Microservice Architectures With Spring Cloud and Docker

This article provides a starting point for understanding common Microservice architecture patterns by example of a proof-of-concept application built with Spring Boot, Spring Cloud, and Docker.The code is available on Github, and images are available on Docker Hub. You can start the whole system with just one command.As a basis for this system I chose an old project, whose backend used to be a monolith. The application provides a way to deal with personal finances, organize incomes and expenses, manage savings, analyze statistics, and create simple forecasts.Functional ServicesThe monolith application was decomposed into three core microservices. All of them are independently deployable applications, organized around certain business capabilities.Account ServiceContains general user input logic and validation: incomes/expenses items, savings, and account settings.MethodPathDescriptionUser authenticatedAvailable from UIGET/accounts/{account}Get specified account dataGET/accounts/currentGet current account data××GET/accounts/demoGet demo account data (pre-filled incomes/expenses items, etc)×PUT/accounts/currentSave current account data××POST/accounts/Register new account×Statistics ServicePerforms calculations on major statistics parameters and captures time series for each account. A datapoint contains values normalized to base currency and time period. This data might be used to track cash flow dynamics in an account's lifetime.MethodPathDescriptionUser authenticatedAvailable from UIGET/statistics/{account}Get specified account statisticsGET/statistics/currentGet current account statistics××GET/statistics/demoGet demo account statistics×PUT/statistics/{account}Create or update time series datapoint for specified accountNotification ServiceStores a user's contact information and notification settings (like remind and backup frequency). Scheduled worker collects required information from other services and sends e-mail messages to subscribed customers.MethodPathDescriptionUser authenticatedAvailable from UIGET/notifications/settings/currentGet current account notification settings××PUT/notifications/settings/currentSave current account notification settings××NotesEach microservice has it's own database, so there is no way to bypass the API and access persistance data directly.For this project, I used MongoDB as the primary database for each service. It also might make sense to have a polyglot persistence architecture (to сhoose the type of database that is best suited to the service requirements).Service-to-service communication is quite simplified: microservices talking using only synchronous REST API. Common practice in a real-world systems is to use combination of interaction styles. For example, perform synchronous GET request to retrieve data and use asynchronous approach via Message broker for create/update operations in order to decouple services and buffer messages. However, this brings us in eventual consistency world.Infrastructure ServicesThere's a bunch of common patterns in distributed systems, which could help us to make described core services work. Spring cloud provides powerful tools that enhance Spring Boot applications behaviour to implement those patterns. I'll cover them briefly.Config ServiceSpring Cloud Config is horizontally scalable centralized configuration service for distributed systems. It uses a pluggable repository layer that currently supports local storage, Git, and Subversion. In this project, I use native profile, which simply loads config files from the local classpath. You can see shareddirectory in Config service resources. Now, when Notification-service requests it's configuration, Config service responses with shared/notification-service.yml and shared/application.yml (which is shared between all client applications).Client-side UsageJust build Spring Boot application with spring-cloud-starter-config dependency, autoconfiguration will do the rest.Now you don't need any embedded properties in your application. Just provide bootstrap.yml with the application name and Config service url:spring: application: name: notification-service cloud: config: uri: http://config:8888 fail-fast: trueWith Spring Cloud Config, You Can Change App Configuration DynamicallyFor example, the EmailService bean was annotated with @RefreshScope. That means you can change e-mail text and subject lines without rebuilding and restarting the Notification service application.First, change the required properties in the Config server. Then, perform the refresh request to the Notification service: curl -H "Authorization: Bearer #token#" -XPOST could also use webhooks to automate this process.NotesThere are some limitations for dynamic refreshes though. @RefreshScope doesn't work with @Configuration classes and can't affect @Scheduled methods.fail-fast property means that the Spring Boot application will fail startup immediately if it cannot connect to the Config Service. That's very useful when you're starting all applications together.There are significant security notes below.Auth ServiceAuthorization responsibilities are completely extracted to separate server, which grants OAuth2 tokens for backend resource services. Auth Server is used for user authorization as well