microservices with netflix oss & hypermedia apis - javaday kiev
TRANSCRIPT
@andreasevers
Microservices & Hypermedia APIs
@andreasevers
WHOAMI
• Work for Ordina Belgium
• Open source enthusiast
• Spring contributor
• Speaker
• Technical lead & coding architect @ Proximus
• Marathon runner
@andreasevers
@andreasevers
Benefits
• Small, easy to understand code base • Easy to scale • Easy to throw away • Easy to deploy • Ability to use a different technology stack • Smaller teams • System resilience
@andreasevers
Pitfalls
“If you can't build a monolith, what makes you think microservices are the answer?”
Simon Brown
@andreasevers
Pitfalls
• Failing to adopt a contract-first approach • Assuming the wrong communication protocol • Introducing a shared domain model • Defining inappropriate service boundaries • Neglecting DevOps and testing concerns • Disregarding the human factor • Operational complexity not under control • Failing to embrace eventual consistency
@andreasevers
Netflix OSS
@andreasevers
Gateway
@andreasevers
Gateway – What’s the use? • Surgical Routing
@andreasevers
• Surgical Routing • Stress Testing • Canary Testing
Gateway – What’s the use?
@andreasevers
Gateway
µS µS µS µS µS µS
@andreasevers
• Surgical Routing • Stress Testing • Canary Testing • Request authentication & authorization • Choosing origin servers
Gateway – What’s the use?
@andreasevers
• Surgical Routing • Stress Testing • Canary Testing • Request authentication & authorization • Choosing origin servers • Routing the request to an origin • Logging debug info • Adding headers to the request and response • Gathering statistics and metrics • Filter error handling • Generate static responses
Gateway – What’s the use?
@andreasevers
• Surgical Routing • Stress Testing • Canary Testing • Request authentication & authorization • Choosing origin servers • Routing the request to an origin • Logging debug info • Adding headers to the request and response • Gathering statistics and metrics • Filter error handling • Generate static responses • Load Shedding
Gateway – What’s the use?
@andreasevers
• Surgical Routing • Stress Testing • Canary Testing • Request authentication & authorization • Choosing origin servers • Routing the request to an origin • Logging debug info • Adding headers to the request and response • Gathering statistics and metrics • Filter error handling • Generate static responses • Load Shedding • Dynamic behavior change
Gateway – What’s the use?
@andreasevers
@andreasevers
@andreasevers
@andreasevers
Service Registry
Service Registry
loyalty
user billing
billing’
loyalty user user origin
Origin 1
Origin 2 billing
loyalty origin
@andreasevers
Service Registry
Service Registry
loyalty
user billing
billing’
loyalty user
billing user origin
Origin 1
Origin 2
loyalty origin
@andreasevers
billing
Service Registry
Service Registry
loyalty
billing
billing’
loyalty user user origin
loyalty origin
Origin 1
user
billing’
billing Origin 2
@andreasevers
Service Registry
Service Registry
loyalty user user origin
loyalty origin
Origin 1 billing Origin
2
Service Registry
loyalty user user origin
loyalty origin
Origin 1 billing Origin
2
loyalty
Cached Registry
@andreasevers
Service Registry
@andreasevers
@andreasevers
@andreasevers
Circuit Breaker
Backend µS
@andreasevers
Circuit Breaker
Backend µS
@andreasevers
Circuit Breaker Gateway
µScustomer µSuser µSloyalty µScustomer µSloyalty
Backends
@andreasevers
Circuit Breaker - Fallbacks
@andreasevers
Circuit Breaker
Backend µS
stream
information
@andreasevers
Circuit Breaker - Dashboard
@andreasevers
Circuit Breaker - Dashboard
@andreasevers
Circuit Breaker - Dashboard
@andreasevers
Config
µScustomer
µSuser
µSloyalty
Config Server
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Metrics & Admin
@andreasevers
Contracts & loose coupling We can achieve this by using Hypermedia
@andreasevers
Hypermedia
Hypermedia As The Engine Of Application State
@andreasevers
Hypermedia
h8ps://vimeo.com/20781278
Sub-constraints:• IdenDficaDonofresources(URIs)• ManipulaDonviarepresentaDons(request&
responsebodies)
• Self-descripDvemessages(headers)• HypermediaastheengineofapplicaDonstate
HTTPasapplica+onprotocol
@andreasevers
Hypermedia
h8ps://vimeo.com/20781278
Sub-constraints:• IdenDficaDonofresources(URIs)• ManipulaDonviarepresentaDons(request&
responsebodies)
• Self-descripDvemessages(headers)• HypermediaastheengineofapplicaDonstate
Ifyoudon’tdothis
Thenyoudon’tadheretothis
Andyouaremissingoutonthese
@andreasevers
Why Hateoas?
