SlideShare a Scribd company logo

From on premises monolith to cloud microservices

Download as PPTX, PDF
A
Albert Lombarte

Presentation from Devops Barcelona conference on June 2019. Step by step process to migrate from a monolith to several microservices in the cloud. See with transitions at https://docs.google.com/presentation/d/10PvqjwDwBv96Ga2k0ZLrfi83NrQQnGQyLPKn0XsYC40/edit#slide=id.g585eb34422_0_592

1 of 67
Downloaded 43 times
From on-premises monolith to cloud microservices using a stateless API Gateway Albert Lombarte @alombarte
2019 KrakenD API Gateway2 MONOLITHInternet
2019 KrakenD API Gateway3 MONOLITH Database ? Catalog Promotions Basket Payments Orders Pricing Stock Authentication
2019 KrakenD API Gateway4 Internal communication Direct, synchronous Queues Polling Pub/Sub Service Mesh
2019 KrakenD API Gateway5 Catalog Promotions Basket Payments Orders Pricing Stock Authentication Android iOS SPA ? External consumption
2019 KrakenD API Gateway6 Photo by @voyagefervor, Instagram Service Mesh API Gateways Proxies with GW GraphQL API Managers
2019 KrakenD API Gateway7 Proxy with GW 1:1 mapping endpoint-backends - No business logic - Offload cross-cutting concerns. No aggregation Products with overlapping features GraphQL HTTP only - Single Endpoint - Allows the client to choose exactly the data in the response. E.g: you provide an API to developers out of your organization API Gateway Services aggregation - Business logic - API Contract - No coupling to backend - Offload cross-cutting concerns. Can implement the BFF pattern. Service Mesh Internal communication between services (not for the end-user). No business logic API Managers Access management (generate API Keys), billing, developer portal, usage statistics
Stateless vs Stateful
2019 KrakenD API Gateway9 Stateful
2019 KrakenD API Gateway10 Stateless
2019 KrakenD API Gateway11 A gateway is not the new monolith ★ Coordination required ★ Data synchronization ★ Datastore as source of truth ★ Complexity ★ Multi-region lag ★ Mutable configuration NON-LINEAR SCALABILITY Stateless Stateful ★ No node coordination ★ No synchronization ★ Zero complexity ★ No challenges for Multi-region ★ Declarative configuration ★ Immutable infrastructure LINEAR SCALABILITY
2019 KrakenD API Gateway12 API GW APIGW:North-southtraffic Mesh: east-west traffic
Choosing a stateless API gateway
2019 KrakenD API Gateway14 Proxy with API Gateway capabilities Catalog Promotions Basket Payments Orders Pricing Stock Authentication Android iOS SPA PROXY
2019 KrakenD API Gateway15 KrakenD API gateway to transition to microservices Catalog Promotions Basket Payments Orders Pricing Stock Authentication /frontpage { "catalog": {}, "promos": {}, "pricing": {} }
2019 KrakenD API Gateway16 Offloading shared needs Catalog Promotions Basket Payments Orders Pricing Stock Authentication Manipulation Filtering Circuit Breaker Metrics/Tracing Aggregation Security Authorization Service Discovery Encoding Logging Rate Limit Monitoring Load Balancer Pub/Sub Transport adapter Stub Data Traffic Mirroring Queues
Migration by example Step by step
2019 KrakenD API Gateway18 Migration strategies NEW functionality INCREMENTAL Migration (piece by piece, new and old) ALL IN Swap
2019 KrakenD API Gateway19 Incremental move to µservices Database Catalog Promotions Basket Payments Orders Pricing Stock Authentication
2019 KrakenD API Gateway20 Migration steps TL;DR 2 Move authorization to the GW 1 Add the gateway 3 Break a piece of the monolith 4 Aggregate the microservice 5 Deployment and Observability
Add the gateway Keep the API contract
2019 KrakenD API Gateway22 Add the gateway, as a proxy Web + API MONOLITH /foo /bar /foo /bar Proxy 1 Keep the existing API contract Forward cookies
2019 KrakenD API Gateway23 { "version": 2, "host": ["http://monolith"], "endpoints": [{ "endpoint": "/login", "output_encoding": "no-op", "headers_to_pass": ["Cookie"], "backend": [{ "url_pattern": "/login", "encoding": "no-op" }] }, {...} ] } Configuration Client -> Gateway -> Monolith (proxy) krakend.json ❯ krakend run -c krakend.json Start the server:
2019 KrakenD API Gateway24
2019 KrakenD API Gateway25 Unified interface Service 1 v1.1 XML Service 2 v3.2 JSON Service 3 v2.9 RSS 你好 Hello Привет KrakenD /v1/hello-world ➔ Automatic API generation and integration ➔ Consumers (iOS, Android, Web, Server devs) in control of the API ➔ Homogeneous consumption of data formats and encodings ➔ Reduced bandwidth and errors ➔ Increased speed ➔ Better quality of service
2019 KrakenD API Gateway26 Gateway added At this point... - The gateway is in the cloud - Plugged to the onprem monolith (VPN?) - It’s hybrid (cloud+onprem) - We defined all endpoints - Transparent for the client - Session Cookies still allowed API contract kept 1
2019 KrakenD API Gateway27 The weakest punishes the stronger When weakly typed languages harm the strongly typed ones { "id_user": 2, "alias": "bob" } Output from weakly typed lang Strongly typed { "id_user": "2", "alias": "bob" } 😱 HORROR STORIES 😱
Move the authorization to the Gateway From session cookies to JWT
2019 KrakenD API Gateway29 Add JWT-based authentication 2 MONOLITH /foo /foo
2019 KrakenD API Gateway30 Add JWT-based authentication 2 /token /login?token=1 POST MONOLITH /foo /foo signer { "id_user": "89990", "username": "jimmy" } <token> JWT Authorization: Bearer <token>
