SlideShare a Scribd company logo

Building a microservice architecture for a 100mio# revenue company

Download as PPTX, PDF
P
ProjectAcom

The document outlines lessons learned from implementing a microservice architecture for a successful e-commerce platform, emphasizing that microservices are not a one-size-fits-all solution and introduce significant complexity. Key takeaways include the importance of thorough preparation, effective security measures, and comprehensive versioning and logging practices to ensure smooth operations. It also highlights the necessity of understanding global data types and service interactions to maintain consistency across the architecture.

Software
1 of 54
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Lessons learned when building a microservice architecture for a 100mio+ revenue company 28.04.2017
???
Summary – Takeaways 1. Microservices are no silver bullet! 2. Microservices come with a lot of complexity that you don’t see at the first glance! 3. Microservices are a tool. Check if it is the right one!
About me  Stephan Schulze  CTO@Project A  stephan.schulze@project-a.com  https://www.linkedin.com/in/stephan-schulze-24115957/  https://twitter.com/nahpeps  https://insights.project-a.com/tagged/tech
Our Project
Introduction – Overview  Developing a new eCommerce Platform based on a microservice architecture  Current KPIs:  Revenue: > 100mio€/year  SKUs: 500k  Expected KPIs:  Revenue: > 200mio€/year  SKUs: 1.5mio  General Expectations:  Scalable, flexible, developed inhouse  Should allow to run different business models in parallel  Should be suitable for online and offline sales
Introduction – Our stack  Infrastructure Stack:  AWS  Terraform  Kubernetes  Docker  Application Stack:  Java  PHP  Nginx  Tomcat  PostgreSql  Redis  …
Introduction – Our stack
Introduction – A common understanding of microservices Microservices are a distributed System Characteristics:  isolated vertical infrastructure for each service  communication only via APIs  no referential integrity across services  each service serves one business domain  Service provides its own HTML (Customer Facing and Backoffice)
Introduction – The abstract architecture R o u t i n g / R e n d e r i n g S1 S5 S2 S6 S4 S7 S9 S3 S8
Lets start…
Preparation
Challenge – Preparation  Think about and define basic parameters for your system  Communication formats (Language; Protocol; Message Formats; Error Handling, …)  Security Model  Notifications and Configuration Mgmt.  API Versioning  Deployments  Document your results
Examples
Challenge – Preparation – Examples  API Request with Success:
Challenge – Preparation – Examples  API Request with Error:
Challenge – Preparation – Examples  API-Versioning
Challenge – Preparation – Examples  Documentation
Challenge – Preparation – Takeaways 1. You will not be prepared enough! 2. Build PoC application infrastructure and test it. 3. Have a common understanding and documentation.
Global Data
Challenge – Global data types  Rare changing data:  Countries  Languages  Currencies  can be part of the service  should be cached  Often changing data  User/Customer Sessions  Tracking  Must not be part of the service  Must not be cached  Regular changing data  URLs  Configurations  Permissions  should not be part of the service  should be cached
Examples
Challenge – Global data – How we share it  Rare/Regular changing data is:  Provided by a central registry  Cached in the service  Updated via deployment and notification  Often changing data is:  Part of the request/response of a service call
Challenge – Global data – Example: Session Data  Routing/Rendering Service is session data master R o u t i n g / R e n d e r i n g S1 S5 S2 S6 S4 S7 S9 S3 S8
Challenge – Global data – Example: Session Data  Routing/Rendering Service is session data master  Each service has its namespace in the session  There is a global part in the session which is well defined  Session data is part of the request header, including:  Global part  Service specific part  Updates to the session are part of the response of a service request  Problem:  Inconsistent Global Data in two different services
{{Header}} {{Content}} Template1 Routing/Rendering Challenge – Global data – Example: Session Data S1 S2 /url123 URL Template /url123 Template1 /url1234 Template2 … … URL Placeholder Service Endpoint /url123 Header S1 /header /url123 Content S2 /customer/login … … /header /customer/login  Problem: Inconsistent Global Data in two different services
Challenge – Global Data – Takeaways 1. Independent of what others say: There will be global data and you will depend on it. 2. Thinking about different data types and the best implementation approach early, helps a lot!
Security
Challenge – Security  Rule #1: Don’t trust anybody else  Roles and Permissions  Must be part of your architecture from day one  Tokens (e.g. JWT) or similar approaches are best practice  token can contain permissions already OR  Permissions can be provided by a central registry  Each service must care about its own security
Examples
Challenge – Security – Example: API Permissions
Challenge – Security – Example: Permissions – Grants  Permissions are not only for users but also for services
Challenge – Security – Token (in)validation  How do I know whether a Token is still valid?  Two approaches: 1. Authorize Token on every call 2. Cache permissions and token locally  We go for approach 2  If permissions behind a token changes or token becomes invalid  Whole system is notified  every Service must take care on its own
Challenge – Security – Example: Permissions at S2S calls  Situation  User registers new Customer in Backoffice (via CustomerService)  Registration requires Discount creation (DiscountService)  Registrations requires sending a Welcome Mail with Discount (via Mailservice)  Case 1: User Token is used for subsequent calls  User must have permission to create Discounts and send welcome Mails also  Case 2: CustomerService Token is used for subsequent calls  User must have permission to create Customer  CustomerService must have permissions to do all business steps
Challenge – Security – Takeaways 1. Security is crucial 2. Use tokens (and think about how to authorize and invalidate them) 3. Take care of a chain of rights
Versioning
Challenge – Versioning  What need to be versioned?  Whole services  Service APIs  Service Frontends and so Assets, Sessions, Permissions, …  Things get more complicated:  Services must provide more than one API version at once  Different API Versions of a Service can have a dependency to different API Versions of other services  Different API Versions will operate on the same database
Examples
Challenge – Versioning – our Approach for APIs  API Version is part of the request header  One Service release must support multiple API/Frontend versions  Every service expose the API versions it offers and it consumes (in code)
Challenge – Versioning – our Approach for APIs  How does that look at runtime? Release 1 API: 1.2.3 Release 2 API: 1.2.3 API: 2.0.0 Release 3 API: 1.2.3 API: 2.0.0 API: 2.1.0
Challenge – Versioning – our Approach for APIs Release 3 API: 1.2.3 API: 2.0.0 API: 2.1.0 X-Api-Version: 1.2 X-Api-Version-Used: 1.2.3 X-Api-Version: 1.2.3 X-Api-Version-Used: 1.2.3 X-Api-Version: 2 X-Api-Version-Used: 2.1.0 X-Api-Version: 3.1.0 ERROR
Challenge – Versioning – Takeaways 1. Versioning is a pain but necessary 2. A lot parts in the application can/should/must be versioned 3. Validating API/Service dependencies should happen before deployment
Logging
Challenge – Logging – Areas  Infrastructure centric: everything necessary to run a service (Docker, Kubernetes, …)  Service centric: everything that is related to a specific service (Webserver, ApplicationEngine)  Application centric: everything that is related to the application itself (Exceptions, Warnings, Notices, …)  Major Question: How should be logged and what?
Examples
Challenge – Logging – Our stack  Logs are going to stdout  Using Fluentd as logshipper to elasticsearch setup  Why not logstash?  Much faster ramp up  Native kubernetes integration  Each log entry includes:  Instance-Id (always)  Service release (if available)  API-Version (if available)  Correlation-Id (if available)  Visitor-Id (if available)
Challenge – Logging – Correlation and Visitor Id  Correlation Id  forwarded by each service or created if none is available  See the way of a request through the whole application  Is valid for one request  Visitor Id  forwarded by each service if received  Group all calls of a specific User/Customer  Stored at the User/Customer for longterm usage
Challenge – Logging – Correlation and Visitor Id
Challenge – Logging – Takeaways 1. You need to know everything! 2. Infrastructure vs. Applications vs. Request Logs  each of them matter 3. Using Correlation-Ids and Visitor-Ids is recommended 4. Service-Identifier, -release, -instance and API Version must be part of every application log entry
What comes next?
I could continue for a while…
The question is still…
Questions?
Contact Stephan Schulze CTO Project A Services GmbH & Co. KG Julie-Wolfthorn-Str. 1 10115 Berlin Tel: + 49 30 340 606 300 Fax: + 49 30 340 606 399 stephan.schulze@project-a.com www.project-a.com facebook.com/projectaberlin twitter.com/projectacom