as for secure machine-to-machine communication inside a perimeter.In this project, I use Password credentials as a grant type for user authorization (since it's only used by the native application UI) and Client Credentials as a grant type for microservices authorization.Spring Cloud Security provides convenient annotations and autoconfigurations to make this really easy to implement from both the server and client side. You can learn more about it in the documentation and check configuration details in Auth Server code.From the client side, everything works exactly the same as with traditional session-based authorization. You can retrieve Principal objects from request, check user roles and other stuff with expression-based access control and @PreAuthorize annotation.Each client in PiggyMetrics (account-service, statistics-service, notification-service and browser) has a scope: serverfor backend services, and ui - for the browser. So we can also protect controllers from external access, for example:@PreAuthorize("#oauth2.hasScope('server')") @RequestMapping(value = "accounts/{name}", method = RequestMethod.GET) public List getStatisticsByAccountName(@PathVariable String name) { return statisticsService.findByAccountName(name); }API GatewayAs you can see, there are three core services, which expose external APIs to the client. In a real-world system, this number can grow very quickly as well as whole system complexity. Actuallyy, hundreds of services might be involved in rendering one complex webpage.In theory, a client could make requests to each of the microservices directly. But obviously there are challenges and limitations with this option, like necessity to know all endpoints addresses, perform http request for each peace of information separately, merge the result on a client side. Another problem is non-web-friendly protocols, which might be used on the backend.Usually a much better approach is to use an API Gateway. It is a single entry point into the system, used to handle requests by routing them to the appropriate backend service or by invoking multiple backend services and aggregating the results. Also, it can be used for authentication, insights, stress and canary testing, service migration, static response handling, active traffic management.Netflix open sourced such an edge service, and now with Spring Cloud we can enable it with one @EnableZuulProxyannotation. In this project, I use Zuul to store static content (UI application) and to route requests to the appropriate microservices. Here's a simple prefix-based routing configuration for the Notification service:zuul: routes: notification-service: path: /notifications/** serviceId: notification-service stripPrefix: false That means all requests starting with /notifications will be routed to Notification service. There is no hardcoded address, as you can see. Zuul uses Service discovery mechanism to locate Notification service instances and also Circuit Breaker and Load Balancer, described below.Service DiscoveryAnother commonly known architecture pattern is service discovery. It allows automatic detection of network locations for service instances, which could have dynamically assigned addresses because of auto-scaling, failures, and upgrades.The key part of service discovery is the registry. I used Netflix Eureka for this project. Eureka is a good example of the client-side discovery pattern, when the client is responsible for determining the locations of available service instances (using a registry server) and load balancing requests across them.With Spring Boot, you can easily build Eureka Registry with a spring-cloud-starter-eureka-server dependency, @EnableEurekaServer annotation, and simple configuration properties.Client support is enabled with @EnableDiscoveryClient annotation and bootstrap.yml with application name:spring: application: name: notification-serviceNow, on application startup, it will register with Eureka Server and provide meta-data, such as host and port, health indicator URL, home page, etc. Eureka receives heartbeat messages from each instance belonging to a service. If the heartbeat fails over a configurable timetable, the instance will be removed from the registry.Also, Eureka provides a simple interface, where you can track running services and the number of available instances: http://localhost:8761Load Balancer, Circuit Breaker, and Http ClientNetflix OSS provides another great set of tools. RibbonRibbon is a client side load balancer which gives you a lot of control over the behavior of HTTP and TCP clients. Compared to a traditional load balancer, there is no need of an additional hop for every over-the-wire invocation — you can contact the desired service directly.Out of the box, it natively integrates with Spring Cloud and Service Discovery. Eureka Client provides a dynamic list of available servers so Ribbon could balance between them.HystrixHystrix is the implementation of a Circuit Breaker pattern, which gives a control over latency and failure from dependencies accessed over the network. The main idea is to stop cascading failures in a distributed environment with a large number of microservices. That helps to fail fast and recover as soon as possible — important aspects of fault-tolerant systems that self-heal.Besides circuit