2019 KrakenD API Gateway31 Login controller in the monolith (BEFORE) if ($user_data = $this->login($username, $password)) { // Start the session (COOKIE) startUserSession($user_data); // Set the “remind me” cookie: setRemindMeCookie($user_data['auto_login']); ... } 2
2019 KrakenD API Gateway32 Login controller in the monolith (AFTER) if ($user_data = $this->login($username, $password)) { if ($request->has('token')) { // ?token=1 return json_encode([ "access_token" => [ "aud" => "https://api.company.com", "iss" => "https://monoli.th", "sub" => $user_data->id_user, "jti" => uniqid('', true), "roles" => [$user_data->role], "exp" => time() + 1800, // 30 minutes "other_data" => $user_data->other ] ]); } else { startUserSession($user_data); setRemindMeCookie($user_data['auto_login']); //... } } 2
2019 KrakenD API Gateway33 "endpoint": "/basket", "extra_config": { "github.com/devopsfaith/krakend-jose/validator": { "alg": "HS256", "audience": ["http://api.example.com"], "roles_key": "roles", "roles": ["user", "admin"], "jwk-url": "https://monolith/jwk/symmetric.json" } }, "output_encoding": "no-op", "headers_to_pass": ["Authentication"], "backend": [{ "url_pattern": "/bar", "encoding": "no-op" }] Authorization granularity krakend.json
2019 KrakenD API Gateway34 <?php $jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiw ibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT 4fwpMeJf36POk6yJV_adQssw5c'; $token_parts = explode('.', $jwt); $user_data = json_decode(base64_decode($token_parts[1])); Retrieve “session” data from token 2 object(stdClass)#1 (3) { ["sub"]=> string(10) "1234567890" ["name"]=> string(8) "John Doe" ["iat"]=> int(1516239022) }
2019 KrakenD API Gateway35 At this point... - All desired endpoints are protected by the gateway (sign + validation) - “Authentication” header is the only needed header, but not cookies. - The monolith gets session data from token JWT tokens implemented No more sessions 2
Start chopping the monolith
2019 KrakenD API Gateway37 Where to cut the monolith? Social Tech
2019 KrakenD API Gateway38Chop your way Photo by Jason Abdilla
2019 KrakenD API Gateway39 Avoid dependencies over the network N times Cascading requests HORROR STORIES 😱
2019 KrakenD API Gateway40 Size! 4GBDocker image HORROR STORIES 😱
2019 KrakenD API Gateway41 Pick a first service to extract Catalog Promotions Basket Payments Orders Pricing Stock /login Authentication MONOLITH 3
2019 KrakenD API Gateway42 Idempotent and safe services? Gateway It’s a read operation but…. Service GET DB Read data UPDATE HORROR STORIES 😱
Aggregating and merging services
2019 KrakenD API Gateway44 Aggregation <id_product>2</id_product> <name>Devops Barcelona</name> <date fmt="Y-m-d">2019-06-04</date> { "code": "DEVOPS19", "discount": 0.15, "products": [1,2,15] } + { "id_product": 2, "name": "Devops Barcelona", "date": "2019-06-04", "code": "DEVOPS19", "discount": 0.15, "products": [1,2,15] } Aggregated } Catalog Promotions
2019 KrakenD API Gateway45 Authentication /checkout JWT token Catalog Promotions Basket Payments Orders Pricing Stock MONOLITH 4
2019 KrakenD API Gateway46 Catalog Promotions Basket Payments Orders Pricing Stock MONOLITH 4 /splash
2019 KrakenD API Gateway47 Aggregating the hard way Backends /splash x68 Screen Calls First App Launch 68 Onboarding Tour 178 Wake-up after background 208 Front Page (w/ scroll) 39 Select Category 21 Apply a Filter 30 Product detail 22 Go to basket 51 My account 92 Help 42 To Checkout 57 TOTAL DURING THE SESSION 808 HORROR STORIES 😱
2019 KrakenD API Gateway48 Manipulation/Filtering/Grouping <id_product>2</id_product> <name>Devops Barcelona</name> <date fmt="Y-m-d">2019-06-04</date> Catalog { "code": "DEVOPS19", "discount": 0.15, "products": [1,2,15] } Promotions + { "catalog": { "id_product": 2, "name": "Devops Barcelona", "date": "2019-06-04", }, "promotions": { "code": "DEVOPS19", "savediscount": 0.15, "products": [1,2,15], } } Aggregated }
2019 KrakenD API Gateway49 Avoid the “take it all” pattern Client Providing a lot of data to the client, just in case it’s needed Gateway Your 10MB, thank you HORROR STORIES 😱
2019 KrakenD API Gateway50 Directly connect to message brokers Catalog /notify Notifications QUEUE Azure Service Bus Topic 4
Deployment
2019 KrakenD API Gateway52 Simple deployment (stateless) FROM devopsfaith/krakend COPY krakend.json /etc/krakend/krakend.json + ≃ 40MB Dockerfile
2019 KrakenD API Gateway53 Deploy anywhere Orchestration Platforms
2019 KrakenD API Gateway54 Assign a KrakenD to each team (client type) Catalog Promotions Basket Payments Orders Pricing Stock Authentication Android iOS SPA
2019 KrakenD API Gateway55 Assign a KrakenD to each team (micro frontends) } } }
2019 KrakenD API Gateway56 Not necessarily the single point of entry Catalog Promotions Payments Orders Pricing Stock Authentication
Observability Visualize the entire ecosystem from a central place
2019 KrakenD API Gateway58 Enable monitoring
2019 KrakenD API Gateway59 1-click export of logging, metrics and traces
2019 KrakenD API Gateway60 Metrics and Tracer exporters for every taste
2019 KrakenD API Gateway61
2019 KrakenD API Gateway62 Repeat x N services 3 Break a piece of the monolith 4 Aggregate the microservice 5 Deployment and Observability
2019 KrakenD API Gateway63 MONOLITH Orders Pricing Stock Basket Payments Promotions Catalog MONOLITH 🎉
2019 KrakenD API Gateway64
2019 KrakenD API Gateway65 Special thanks to...
2019 KrakenD API Gateway66
2019 KrakenD API Gateway67 Questions? Let’s have a beer! @devopsfaith | @alombarte Email: albert@krakend.io Photo by Patrick Fore
Ad