• Updating server-side web APIs only to learn that client applications no longer work as expected without undergoing code updates
• Moving long-lived server applications to a new DNS name (e.g. from www.belgacom.be to www.proximus.be) and having to completely rewrite all of the API documentation as well as update all existing client code with all its links to the server’s APIs
• Implementing new or modified process flow within the server-side application and discovering that existing clients break when encountering the new rules, ignore the rules, or, worse, continue to execute their own code in a way that creates invalid results on the server
@andreasevers
Hateoas In Action
@andreasevers
@andreasevers
@andreasevers
@andreasevers
@andreasevers
@andreasevers
Hateoas in action
How would you explain to a client to get to the Nerd in the Basement painting? A. Go to Amazon.com, in the categories go to fine arts, follow
paintings, more specifically oil paintings, and click on the one with the title Nerd in the Basement
B. Type http://www.amazon.com/Nerd-in-the-Basement/dp/B00L849CSS/ref=lp_6685279011_1_2?s=art&ie=UTF8&qid=1431864368&sr=1-2 in your browser
@andreasevers
Hateoas in action
HTML is a hypermedia format <a> is a link with method GET <form> is a link with method POST (or other if specified)
The browser understands this syntax and shows a link or a form if the server response contains these tags
@andreasevers
Hateoas Requirements
Communication between Client and Server depends on:
• Where does the client have to start? • Root API • In regular websites: the homepage
• Where am I? • How do I interpret the current API response? • In regular websites: the syntax of HTML is interpreted by the browser
• Where can I go? • What does a link or form with a certain relation or class mean? • In regular websites: link with relation “stylesheet”, form with action “login”
@andreasevers
Hateoas in action
Amazon.com (and any other website in the whole world wide web) applies Hateoas. Why wouldn’t your API do the same?
@andreasevers
Hateoas Benefit: Runtime action discovery
GET /account/12345 HTTP/1.1 HTTP/1.1 200 OK <?xml version="1.0"?> <account>
<account_number>12345</account_number> <balance currency="usd">100.00</balance> <link rel="deposit" href="/account/12345/deposit" /> <link rel="withdraw" href="/account/12345/withdraw" /> <link rel="transfer" href="/account/12345/transfer" /> <link rel="close" href="/account/12345/close" />
</account>
@andreasevers
Hateoas Benefit: Runtime operation discovery
GET /account/12345 HTTP/1.1 HTTP/1.1 200 OK <?xml version="1.0"?> <account>
<account_number>12345</account_number> <balance currency="usd">-25.00</balance> <link rel="deposit" href="/account/12345/deposit" />
</account>
@andreasevers
Hateoas Concern: Scope
In case of one or two clients built in the same team, it is arguable whether auto-discoverability is really a necessity
@andreasevers
Hateoas Benefit: Non-structural Changes
“customers/1/accounts/1/products/1234” auto-discoverable through HATEOAS as “customers[1].accounts[1].products[1234]” will not break when 1234 as id is changed to “basementNerd”
@andreasevers
Hateoas Concern: Structural Changes
“customers/1/accounts/1/products/1234” auto-discoverable through HATEOAS as “customers[1].accounts[1].products[1234]” could break when accounts are bypassed
@andreasevers
Hateoas Benefit: Changing the URI of a resource “customers/1/accounts/1/products/1234” being returned as part as the response body of “customers/1/accounts/1” will not break the client
@andreasevers
Content Types
"text/html" • Browsers know how to parse it • Browsers understand keywords inside it
• E.g: a + href , form + action + method , ...
"application/json" or "application/xml“
• Clients know how to parse it • Clients don’t understand keywords inside it • Needs a uniform format as communication between client & server • Needs a reference for out-of-bound (api-specific) keywords
@andreasevers
Content Types
• JSON • NOT hypermedia-aware by default • Needs a fixed format to support links and forms • Many formats available
• XHTML • IS hypermedia-aware by default • Harder to process XHTML responses using javascript (xpath is required) • The API responses can also be read by a human as regular HTML pages
• SVG, Atom, HTML • Similar as XHTML but not preferred
@andreasevers
JSON Formats • JSON-LD
• Augmenting existing APIs without introducing breaking changes • Needs HYDRA as a vocabulary for communicating operations • Decoupling of API serialization format & communication format
• HAL • Minimal, light weight syntax and semantics • Offers most of the benefits of using a hypermedia type • Easy to convert existing API to HATEOAS • Chosen and supported by Spring • No support for specifying operations
• Collection+JSON • Can list queries that your collection supports and templates that clients can use to alter your
collection • Great for publishing user editable data
• SIREN • Represents generic classes of items • Supports operations • Concept of classes, bringing a sense of type information to your API responses.
@andreasevers
Considerations
Maturity
Client implementation
Caching
Versioning
@andreasevers
Documentation
h8ps://speakerdeck.com/ankinson/documenDng-resTul-apis-webinar
@andreasevers
What should you document
Resources
Links
Cross-cutting concerns
@andreasevers
What shouldn’t you document
URIs
@andreasevers
What does it look like when you get it wrong?
@andreasevers
What does it look like when you get it right?
@andreasevers
Swagger
Doesn’t support Hypermedia
@andreasevers
Swagger
It’s URI centric
@andreasevers
Swagger
It’s leaky
@andreasevers
Swagger
It’s huge
@andreasevers
Best practices for documentation
Write as much as possible in a format which is designed for writing Don’t use the implementation to provide the documentation Provide some guarantees that the documentation is accurate
h8ps://github.com/spring-projects/spring-restdocs
@andreasevers
Thank you for your attention
@andreasevers
https://github.com/oraj-360 http://registry.oraj360.cfapps.io/ https://netflix.github.io/ http://projects.spring.io/spring-cloud/ http://projects.spring.io/spring-hateoas/ https://github.com/spring-projects/spring-restdocs