breaker control, with Hystrix you can add a fallback method that will be called to obtain a default value in case the main command fails.Moreover, Hystrix generates metrics on execution outcomes and latency for each command, that we can use to monitor system behavior.FeignFeign is a declarative HTTP client, which seamlessly integrates with Ribbon and Hystrix. Actually, with one spring-cloud-starter-feign dependency and @EnableFeignClients annotation you have a full suite of a load balancer, circuit breaker, and HTTP client with a sensible ready-to-go default configuration.Here is an example from Account Service:@FeignClient(name = "statistics-service") public interface StatisticsServiceClient { @RequestMapping(method = RequestMethod.PUT, value = "/statistics/{accountName}", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE) void updateStatistics(@PathVariable("accountName") String accountName, Account account); }Everything you need is just an interfaceYou can share @RequestMapping part between Spring MVC controller and Feign methodsAbove example specifies just desired service id - statistics-service, thanks to autodiscovery through Eureka (but obviously you can access any resource with a specific url)Monitor DashboardIn this project configuration, each microservice with Hystrix on board pushes metrics to Turbine via Spring Cloud Bus (with AMQP broker). The Monitoring project is just a small Spring boot application with Turbine and Hystrix Dashboard.Let's see our system behavior under load: Account service calls Statistics service and it responses with a vary imitation delay. Response timeout threshold is set to 1 second.0 ms delay500 ms delay800 ms delay1100 ms delayWell behaving system. The throughput is about 22 requests/second. Small number of active threads in Statistics service. The median service time is about 50 ms.The number of active threads is growing. We can see purple number of thread-pool rejections and therefore about 30-40% of errors, but circuit is still closed.Half-open state: the ratio of failed commands is more than 50%, the circuit breaker kicks in. After sleep window amount of time, the next request is let through.100 percent of the requests fail. The circuit is now permanently open. Retry after sleep time won't close circuit again, because the single request is too slow.Log AnalysisCentralized logging can be very useful when attempting to identify problems in a distributed environment. Elasticsearch, Logstash, and Kibana stack lets you search and analyze your logs, utilization and network activity data with ease. Ready-to-go Docker configuration is described in my other project.SecurityAn advanced security configuration is beyond the scope of this proof-of-concept project. For a more realistic simulation of a real system, consider using https and JCE keystore to encrypt microservices passwords and Config server properties content (see documentation for details).Infrastructure AutomationDeploying microservices, with their interdependence, is a much more complex process than deploying a monolith application. It is important to have a fully automated infrastructure. We can achieve following benefits with a Continuous Delivery approach:The ability to release software anytime.Any build could end up being a release.Build artifacts once, deploy as needed.Here is a simple Continuous Delivery workflow, implemented in this project:In this configuration, Travis CI builds tagged images for each successful Git push. So there is  always a latest image for each microservice on Docker Hub and older images are tagged with Git commit hash. It's easy to deploy any of them and quickly roll back, if needed.How to Run All the Things?It's really easy and I suggest you to try. Keep in mind, that you are going to start 8 Spring Boot applications, 4 MongoDB instances, and RabbitMq. Make sure you have 4 Gb RAM available on your machine. You can always run just vital services though Gateway, Registry, Config, Auth Service, and Account Service.Before You StartInstall Docker and Docker Compose.Export environment variables: CONFIG_SERVICE_PASSWORD, NOTIFICATION_SERVICE_PASSWORD, STATISTICS_SERVICE_PASSWORD, ACCOUNT_SERVICE_PASSWORD, MONGODB_PASSWORDProduction ModeIn this mode, all of the latest images will be pulled from Docker Hub. Just copy docker-compose.yml and hit docker-compose up -d.Development ModeIf you'd like to build images yourself (with some changes in the code, for example), you have to clone all repository and build artifacts with Maven. Then, run docker-compose -f docker-compose.yml -f docker-compose.dev.yml up -ddocker-compose.dev.yml inherits docker-compose.yml with additional possibility to build images locally and expose all containers ports for convenient development.Important Endpointslocalhost:80 - Gatewaylocalhost:8761 - Eureka Dashboardlocalhost:9000 - Hystrix Dashboardlocalhost:8989 - Turbine stream (source for Hystrix Dashboard)localhost:15672 - RabbitMq managementNotesAll Spring Boot applications require already running Config Server for startup. But we can start all containers simultaneously because of fail-fast Spring Boot property and restart: always docker-compose option. That means all dependent containers will try to restart until Config Server will be up and running.Also, Service Discovery mechanism needs some time after all applications startup. Any service is not available for discovery by clients until the instance, the Eureka server and the client all have the same metadata in their local cache, so it could take 3 hearbeats. Default hearbeat period is 30 seconds. Read more