Recommended

KrakenD API Gateway
KrakenD API GatewayKrakenD API Gateway
KrakenD API Gateway
Albert Lombarte
 
Data Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to MeshData Mesh Part 4 Monolith to Mesh
Data Mesh Part 4 Monolith to Mesh
Jeffrey T. Pollock
 
Webinar Data Mesh - Part 3
Webinar Data Mesh - Part 3Webinar Data Mesh - Part 3
Webinar Data Mesh - Part 3
Jeffrey T. Pollock
 
Azure Cloud PPT
Azure Cloud PPTAzure Cloud PPT
Azure Cloud PPT
Aniket Kanitkar
 
Understanding cloud with Google Cloud Platform
Understanding cloud with Google Cloud PlatformUnderstanding cloud with Google Cloud Platform
Understanding cloud with Google Cloud Platform
Dr. Ketan Parmar
 
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Azure Tutorial For Beginners | Microsoft Azure Tutorial For Beginners | Azure...
Simplilearn
 
IoT Architectures for Apache Kafka and Event Streaming - Industry 4.0, Digita...
IoT Architectures for Apache Kafka and Event Streaming - Industry 4.0, Digita...IoT Architectures for Apache Kafka and Event Streaming - Industry 4.0, Digita...
IoT Architectures for Apache Kafka and Event Streaming - Industry 4.0, Digita...
Kai Wähner
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Nicholas Vossburg
 
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Edureka!
 
Kappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology ComparisonKappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology Comparison
Kai Wähner
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplified
Girlo
 
Cloud Computing Basics
Cloud Computing BasicsCloud Computing Basics
Cloud Computing Basics
Jarin Tasnim Khan
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kai Wähner
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
Doug Gregory
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategies
SogetiLabs
 
Introduction to GCP presentation
Introduction to GCP presentationIntroduction to GCP presentation
Introduction to GCP presentation
Mohit Kachhwani
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Chaitanya Atreya
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Edureka!
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaS
Robert Crane
 
IaaS and PaaS
IaaS and PaaSIaaS and PaaS
IaaS and PaaS
Thanakrit Lersmethasakul
 
Google Cloud Platform
Google Cloud Platform Google Cloud Platform
Google Cloud Platform
Francesco Marchitelli
 
Challenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyChallenges of the Cloud Migration Journey
Challenges of the Cloud Migration Journey
CloudHealth by VMware
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Aniket Saxena
 
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Ad

More Related Content

What's hot (20)

Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Edureka!
 
Kappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology ComparisonKappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology Comparison
Kai Wähner
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplified
Girlo
 
Cloud Computing Basics
Cloud Computing BasicsCloud Computing Basics
Cloud Computing Basics
Jarin Tasnim Khan
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kai Wähner
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
Doug Gregory
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategies
SogetiLabs
 
Introduction to GCP presentation
Introduction to GCP presentationIntroduction to GCP presentation
Introduction to GCP presentation
Mohit Kachhwani
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Chaitanya Atreya
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Edureka!
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaS
Robert Crane
 
IaaS and PaaS
IaaS and PaaSIaaS and PaaS
IaaS and PaaS
Thanakrit Lersmethasakul
 
Google Cloud Platform
Google Cloud Platform Google Cloud Platform
Google Cloud Platform
Francesco Marchitelli
 
Challenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyChallenges of the Cloud Migration Journey
Challenges of the Cloud Migration Journey
CloudHealth by VMware
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Aniket Saxena
 
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Microsoft Azure Overview | Cloud Computing Tutorial with Azure | Azure Traini...
Edureka!
 
Kappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology ComparisonKappa vs Lambda Architectures and Technology Comparison
Kappa vs Lambda Architectures and Technology Comparison
Kai Wähner
 
Azure cloud migration simplified
Azure cloud migration simplifiedAzure cloud migration simplified
Azure cloud migration simplified
Girlo
 
Cloud Computing Basics
Cloud Computing BasicsCloud Computing Basics
Cloud Computing Basics
Jarin Tasnim Khan
 
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid CloudKafka for Real-Time Replication between Edge and Hybrid Cloud
Kafka for Real-Time Replication between Edge and Hybrid Cloud
Kai Wähner
 
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdService Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and Linkerd
Kai Wähner
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
Doug Gregory
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SREMicroservices Docker Kubernetes Istio Kanban DevOps SRE
Microservices Docker Kubernetes Istio Kanban DevOps SRE
Araf Karsh Hamid
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategies
SogetiLabs
 
Introduction to GCP presentation
Introduction to GCP presentationIntroduction to GCP presentation
Introduction to GCP presentation
Mohit Kachhwani
 
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud StrategiesEmerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Emerging Trends in Hybrid-Cloud & Multi-Cloud Strategies
Chaitanya Atreya
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Introduction to Google Cloud Platform (GCP) | Google Cloud Tutorial for Begin...
Edureka!
 
Introduction to Azure IaaS
Introduction to Azure IaaSIntroduction to Azure IaaS
Introduction to Azure IaaS
Robert Crane
 
IaaS and PaaS
IaaS and PaaSIaaS and PaaS
IaaS and PaaS
Thanakrit Lersmethasakul
 
Google Cloud Platform
Google Cloud Platform Google Cloud Platform
Google Cloud Platform
Francesco Marchitelli
 
Challenges of the Cloud Migration Journey
Challenges of the Cloud Migration JourneyChallenges of the Cloud Migration Journey
Challenges of the Cloud Migration Journey
CloudHealth by VMware
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Aniket Saxena
 

Similar to From on premises monolith to cloud microservices (20)

apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Contribution day guide. MLEU 2019
Contribution day guide. MLEU 2019Contribution day guide. MLEU 2019
Contribution day guide. MLEU 2019
Oleksii Korshenko
 
NDC London 2017 - The Data Dichotomy- Rethinking Data and Services with Streams
NDC London 2017 - The Data Dichotomy- Rethinking Data and Services with StreamsNDC London 2017 - The Data Dichotomy- Rethinking Data and Services with Streams
NDC London 2017 - The Data Dichotomy- Rethinking Data and Services with Streams
Ben Stopford
 
EDA Meets Data Engineering – What's the Big Deal?
EDA Meets Data Engineering – What's the Big Deal?EDA Meets Data Engineering – What's the Big Deal?
EDA Meets Data Engineering – What's the Big Deal?
confluent
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIs
VMware Tanzu
 
testupload
testuploadtestupload
testupload
admiralderp
 
Breizhcamp - Application update in a Kubernetes World
Breizhcamp - Application update in a Kubernetes WorldBreizhcamp - Application update in a Kubernetes World
Breizhcamp - Application update in a Kubernetes World
Mathieu Herbert
 
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
WSO2
 
MeasureCamp London 2024 - Yasen - Measurement Protocol v2
MeasureCamp London 2024 - Yasen - Measurement Protocol v2MeasureCamp London 2024 - Yasen - Measurement Protocol v2
MeasureCamp London 2024 - Yasen - Measurement Protocol v2
Yasen Lilov
 
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...
WSO2
 
New Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQLNew Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQL
confluent
 
Consuming GRIN GLOBAL Webservices
Consuming GRIN GLOBAL WebservicesConsuming GRIN GLOBAL Webservices
Consuming GRIN GLOBAL Webservices
Edwin Rojas
 
Psd2 challenges
Psd2 challenges Psd2 challenges
Psd2 challenges
Goran Angelov
 
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016
Glynn Bird
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
Yenlo
 
5 Things I Wish I'd Known about Microservices
5 Things I Wish I'd Known about Microservices5 Things I Wish I'd Known about Microservices
5 Things I Wish I'd Known about Microservices
Atlassian
 
Using the GSMA OneAPI Gateway
Using the GSMA OneAPI GatewayUsing the GSMA OneAPI Gateway
Using the GSMA OneAPI Gateway
GSMA OneAPI Gateway
 
Automatic Ingress in Kubernetes
Automatic Ingress in KubernetesAutomatic Ingress in Kubernetes
Automatic Ingress in Kubernetes
Rodrigo Reis
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
FIDO Alliance
 
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays LIVE Australia 2020 - From micro to macro-coordination through domain...
apidays
 
