Problems in the microserviceworld:

Authentication, communication, configuration and boundaries

Quentin ADAM - @waxzce

Who am I ?Quentin ADAM from the Clever Cloud

@waxzce on twitter – github- soundcloud – instagram ….

My day to day work : , the IT automation company

Keep your apps online. made with node.js,scala, java, ruby, php, python, go…

Cloud & on premise

And learn a lot of things about your code, apps, and good/bad design…

Give back to the community

NEVER GONNA LET YOU DOWN

clever-cloud.com

The beginning How Clever Cloud start?

How the roadmap was define.

Remote CodeExecutionas a Service

Dog container

We are happy

Multiple stacks

Scaling

Evolution

Team management

Architecture as a playgroundLego FTW

Microservice communication

NO TRUSTED NETWORKhttps://www.clever-cloud.com/blog/guests/2015/06/16/the-end-of-the-fortress-metaphor/

Server -> Server

• Authenticated

• Encrypted

• Auditable/logged

🔪

Loosely coupled

Routing is a problem

Message box

Duplicate messages

Analytic and audit

HTTP for all?

Messages brokers

• RabbitMQ• FR: https://www.youtube.com/watch?v=VBUQXM96hpw

• EN: https://www.youtube.com/watch?v=15mzY2MfDgM

• Kafka

• Redis?

• 0MQ?

• Warp10 / time series DB📬

Migrate to event source?

The right size?What is the boundaries of a microservice

Noisy Microworker army

Beware of (massive) RPC (Remote Procedure Call)

Network is two problems: Fragile and Slow

📦 Micro services is not Workload Distribution👁 akka, project orleans, Erlang OTP, hadoop…

One service do have to actually provide a service by itself

Fat monoliths

Micro service creating too much lib?

Why theses two functions are in the same services?Or can I 👁 it?

Does we have a common data store?

Does this features need the same scaling agenda?

Example Clever Cloud

Configuration on multiple spots

Configuration != Code

Zk, etcd, consul… So many possibilities

Reconfigure at runtime?

Hot reloading or live configuration? https://www.clever-cloud.com/blog/engineering/2017/07/24/hot-reloading-configuration-why-and-how/

Simpler way, never change on runtime

Immutable infrastructure (FR) https://www.youtube.com/watch?v=WrZCbgQsPVU

Agnostic solution: Environment variable

Clever Cloud service dependencies

https://www.clever-cloud.com/blog/features/2016/06/23/introducing-service-dependencies/

No over engineering on configuration, when you need to configure the configuration injector, you are too far 🖇

Who the hell are you?Distribute Authentication

Distribute Identity and ACL

Common solutions (or not)

Shared data repository

Redis

Service A (php)

Service C (java)

Service B

(nodejs)

Authentication using a proxy

Request

Reverse Proxy+

Database call+

Business code+

Authentication

Service A

Service B

Service C

Authenticated request with user identity

data

Central API call to authenticate request

RequestVia

reverse proxy

Service A

Service B

Service C

AuthentificationAPI

We need more tools

👁🔧🔩⛏⚒ 👁

Tokens

JWT

Macaroons

Keep hackable and pluggable playground to enforce innovations

Maintenance

Clean legacy code on regular basisWhy and how bookkeepers f***d up IT

FR https://www.youtube.com/watch?v=0ip1FoBsLB4

EN https://www.youtube.com/watch?v=OngWRJ8txps

Deployment agility

No dogma, full developer hapiness oriented architecture

Thank you

find me on twitter

@waxzce

Gift coupon for clever-cloud.com:

devopsCon17