5 Benefits of Android for Businesses Seeking an Enterprise Application

As per a study published on Fliplet.com titled “Ten enterprise mobility statistics that may surprise you,” by 2015 the number of mobile workers will surpass 1.3 billion globally. Further, as per a mobility survey by CIONET in 2013, Apple ruled the roost at 65% for enterprise application development, Android was a close second with 55% market share. We elaborate here on the top 5 Android app development benefits for businesses seeking an enterprise application.Low InvestmentAndroid is an open-source platform and the software development kit (SDK) is freely available to developers. Further, being a Java-based platform, it is easy to master and execute. There are three stages to development on Android:Application developmentApp testingDeployment to Android App StoreAlso, with Material Design, Android app developers can add intricate details at a very low cost, giving the best ROI.BYOD PreferenceFigure 1: Source: IDC, Aug, 2015 (http://www.idc.com/prodserv/smartphone-os-market-share.jsp)From the pie diagram above, the market share of Android becomes quite evident. For companies that are adopting bring your own device (BYOD) policy, it is feasible to opt for Android as the enterprise app development platform because Android is available on a wider variety of devices to users of all economic groups.Easy Customization Android offers versatility with easy customization options, thus enabling developers to create applications with diverse functionalities. Whether it is complex technical customization or web application integration, Android provides ample space for executing customizations. The platform is designed to accommodate the varying requirements of business. It offers flexibility to integrate communication tools, data management functions, and multimedia tools with easy updates.Security and DistributionGoogle rolled out major security fixes in 2012 across the Android platform, making it a highly secure platform. It further pushed an address space layout customization making it extremely difficult for malware to locate data structure for executing codes. Further, an automated system pushes periodic notifications to users to decrypt their devices. For distribution, Android apps can be marketed via various marketing channels and can be easily found in the marketplace.Wearable DevicesWearable devices are fast gaining traction amongst businesses for the quick communication that can be pushed via smartwatch notifications. As per statistics provided on bolston-technology.com, 54% of enterprises already have a bring your own wearable (BYOW) policy, and 40% are planning to adopt it soon.If your company is designing its mobile strategy and considering a single stable platform to start development with, Android app development is a feasible option. The platform gives width for the applications to grow and expand as per the needs of the company with easy feature integration.The industry average to develop and launch an application on Android platform is 8 to 18 weeks based on a study by fliplet.com. If you want to implement a mobile strategy in the shortest span, Android will be the most recommended platform for its market perpetuation and ease in development.Related Refcard:Code Gems for Android Developers Read more

Google I/O: Android N, Wear 2.0, VR Platforms and Messaging Apps

Events like Google I/O, WWDC and F8 are the most exciting for developers across the world. The anticipation of new product announcements, operating systems and APIs all comes to a head when we get to keynote time. Wednesday's Google I/O keynote delivered on all fronts. Here what you get on day one of Google I/O:  Android Wear 2.0, a new beta of Android N, a huge update to Firebase, instant apps, a new VR platform, new communication apps, a smart speaker, and some news on Android Auto.  To be honest, it's a huge and overwhelming list of things, so bear with me as I give you a brief overview of the headlines. We'll take a look at the "products" after we focus on what's of interest to app developers Android N A new developer preview of Android N was made available today. So far we've seen a new JIT compiler that improves performance and takes up less storage. Alongside that we've had Multi-Window support as well as direct replies within the notification interface. The most recent developer preview brought about Vulkan, a 3D rendering API for game developers. So what does this latest preview bring?First there's a VR Mode for Android to support Daydream, which you'll see later in this article. Android Studio 2.2 gets a big update which includes a new layout designer with a new constraint layout. There's also test recording, faster builds, an APK analyzer and Firebase support.  