cloud foundry cookbook: recipes for a successful cloud foundry deployment in production (cloud...

© 2014!

RECIPES FOR A SUCCESSFUL CLOUDFOUNDRY PRODUCTION DEPLOYMENT!

Vinicius  Carvalho  –  Pivotal  @vccarvalho  

I  am  a  developer  

CF  power  up  

Challenges  •  Large  distributed  Systems  :  Failure  becomes  the  norm  not  the  excepAon  

•  Enhance  developer  experience  of  your  API  •  Enforce  security  and  access  control  of  endpoints  •  Service  discovery  •  Avoid  duplicaAon  

Give  this  to  your    developers  

They  will  soon    as  for  this  

Powered  by  Swagger  

Talking  about  services  

Busin

ess  V

alue

  Reusability  Biz  

Services  Biz  

Services  Biz  

Services  

Core  Services  

Core  Services  

Core  Services  

Core  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Apps   API  

Core  Biz  Services  

Who  the  hell  are  those?  

Service  Registry  •  Stores  service  informaAon  – API  endpoints  – Security  metadata  (Access  Control  Lists,  Roles)  – Resource  relaAonships  – Quality  of  service  – Extended  Metadata  

Service  Registry  Services  

Instances  

API  

Endpoints  

Security  

UI  Metadata  

QOS  

Billing  

/api/apidocs!

GET /users!PUT /{id}!

GET /users! - ClientId: myapp! - roles: [USER,MANAGER]

!!

User : {! SSN: {! type: “string”,! selectable: false,! editable: false! }!}!

/search : {! limit : {! value : 300,! time: 3600,! unit: “seconds”! } !}!

/search : {! rate : {! currency : “USD”,! value : 0.10,! meterType: “UNIT”,! meterValue: 1000! }!}!

Cloud  Controller  

DEA   Registry  

GET  /v2/events  

GET  /api/apidocs  

push  app  +  app  MD  

Router  

UAA  

     NeUy  Pipeline  

GET /users!Authentication: Bearer <token>!

Service  Proxy  

User  Service  

Registry  

Obtain  metadata  

Validate  CredenAals   QoS   Billing  

UAA  

     NeUy  Pipeline  

GET /users!Authentication: Bearer <token>!

Service  Proxy  

User  Service  

Registry  

Data  Filter  

{!“firstname” : “joe”,!“lastname” : “doe”,!“comp” : 135,000.00!}!

Obtain  metadata  

Validate  CredenAals   QoS   Billing  

UAA  

     NeUy  Pipeline  

GET /users!Authentication: Bearer <token>!

Service  Proxy  

User  Service  

Outbound    handler  

Registry  

Data  Filter  

Obtain  metadata  

Validate  CredenAals   QoS   Billing  

Outbound    handler  

{!“firstname” : “joe”,!“lastname” : “doe”,!}!

{!“firstname” : “joe”,!“lastname” : “doe”,!“comp” : 135,000.00!}!

Security    •  Don’t  use  LDAP  for  authorizaAon  •  Corporate  LDAPs  can  be  very  polluted,  move  away  from  role  

mapping  and  don’t  add  more  noise  to  them  

UAA  

LDAP  

AuthenAcate  

{! "jti":"4657c1a8-b2d0-4304-b1fe-7bdc203d944f",! "aud":["openid","cloud_controller"],! "scope":["read"],! "email":"marissa@test.org",! "exp":138943173,! "user_id":"41750ae1-b2d0-4304-b1fe-7bdc24256387",! "user_name":"marissa",! "client_id":"vmc"!}!

ACLS  

Biz  Services  

Data  Services  

Core  Services  

Make  sure  your  rest  client  propagates  the  token  for  the  next  service  

The  Dark  side  of  microservices  architectures  

•  MulAple  remote  calls  •  EnAty  relaAonships  •  Great  arAcle  by  Chris  Richardson  :  hUp://

www.infoq.com/arAcles/microservices-­‐intro  

Biz  Services  

Biz  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Apps  

Core  Services  

Core  Services  

Core  Services  

Core  Services  

Respon

se  Tim

e  

Biz  Services  

Biz  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Apps  

Core  Services  

Core  Services  

Core  Services  

Core  Services  

Respon

se  Tim

e  

Biz  Services  

Biz  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Apps  

Core  Services  

Core  Services  

Core  Services  

Core  Services  

Respon

se  Tim

e  

Biz  Services  

Biz  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Data  Services  

Apps  

Core  Services  

Core  Services  

Core  Services  

Core  Services  

Respon

se  Tim

e  

TX  Manager  

Hibernate    Session  

TradiAonal  web  applicaAon  

Controller  

Service   Repo  

EnAty   EnAty  

Cascading operations are managed by the session factory

Ripple  effect  of  enAty  relaAonship  

Product  

Inventory  

Orders   Users  

Event  driven  data  services  

Inventory   Orders   Users  

{enAty:  Product,  Event:  UPDATE}  

Product  

HTTP  events  

•  High  efficient  server  sent  events  using  non  blocking  containers  (JeUy  9,  Tomcat  8,  Spray,  Play,  NeUy)  

•  Use  webhooks  when  comet/conAnuaAons  are  not  possible  

•  Pubsubhubbub?  

Product  

GET  /{id}  PUT  /{Id}  POST  /    GET  /events  à  SSE  POST  /hook/  à  callback  url  

Polyglot  persistence  

Polyglot  persistence  

Data    Service  

{! "posts": [{! "id": "1",! "title": “The four levels of HA on pivotal CF",! "links": [{! ”author": {! "href": "http://blog.gopivotal.com/author/cdavis",! "id":”ffd5b644-b220-4f7c-efad-2dfee6768bb9” ! }]!}! }]!}!

EnAty    RelaAonship  

Data    Service  

Data    Service  

Data    Service  

Data    Service  

Thank  you!