event Based - Kafka/Rabbit MQ -> Publish/Subscribe -> Reverse
3)MiniMonolith - MacroService [Combine homogenous txns in 1 Service]
Distributed Transactions - Txns between Multiple Processes - Each with their own commit/rollback
Multiple Local Transactions - Dual Write - Inconsistencies
MiniMonolith - MacroService
Monorepo
Microservices
Monorepo
Microservices
Sunday, January 3, 2021
Microservices
https://www.youtube.com/watch?v=j1gU2oGFayY&list=RDCMUCYt1sfh5464XaDBH0oH_o7Q&index=2
Modularized Source code - Built Separately
Smushed Together -> 1 Deployment Entity
----------------------------------------------------------
Web Apps became complex
So deploying them as 1 Deployment unit was a challenge
Complexity increased Deployment Size
1 New Guy makes his 1st Commit -> and do we need to deploy whole thing all over again
Monolithic Architecture - "Smushed"
Sales -> Festivals -> Spike Traffic
Scalability for deployment
A small portion/module of App needs to be scaled - Not Whole App
What can be done better here ?
Test only 1 Sub App - 1 Microservice
Scale only that 1 Microservice
Talk to each other -> using Rest
Smaller Mini Applications instead of 1 Big Monolith
Advantages
2) Technology3) Scalable
1) Deployment Flexibilty
CONS/Disadvantages
1) Architecture - How to Split Services/Where???2) Service Discovery -> Which Services to call ?
Wednesday, December 30, 2020
OAUTH - What is OAUTH ?
What is OAUTH ?
OpenAuthorization
Used for Authorization not Authentication.
Delegated Authorization.
Its a framework - open standard.
-----------------------------------------------------------------------------
https://www.youtube.com/watch?v=t4-416mg6iU
https://www.youtube.com/watch?v=3pZ3Nh8tgTE
https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth
https://www.okta.com/identity-101/saml-vs-oauth/ - Do check video hosted here
https://www.varonis.com/blog/what-is-oauth/
https://www.geeksforgeeks.org/what-is-oauth-open-authorization/
https://www.youtube.com/watch?v=CWiwpvpCrro
-----------------------------------------------------------------------------
::Terminologies ::
Following are the actors ->
Resource -> A Protected Resource
Resource Owner -> Me/Myself
Resource Server -> "Service2" - Service Hosting resources - Google Drive
Client -> "Service1" - e.g. "Photo Printing Service"
-----------------------------------------------------------------------------
Examples
1) Valet Keys
2) Photo Printing Service
-----------------------------------------------------------------------------
1 service wants a resource of another service on behalf of owner
e.g. "Photo Printing Service" wants to access "Photos" of "Karan Kaw" which are hosted at "Google Drive"
So, "Karan Kaw" wants two services to talk to each other and share some protected-resource (Photo) - limited resources for a limited amount of time
So, Owner is using a service of a client
Client asks access to "resource" from "resource-server", But "resource-server" redirected to Authentication Page where "Owner" is validates and he is asked for "Grant Access Permission" for the resources to "Client"
Once "owner" Okays, resource-server provides a JWT Token to Client
Client then uses this "OAUTH JWT Token" to get access to resources as per allowed permissions whenever it wants, So its basically a "delegated authorisation" to Client from Owner to acess resources on his behalf from "resource-server"
OAUTH JWT Token is used because This Token can't be modified by anybody and it also has signature of Entity who created it.
-----------------------------------------------------------------------------
When trying to understand OAuth, it can be helpful to remember that OAuth scenarios almost always represent two unrelated sites or services trying to accomplish something on behalf of users or their software. All three have to work together involving multiple approvals for the completed transaction to get authorized.
-----------------------------------------------------------------------------
OAuth is a delegated authorization framework for REST/APIs. It enables apps to obtain limited access (scopes) to a user’s data without giving away a user’s password. It decouples authentication from authorization and supports multiple use cases addressing different device capabilities. It supports server-to-server apps, browser-based apps, mobile/native apps, and consoles/TVs.
You can think of this like hotel key cards, but for apps. If you have a hotel key card, you can get access to your room. How do you get a hotel key card? You have to do an authentication process at the front desk to get it. After authenticating and obtaining the key card, you can access resources across the hotel.
To break it down simply, OAuth is where:
App requests authorization from UserUser authorizes App and delivers proof
App presents proof of authorization to server to get a Token
Token is restricted to only access what the User authorized for the specific App
-----------------------------------------------------------------------------
Protected-Resource/Resource -> Photos
Resource-Owner -> User(Me)
Resource-Server -> Application2 ->
Client -> Application1 ->
-------------------------------------------------------------------
AuthServer/ResourceServer sends "AuthToken" to Client/Service1
Client/Service1 sends this token back to AuthServer and requests a AccessToken
AuthServer/ResourceServer sends "AccessToken" back to Client/Service1
Client/Service1 - will use this token - "AccessToken" to get access to Resources as directed by "AccessToken"
A little tweak
Sometimes AuthServer can hand "AccessToken" directly instead of "AuthToken" followed by "AccessToken"
-------------------------------------------------------------------
Bearer Tokens are the predominant type of access token used with OAuth 2.0.
A Bearer Token is an opaque string, not intended to have any meaning to clients using it.
Some servers will issue tokens that are a short string of hexadecimal characters, while others may use structured tokens such as JSON Web Tokens.
-------------------------------------------------------------------
There are 3 Components in OAuth Mechanism–
OAuth Provider – This is the OAuth provider Eg. Google, FaceBook etc.
OAuth Client – This is the website where we are sharing or authenticating the usage of our information. Eg. GeeksforGeeks etc.
Owner – The user whose login authenticates sharing of information.
OAuth can be implemented via google console for “Login/Sign Up with Google” on a web app.
Pattern to be Followed –
- Get OAuth 2.0 Client ID from Google API Console
- Next, Obtain an access token from the Google Authorization Server to access the API.
- Send the request with the access token to an API .
- Get Refresh token if longer access is required.
-------------------------------------------------------------------
Bearer Tokens
Bearer Tokens are the predominant type of access token used with OAuth 2.0.
A Bearer Token is an opaque string, not intended to have any meaning to clients using it.
Some servers will issue tokens that are a short string of hexadecimal characters, while others may use structured tokens such as JSON Web Tokens.
JSON Web Token (JWT, RFC 7519) is a way to encode claims in a JSON document that is then signed.
JWTs can be used as OAuth 2.0 Bearer Tokens to encode all relevant parts of an access token into the access token itself instead of having to store them in a database.
Bearer Authentication
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.”
The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources:
Authorization: Bearer <token>
-------------------------------------------------------------------
Use Case - OAuth
OAuth is used in Microservices Communication
This OAUTH usage in Microservices is called - "Client Credentials Flow"
Clients here are really superDuper Trustworthy because We wrote it yourself
Service1 ----> Service2[DB]
So, Each Service has a OAUTH Token - Which may be long living
We cannot have each Microservice talking to another Microservice
So, We basically try to restrict that kind of communication
So, We basically have OAUTH tokens which help in that objective
----------------------------------------------------------------------
JWT - Json Web Token
JWT pronounced as - "JAWT" - Yes, There is 'A' in Sound
JWT - is Base64 encoded Token
It has 3 parts - Header, Payload and Signature
Its contents are easily deciphered, so no private info should be inside it
Signature needs a key - which is possessed only by Auth Server
So, JWT can not be tampered with
It can be stolen as such as a whole by malicious person
So care must be taken when we share JWT token
----------------------------------------------------------------------
Subscribe to:
Posts (Atom)