There are a nuber of improvements to Android Pay. It's now open to all developers selling where Pay is available.The updates make it easier for users to add loyalty and gift cards, along with better mobile web payments. Finally, there are updates to Google Play Services, now moving into the 9.0 version. You'll get a new native ads format, improvements to Nearby Messages, and a video recording API.Android Wear 2.0 You can now get the  developer preview for Android Wear 2.0. New features include Standalone Apps, where an app can access the internet directly, even when your paired phone isn't close by, or turned off. There's also a number of UI changes for notifications, and that make better use of round displays.A set of guidelines on Material Design for Wearables have been published to help you get the most out of your app design.Using the Complications API, any app can show data on any watch face that implements the API. This makes it easier to launch apps from the watch face, and will provide much more variety in what you'll see appear in watch faces in the near future. There are also some improvements to input methods, the Google Fit platform and, obviously, support for Android N features like Data Saver and Java 8 Lambda support. Overall, it's a neat iteration on the current Android Wear SDK. Android Instant AppsThis one was a surprise. Instant Apps is Google's response to those who say that it's easier to have users engaged in web apps, as there's no installation overhead. With this previewed feature, apps can be run by clicking on a URL without any need to install the app. Google claim there are no major changes to source code required - if the app is modularized, Google Play will just download the parts that are needed. It just works with a few selected partners right now, and will be expanded to all developers later on in the year. The best news is that it works all the way back to Jelly Bean, so you won't need users to have the Android N installed. This is certainly a feature to watch with interest.FirebaseFirebase has been expanded to become a unified app platform, going beyind the Realtime Database, User Authentication and Hosting features to give lots more for apps on iOS and the mobile web, as well as Android. The new Firebase is a single SDK that gives you all this plus analytics, remote config, crash reporting, test lab, notifications, dynamic links, invites, AdWords and AdMobs. It's huge news for developers, and does more than fill the void that has been left in the app world since Parse shut down earlier this year. Find out more about it at firebase.google.com.Daydream VRWith Daydream, Google are providing a virtual reality platform built on top of Android N, which is expected to be available in Q3 this year.  As well as requiring more powerful phones, it will just run on Android N and also needs specific sensors.  Using a special headset and controller, the viewer is brought into an immersive experience. With VR versions of a number of core apps like YouTube, StreetView and Google Play Store, a number of large media companies are also getting involved, such as Netflix, Ubisoft and EA. Google Home Amazon Echo has had the smart speaker market to itself for a while now, but that changes with as yet undated and unpriced release of Google Home. With Home, you can use voice commands to play music, control lights and more. It seems to be a little smaller than the Echo, and will come in a variety of colors and materials. If it works as well as presented in the video below, it could easily beat the Echo for market share. New Apps for Messaging and Video CallingAt Google I/O, we saw the release of two new apps. The first, Allo, is Google's smart messaging app. It gives Google a chance to compete with Facebook Messenger and WhatsApp, although the crucial feature will be Google Assistant. The Assistant is the latest in a series of smart chat bots that we're seeing pop up everywhere. It allows Google to get information on everything from your agenda for the day, to flight statuses and finding a restaurant for you.  It also includes features such as Smart Reply, which you'll have seen in Inbox, which learns your behaviour over time, including your response style. Meanwhile, Duo, is Google's answer to Facetime, a video calling apps with crisp HD video. The differentiating feature here is Knock Knock, which shows you a live video preview of the caller before you answer! Both apps will be available on Android and iOS this summer. Of course, if you missed the live event, you can catch up on the entire keynote on YouTube. Read more

Senate committee questions Facebook over news selection

A U.S. Senate committee launched an inquiry on Tuesday into how social media website Facebook selects its news stories after a report that company employees blocked news about conservative issues from its "trending" list.The Senate Committee on Commerce, Science and Transportation asked Facebook Chairman and Chief Executive Mark Zuckerberg in a letter to answer questions about the company's news curation practices and its trending topics section.The investigation comes after Gizmodo reported on Monday that a former Facebook employee claimed workers "routinely suppressed news stories of interest to conservative readers," while "artificially" adding other stories to the trending list.U.S. Senator John Thune, the chairman of the committee, told reporters Tuesday his primary concern was that Facebook may be engaging in deceptive behavior if employees meddled with what trending news was displayed.