The Current And Future State Of Service Mesh
The Current And Future State Of Service MeshThe Current And Future State Of Service Mesh
The Current And Future State Of Service Mesh
Ram Vennam
 
Contribution day guide. MLEU 2019
Contribution day guide. MLEU 2019Contribution day guide. MLEU 2019
Contribution day guide. MLEU 2019
Oleksii Korshenko
 
NDC London 2017 - The Data Dichotomy- Rethinking Data and Services with Streams
NDC London 2017 - The Data Dichotomy- Rethinking Data and Services with StreamsNDC London 2017 - The Data Dichotomy- Rethinking Data and Services with Streams
NDC London 2017 - The Data Dichotomy- Rethinking Data and Services with Streams
Ben Stopford
 
EDA Meets Data Engineering – What's the Big Deal?
EDA Meets Data Engineering – What's the Big Deal?EDA Meets Data Engineering – What's the Big Deal?
EDA Meets Data Engineering – What's the Big Deal?
confluent
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIs
VMware Tanzu
 
testupload
testuploadtestupload
testupload
admiralderp
 
Breizhcamp - Application update in a Kubernetes World
Breizhcamp - Application update in a Kubernetes WorldBreizhcamp - Application update in a Kubernetes World
Breizhcamp - Application update in a Kubernetes World
Mathieu Herbert
 
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...
WSO2
 
MeasureCamp London 2024 - Yasen - Measurement Protocol v2
MeasureCamp London 2024 - Yasen - Measurement Protocol v2MeasureCamp London 2024 - Yasen - Measurement Protocol v2
MeasureCamp London 2024 - Yasen - Measurement Protocol v2
Yasen Lilov
 
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit Madrid 2019] Identity and Access Management in an AP...
WSO2
 
New Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQLNew Approaches for Fraud Detection on Apache Kafka and KSQL
New Approaches for Fraud Detection on Apache Kafka and KSQL
confluent
 
Consuming GRIN GLOBAL Webservices
Consuming GRIN GLOBAL WebservicesConsuming GRIN GLOBAL Webservices
Consuming GRIN GLOBAL Webservices
Edwin Rojas
 
Psd2 challenges
Psd2 challenges Psd2 challenges
Psd2 challenges
Goran Angelov
 
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016
IoT Sensor Sensibility - Hull Digital - C4Di - Feb 2016
Glynn Bird
 
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
WSO2 - Yenlo Integration Summit Stuttgart 15 May 2019 - Decentralizing APIs f...
Yenlo
 
5 Things I Wish I'd Known about Microservices
5 Things I Wish I'd Known about Microservices5 Things I Wish I'd Known about Microservices
5 Things I Wish I'd Known about Microservices
Atlassian
 
Using the GSMA OneAPI Gateway
Using the GSMA OneAPI GatewayUsing the GSMA OneAPI Gateway
Using the GSMA OneAPI Gateway
GSMA OneAPI Gateway
 
Automatic Ingress in Kubernetes
Automatic Ingress in KubernetesAutomatic Ingress in Kubernetes
Automatic Ingress in Kubernetes
Rodrigo Reis
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
FIDO Alliance
 
Ad

Recently uploaded (20)

Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Ad

From on premises monolith to cloud microservices

  • 1. From on-premises monolith to cloud microservices using a stateless API Gateway Albert Lombarte @alombarte
  • 2. 2019 KrakenD API Gateway2 MONOLITHInternet
  • 3. 2019 KrakenD API Gateway3 MONOLITH Database ? Catalog Promotions Basket Payments Orders Pricing Stock Authentication
  • 4. 2019 KrakenD API Gateway4 Internal communication Direct, synchronous Queues Polling Pub/Sub Service Mesh
  • 5. 2019 KrakenD API Gateway5 Catalog Promotions Basket Payments Orders Pricing Stock Authentication Android iOS SPA ? External consumption
  • 6. 2019 KrakenD API Gateway6 Photo by @voyagefervor, Instagram Service Mesh API Gateways Proxies with GW GraphQL API Managers
  • 7. 2019 KrakenD API Gateway7 Proxy with GW 1:1 mapping endpoint-backends - No business logic - Offload cross-cutting concerns. No aggregation Products with overlapping features GraphQL HTTP only - Single Endpoint - Allows the client to choose exactly the data in the response. E.g: you provide an API to developers out of your organization API Gateway Services aggregation - Business logic - API Contract - No coupling to backend - Offload cross-cutting concerns. Can implement the BFF pattern. Service Mesh Internal communication between services (not for the end-user). No business logic API Managers Access management (generate API Keys), billing, developer portal, usage statistics
  • 9. 2019 KrakenD API Gateway9 Stateful
  • 10. 2019 KrakenD API Gateway10 Stateless
  • 11. 2019 KrakenD API Gateway11 A gateway is not the new monolith ★ Coordination required ★ Data synchronization ★ Datastore as source of truth ★ Complexity ★ Multi-region lag ★ Mutable configuration NON-LINEAR SCALABILITY Stateless Stateful ★ No node coordination ★ No synchronization ★ Zero complexity ★ No challenges for Multi-region ★ Declarative configuration ★ Immutable infrastructure LINEAR SCALABILITY
  • 12. 2019 KrakenD API Gateway12 API GW APIGW:North-southtraffic Mesh: east-west traffic
  • 13. Choosing a stateless API gateway
  • 14. 2019 KrakenD API Gateway14 Proxy with API Gateway capabilities Catalog Promotions Basket Payments Orders Pricing Stock Authentication Android iOS SPA PROXY
  • 15. 2019 KrakenD API Gateway15 KrakenD API gateway to transition to microservices Catalog Promotions Basket Payments Orders Pricing Stock Authentication /frontpage { "catalog": {}, "promos": {}, "pricing": {} }
  • 16. 2019 KrakenD API Gateway16 Offloading shared needs Catalog Promotions Basket Payments Orders Pricing Stock Authentication Manipulation Filtering Circuit Breaker Metrics/Tracing Aggregation Security Authorization Service Discovery Encoding Logging Rate Limit Monitoring Load Balancer Pub/Sub Transport adapter Stub Data Traffic Mirroring Queues
  • 18. 2019 KrakenD API Gateway18 Migration strategies NEW functionality INCREMENTAL Migration (piece by piece, new and old) ALL IN Swap
  • 19. 2019 KrakenD API Gateway19 Incremental move to µservices Database Catalog Promotions Basket Payments Orders Pricing Stock Authentication
  • 20. 2019 KrakenD API Gateway20 Migration steps TL;DR 2 Move authorization to the GW 1 Add the gateway 3 Break a piece of the monolith 4 Aggregate the microservice 5 Deployment and Observability
  • 21. Add the gateway Keep the API contract
  • 22. 2019 KrakenD API Gateway22 Add the gateway, as a proxy Web + API MONOLITH /foo /bar /foo /bar Proxy 1 Keep the existing API contract Forward cookies
  • 23. 2019 KrakenD API Gateway23 { "version": 2, "host": ["http://monolith"], "endpoints": [{ "endpoint": "/login", "output_encoding": "no-op", "headers_to_pass": ["Cookie"], "backend": [{ "url_pattern": "/login", "encoding": "no-op" }] }, {...} ] } Configuration Client -> Gateway -> Monolith (proxy) krakend.json ❯ krakend run -c krakend.json Start the server:
  • 24. 2019 KrakenD API Gateway24
  • 25. 2019 KrakenD API Gateway25 Unified interface Service 1 v1.1 XML Service 2 v3.2 JSON Service 3 v2.9 RSS 你好 Hello Привет KrakenD /v1/hello-world ➔ Automatic API generation and integration ➔ Consumers (iOS, Android, Web, Server devs) in control of the API ➔ Homogeneous consumption of data formats and encodings ➔ Reduced bandwidth and errors ➔ Increased speed ➔ Better quality of service
  • 26. 2019 KrakenD API Gateway26 Gateway added At this point... - The gateway is in the cloud - Plugged to the onprem monolith (VPN?) - It’s hybrid (cloud+onprem) - We defined all endpoints - Transparent for the client - Session Cookies still allowed API contract kept 1
  • 27. 2019 KrakenD API Gateway27 The weakest punishes the stronger When weakly typed languages harm the strongly typed ones { "id_user": 2, "alias": "bob" } Output from weakly typed lang Strongly typed { "id_user": "2", "alias": "bob" } 😱 HORROR STORIES 😱
  • 28. Move the authorization to the Gateway From session cookies to JWT
  • 29. 2019 KrakenD API Gateway29 Add JWT-based authentication 2 MONOLITH /foo /foo
  • 30. 2019 KrakenD API Gateway30 Add JWT-based authentication 2 /token /login?token=1 POST MONOLITH /foo /foo signer { "id_user": "89990", "username": "jimmy" } <token> JWT Authorization: Bearer <token>
  • 31. 2019 KrakenD API Gateway31 Login controller in the monolith (BEFORE) if ($user_data = $this->login($username, $password)) { // Start the session (COOKIE) startUserSession($user_data); // Set the “remind me” cookie: setRemindMeCookie($user_data['auto_login']); ... } 2
