cloud foundry cookbook: recipes for a successful cloud foundry deployment in production (cloud...
DESCRIPTION
Technical Track presented by Vinícius Carvalho, Senior Field Engineer at Pivotal. Cloud Foundry provides the foundation for your PaaS infrastructure. It streamlines deployment and turns your developers and your ops into super heroes when it comes to time to market. But what about your architecture? How should you build your services (or microservices)? How can you guarantee security is being enforced on every layer of your architecture? How can you solve cross-service dependencies? How can services discover each other? How could developers leverage an API explorer to test your services and build apps on top of it? How could you leverage a data pipeline to solve polyglot persistence and cascading operations on diverse persistence technologies? How can you monetize on top of your public services? How could you use a service registry to boost your models with extended metadata? This session presents a few recipes to demonstrate how to solve some of the problems found when applying cloud patterns to real business scenarios.TRANSCRIPT
© 2014!
RECIPES FOR A SUCCESSFUL CLOUDFOUNDRY PRODUCTION DEPLOYMENT!
Vinicius Carvalho – Pivotal @vccarvalho
I am a developer
CF power up
Challenges • Large distributed Systems : Failure becomes the norm not the excepAon
• Enhance developer experience of your API • Enforce security and access control of endpoints • Service discovery • Avoid duplicaAon
Give this to your developers
They will soon as for this
Powered by Swagger
Talking about services
Busin
ess V
alue
Reusability Biz
Services Biz
Services Biz
Services
Core Services
Core Services
Core Services
Core Services
Data Services
Data Services
Data Services
Data Services
Data Services
Data Services
Apps API
Core Biz Services
Who the hell are those?
Service Registry • Stores service informaAon – API endpoints – Security metadata (Access Control Lists, Roles) – Resource relaAonships – Quality of service – Extended Metadata
Service Registry Services
Instances
API
Endpoints
Security
UI Metadata
QOS
Billing
/api/apidocs!
GET /users!PUT /{id}!
GET /users! - ClientId: myapp! - roles: [USER,MANAGER]
!!
User : {! SSN: {! type: “string”,! selectable: false,! editable: false! }!}!
/search : {! limit : {! value : 300,! time: 3600,! unit: “seconds”! } !}!
/search : {! rate : {! currency : “USD”,! value : 0.10,! meterType: “UNIT”,! meterValue: 1000! }!}!
Cloud Controller
DEA Registry
GET /v2/events
GET /api/apidocs
push app + app MD
Router
UAA
NeUy Pipeline
GET /users!Authentication: Bearer <token>!
Service Proxy
User Service
Registry
Obtain metadata
Validate CredenAals QoS Billing
UAA
NeUy Pipeline
GET /users!Authentication: Bearer <token>!
Service Proxy
User Service
Registry
Data Filter
{!“firstname” : “joe”,!“lastname” : “doe”,!“comp” : 135,000.00!}!
Obtain metadata
Validate CredenAals QoS Billing
UAA
NeUy Pipeline
GET /users!Authentication: Bearer <token>!
Service Proxy
User Service
Outbound handler
Registry
Data Filter
Obtain metadata
Validate CredenAals QoS Billing
Outbound handler
{!“firstname” : “joe”,!“lastname” : “doe”,!}!
{!“firstname” : “joe”,!“lastname” : “doe”,!“comp” : 135,000.00!}!
Security • Don’t use LDAP for authorizaAon • Corporate LDAPs can be very polluted, move away from role
mapping and don’t add more noise to them
UAA
LDAP
AuthenAcate
{! "jti":"4657c1a8-b2d0-4304-b1fe-7bdc203d944f",! "aud":["openid","cloud_controller"],! "scope":["read"],! "email":"[email protected]",! "exp":138943173,! "user_id":"41750ae1-b2d0-4304-b1fe-7bdc24256387",! "user_name":"marissa",! "client_id":"vmc"!}!
ACLS
Biz Services
Data Services
Core Services
Make sure your rest client propagates the token for the next service
The Dark side of microservices architectures
• MulAple remote calls • EnAty relaAonships • Great arAcle by Chris Richardson : hUp://
www.infoq.com/arAcles/microservices-‐intro
Biz Services
Biz Services
Data Services
Data Services
Data Services
Data Services
Data Services
Data Services
Apps
Core Services
Core Services
Core Services
Core Services
Respon
se Tim
e
Biz Services
Biz Services
Data Services
Data Services
Data Services
Data Services
Data Services
Data Services
Apps
Core Services
Core Services
Core Services
Core Services
Respon
se Tim
e
Biz Services
Biz Services
Data Services
Data Services
Data Services
Data Services
Data Services
Data Services
Apps
Core Services
Core Services
Core Services
Core Services
Respon
se Tim
e
Biz Services
Biz Services
Data Services
Data Services
Data Services
Data Services
Data Services
Data Services
Apps
Core Services
Core Services
Core Services
Core Services
Respon
se Tim
e
TX Manager
Hibernate Session
TradiAonal web applicaAon
Controller
Service Repo
EnAty EnAty
Cascading operations are managed by the session factory
Ripple effect of enAty relaAonship
Product
Inventory
Orders Users
Event driven data services
Inventory Orders Users
{enAty: Product, Event: UPDATE}
Product
HTTP events
• High efficient server sent events using non blocking containers (JeUy 9, Tomcat 8, Spray, Play, NeUy)
• Use webhooks when comet/conAnuaAons are not possible
• Pubsubhubbub?
Product
GET /{id} PUT /{Id} POST / GET /events à SSE POST /hook/ à callback url
Polyglot persistence
Polyglot persistence
Data Service
{! "posts": [{! "id": "1",! "title": “The four levels of HA on pivotal CF",! "links": [{! ”author": {! "href": "http://blog.gopivotal.com/author/cdavis",! "id":”ffd5b644-b220-4f7c-efad-2dfee6768bb9” ! }]!}! }]!}!
EnAty RelaAonship
Data Service
Data Service
Data Service
Data Service
Thank you!