“If you have a stated policy, which your followers or your audience knows to be the case, that you use an objective algorithm for trending topics -- you better follow that policy,” Thune said. “It’s a matter of transparency and honesty and there shouldn’t be any attempt to mislead the American public.”The letter to Facebook includes requests for information on the organizational structure for the "Trending Topics feature." Adam Jentleson, deputy chief of staff to Democratic Senator Harry Reid, balked at the request in a statement provided to Reuters."The Republican Senate refuses to hold hearings on [Supreme Court nominee] Judge [Merrick] Garland, refuses to fund the president’s request for Zika aid and takes the most days off of any Senate since 1956, but thinks Facebook hearings are a matter of urgent national interest," Jentleson said.A Facebook spokesman said it had received Thune's request for more information about how "Trending Topics" works. "As we investigate, we will also keep reviewing our operational practices around Trending Topics — and if we find they are inadequate, we will take immediate steps to fix them," the spokesperson said.Tom Stocky, the vice president of search at Facebook, responded to the allegations Monday night in a lengthy post published to the social media site saying there are "strict guidelines" for trending topic reviewers who "are required to accept topics that reflect real world events." He added that those guidelines are under "constant review" and that his team would "continue to look for improvements." Katie Drummond, the editor-in-chief of Gizmodo, called her publication's story "accurate" in a statement released to Reuters Tuesday.Gizmodo's report alarmed several social media users, with some conservatives in particular criticizing Facebook for alleged bias."'If a Conservative Speaks - and Facebook Censors Him - Does He Make a Sound?'" Wisconsin Governor Scott Walker (@ScottWalker) wrote on Twitter Tuesday, with a link to a National Review story that detailed the allegations against Facebook. (Reporting By Amy Tennery; additional reporting by Dustin Volz in Washington; Editing by Alan Crosby) Read more

If It's Blue, Let It Through – Opera Raises the Bar on Internet Security

As more and more aspects of our daily lives intersect with the internet, it is important to be aware of just how easily your actions can be tracked, recorded, and potentially used against you.Countries like Australia legally require ISPs to participate in mandatory data retention schemes which means that information like your IP address and details of your communications are available to government bodies. This is why I am so excited about the integration of a VPN service with Opera.Having invested in a VPN service since my own ISP was legally compelled to track aspects of my internet usage, the idea that I can get much the same functionality for free has obvious appeal. A VPN is pretty much a commodity these days, so being able to remove that monthly cost just by switching browsers is a good deal.Beyond just costs though, Opera has solved one of the biggest issues with VPNs by providing an easy way for non-technical users to know if they are being protected.A VPN is, by design, transparent to the end user. Once a connection is established it is actually quite difficult to tell if your internet traffic is passing through a VPN. How do you establish a behaviour of secure browsing in people who are just interested in finding out what happened on Facebook in the last 10 minutes when verifying that a VPN is active requires jumping into another application or opening a website that will extract your public IP address?Opera provides a very simple feedback loop to verify your online protection. There is now a very simple saying that anyone can remember:If it’s blue, let it through. If it’s yellow, your online actions are more likely to be tracked by governments agencies and internet organizations who may not have your best interests in mind.Okay, that yellow bit is not as catchy as it could be, but you get the idea.Of course, VPNs are no guarantee that your online actions are safe from prying eyes. SurfEasy, the VPN company bought by Opera, claims to be “a No Log network”, but how sure can anyone actually be that logs are not being kept somewhere? There is also some contention around the use of the term VPN, with Opera coming up with a new term “Browser VPN” to describe this new functionality:In our case, we are coming with a new term: a browser VPN – and our goal is that all the network activity from the browser is actually routed via our secure proxy – unlike the usual proxies that only route the web traffic. So, it’s different than a system wide VPN but it’s also different than a proxy. Thus – a browser VPN. Currently WebRTC and plugins are still not routed that way – but we’re very open about this – we’ve just released this as a developer preview and planning to fix this in the coming updates.Even still, I applaud Opera for integrating this new feature into their browser, if for no other reason than it sets a precedent that I hope other browser companies will follow in future. I look forward to the day when I can select from VPN or TOR routing directly from my stock browser installation. Read more

Older PostNewer Post