  • 32. 2019 KrakenD API Gateway32 Login controller in the monolith (AFTER) if ($user_data = $this->login($username, $password)) { if ($request->has('token')) { // ?token=1 return json_encode([ "access_token" => [ "aud" => "https://api.company.com", "iss" => "https://monoli.th", "sub" => $user_data->id_user, "jti" => uniqid('', true), "roles" => [$user_data->role], "exp" => time() + 1800, // 30 minutes "other_data" => $user_data->other ] ]); } else { startUserSession($user_data); setRemindMeCookie($user_data['auto_login']); //... } } 2
  • 33. 2019 KrakenD API Gateway33 "endpoint": "/basket", "extra_config": { "github.com/devopsfaith/krakend-jose/validator": { "alg": "HS256", "audience": ["http://api.example.com"], "roles_key": "roles", "roles": ["user", "admin"], "jwk-url": "https://monolith/jwk/symmetric.json" } }, "output_encoding": "no-op", "headers_to_pass": ["Authentication"], "backend": [{ "url_pattern": "/bar", "encoding": "no-op" }] Authorization granularity krakend.json
  • 34. 2019 KrakenD API Gateway34 <?php $jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiw ibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT 4fwpMeJf36POk6yJV_adQssw5c'; $token_parts = explode('.', $jwt); $user_data = json_decode(base64_decode($token_parts[1])); Retrieve “session” data from token 2 object(stdClass)#1 (3) { ["sub"]=> string(10) "1234567890" ["name"]=> string(8) "John Doe" ["iat"]=> int(1516239022) }
  • 35. 2019 KrakenD API Gateway35 At this point... - All desired endpoints are protected by the gateway (sign + validation) - “Authentication” header is the only needed header, but not cookies. - The monolith gets session data from token JWT tokens implemented No more sessions 2
  • 36. Start chopping the monolith
  • 37. 2019 KrakenD API Gateway37 Where to cut the monolith? Social Tech
  • 38. 2019 KrakenD API Gateway38Chop your way Photo by Jason Abdilla
  • 39. 2019 KrakenD API Gateway39 Avoid dependencies over the network N times Cascading requests HORROR STORIES 😱
  • 40. 2019 KrakenD API Gateway40 Size! 4GBDocker image HORROR STORIES 😱
  • 41. 2019 KrakenD API Gateway41 Pick a first service to extract Catalog Promotions Basket Payments Orders Pricing Stock /login Authentication MONOLITH 3
  • 42. 2019 KrakenD API Gateway42 Idempotent and safe services? Gateway It’s a read operation but…. Service GET DB Read data UPDATE HORROR STORIES 😱
  • 44. 2019 KrakenD API Gateway44 Aggregation <id_product>2</id_product> <name>Devops Barcelona</name> <date fmt="Y-m-d">2019-06-04</date> { "code": "DEVOPS19", "discount": 0.15, "products": [1,2,15] } + { "id_product": 2, "name": "Devops Barcelona", "date": "2019-06-04", "code": "DEVOPS19", "discount": 0.15, "products": [1,2,15] } Aggregated } Catalog Promotions
  • 45. 2019 KrakenD API Gateway45 Authentication /checkout JWT token Catalog Promotions Basket Payments Orders Pricing Stock MONOLITH 4
  • 46. 2019 KrakenD API Gateway46 Catalog Promotions Basket Payments Orders Pricing Stock MONOLITH 4 /splash
  • 47. 2019 KrakenD API Gateway47 Aggregating the hard way Backends /splash x68 Screen Calls First App Launch 68 Onboarding Tour 178 Wake-up after background 208 Front Page (w/ scroll) 39 Select Category 21 Apply a Filter 30 Product detail 22 Go to basket 51 My account 92 Help 42 To Checkout 57 TOTAL DURING THE SESSION 808 HORROR STORIES 😱
  • 48. 2019 KrakenD API Gateway48 Manipulation/Filtering/Grouping <id_product>2</id_product> <name>Devops Barcelona</name> <date fmt="Y-m-d">2019-06-04</date> Catalog { "code": "DEVOPS19", "discount": 0.15, "products": [1,2,15] } Promotions + { "catalog": { "id_product": 2, "name": "Devops Barcelona", "date": "2019-06-04", }, "promotions": { "code": "DEVOPS19", "savediscount": 0.15, "products": [1,2,15], } } Aggregated }
  • 49. 2019 KrakenD API Gateway49 Avoid the “take it all” pattern Client Providing a lot of data to the client, just in case it’s needed Gateway Your 10MB, thank you HORROR STORIES 😱
  • 50. 2019 KrakenD API Gateway50 Directly connect to message brokers Catalog /notify Notifications QUEUE Azure Service Bus Topic 4
  • 52. 2019 KrakenD API Gateway52 Simple deployment (stateless) FROM devopsfaith/krakend COPY krakend.json /etc/krakend/krakend.json + ≃ 40MB Dockerfile
  • 53. 2019 KrakenD API Gateway53 Deploy anywhere Orchestration Platforms
  • 54. 2019 KrakenD API Gateway54 Assign a KrakenD to each team (client type) Catalog Promotions Basket Payments Orders Pricing Stock Authentication Android iOS SPA
  • 55. 2019 KrakenD API Gateway55 Assign a KrakenD to each team (micro frontends) } } }
  • 56. 2019 KrakenD API Gateway56 Not necessarily the single point of entry Catalog Promotions Payments Orders Pricing Stock Authentication
  • 57. Observability Visualize the entire ecosystem from a central place
  • 58. 2019 KrakenD API Gateway58 Enable monitoring
  • 59. 2019 KrakenD API Gateway59 1-click export of logging, metrics and traces
  • 60. 2019 KrakenD API Gateway60 Metrics and Tracer exporters for every taste
  • 61. 2019 KrakenD API Gateway61
  • 62. 2019 KrakenD API Gateway62 Repeat x N services 3 Break a piece of the monolith 4 Aggregate the microservice 5 Deployment and Observability
  • 63. 2019 KrakenD API Gateway63 MONOLITH Orders Pricing Stock Basket Payments Promotions Catalog MONOLITH 🎉
  • 64. 2019 KrakenD API Gateway64
  • 65. 2019 KrakenD API Gateway65 Special thanks to...
  • 66. 2019 KrakenD API Gateway66
  • 67. 2019 KrakenD API Gateway67 Questions? Let’s have a beer! @devopsfaith | @alombarte Email: [email protected] Photo by Patrick Fore

Editor's Notes

  • #2: From on-premises monolith to cloud microservices BEST VIEWED IN PRESENTATION MODE TO UNDERSTAND TRANSITIONS SLACK: https://invite.slack.golangbridge.org/ → #krakend channel
  • #10: The LOGIC needs to persist its state in an external DATA, that is queried by all nodes. It’s the SOURCE OF TRUTH Scaling the Gateway means scaling a database. WHEN we go to multiple regions, this data needs to be synchronized. The gateway does not work without a DB
  • #11: In a STATELESS gateway everything needed to provide the service, lives inside the configuration of the application and there is no need of centralization and shared state (database). Every node only knows about its own state and it does not need to know about the other nodes
  • #12: Because a GW is a piece usually in the middle of your backend consumption is too tempting to do certain stuff. We think that a gateway cannot be the new monolith and shouldn’t have centralization.
  • #13: API GATEWAY -> Connects EXTERNAL TRAFFIC with INTERNAL SERVICES. As it can provide AGGREGATED consumption of services for the client is also associated to the BACKEND FOR FRONTEND SERVICE MESH → Internal communication
  • #15: A proxy might solve some of these SHARED problems (cross-cutting concerns), like security, rate limiting or circuit breaking. (HAPROXY, NGINX PLUS) ** A Proxy ADDS ROUTING capabilities. We can have a group of URLs pointint to a specific service But the problem of this approach is this is a 1 to 1 . ONE-SERVICE-CONSUMED-AT-A-TIME The clients are totally COUPLED to the Backend. Specially inconvenient for Mobile apps that cannot change the contract at wil once they are published in the AppStore or GooglePlay All these proxies call themselves API GATEWAYS or even API Managers! There is a lot of controversy on the term, thanks to marketing
  • #16: BUT A PROXY IS NOT SUITABLE FOR A MICROSERVICES MIGRATION, AS IT IS UNABLE TO AGGREGATE SOURCES The term “traditional api gw” is sometimes used to stateful api gw. The API Gateway can implement the BFF because you build it while thinking about the needs of the client app.
  • #21: Add the gateway keeping the API contract, as proxy - backward compatibility Microservices do not need to implement security - Replace cookies, use JWT Chop the monolith and create a microservice Use the gateway to aggreagate the services. The client won’t notice anything Traces, loging and metrics Go to 3 until monolith disappears
  • #23: Put the krakend in the cloud, to face problems for being in a different network from the beginning (connection) We put the gateway as proxy (not a GW yet) We make sure we forward all cookies, as our example monolith uses them We replicate all the endpoints of the monolith in the GW. Backwards compatibility: Keep the contract Test and Change DNS When we have this, the client doesn’t know that we added a GW
  • #33: KEEP SHORT TOKENS REFRESH TOKEN can be handled automatically, many libraries do it already.
  • #38: The Social aspect usually weights more than the technical Social = What is the size of your team, and their experience with MS? Growing plans (x4)? Responsibilities? Tech = Domain of the components, dependencies BTW components, latency constraints, persistence model
  • #40: When designing the microservices and how to extract them is very important to not create dependencies over the network
  • #41: Heavy artifacts!
  • #42: A good first candidate is usually the authentication service
  • #43: A request method is considered "idempotent" when multiple identical requests have the same effect. Request methods should be "safe" when theri semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change
  • #46: DEVELOPER FOCUSES ON FUNCTIONALITY
  • #48: A lot of this calls are due to drag and drop SDKs
  • #49: More with: Flatmap DSL Language, Martian Lua Scripts
  • #50: Aggregation is done automatically but filter out those attributes that you don’t need The gateway can be very fast, but if you pack the entire Internet in the response it won’t be a good experience.
  • #53: Deploying a stateless GW is very easy as there is no persistence associated. As there is only a configuration file, all you need to do is to COPY the file in your immutable container. Doing a Blue/green deployment is very easy and superfast as the artifact is so small, and the nodes start without coordination.
  • #59: It’s very important that such a complicated Grafana
  • #60: Zipkin example
  • #62: Instana (enteprise subscription) and Zipkin
  • #63: REPEAT THE OPERATION WITH ANOTHER SERVICE: Move to a microservice Aggregate in the gateway with its corresponding use cases
  • #64: IN MANY CASES, the effort of going fully to microservices is too high. You can keep your REDUCED MONOLITH as another service, preferably now inside the cloud
  • #65: 2'5 YEARS AGO we built from scratch an extensible API Gateway. We LEARNED the hard way. Doing consultancy all this time helped us improve and grow our product with the real problems of the companies, at a crazy rythm. - We provide today an open source project that brings all the Enterprise features at no cost. - We are provably the only company in Barcelona developing 100% in Go. In late 2016 we decided to repeat to create a Gateway for the public audience and started running in production
  • #67: Numbers from 1st June 2019