More Related Content

PDF
[API World ] - Managing Asynchronous APIs
WSO2
 
PDF
Modernizing Customer Messaging at T-Mobile
VMware Tanzu
 
PDF
Api gateway
enyert
 
PPTX
How Cisco is Leveraging MuleSoft to Drive Continuous Innovation​ at Enterpris...
MuleSoft
 
PDF
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
Michael Kuehne-Schlinkert
 
PPTX
Developing a Service-oriented Architecture (SOA)- based Product Management Pl...
Amine KOUIS
 
PDF
Achieving Microservices Maturity
Nordic APIs
 
PPTX
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
BizTalk360
 
[API World ] - Managing Asynchronous APIs
WSO2
 
Modernizing Customer Messaging at T-Mobile
VMware Tanzu
 
Api gateway
enyert
 
How Cisco is Leveraging MuleSoft to Drive Continuous Innovation​ at Enterpris...
MuleSoft
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
Michael Kuehne-Schlinkert
 
Developing a Service-oriented Architecture (SOA)- based Product Management Pl...
Amine KOUIS
 
Achieving Microservices Maturity
Nordic APIs
 
What's inside "migrating to biz talk server 2020" Book (BizTalk360 Webinar)
BizTalk360
 

What's hot (20)

PDF
Online Meetup - MuleSoft - June 2020
Royston Lobo
 
PPTX
Service Mesh - Why? How? What?
Orkhan Gasimov
 
PDF
How to migrate an application in IBM APIc, and preserve its client credential
Shiu-Fun Poon
 
PDF
Integration patterns and practices for cloud and mobile computing
SHAKIL AKHTAR
 
PPTX
Microservices with mule
Govind Mulinti
 
PPTX
What is an API Gateway?
LunchBadger
 
PDF
A Decade of Microservices
Ruman Khan
 
PDF
Architecting SaaS
AxEdge Consulting
 
PDF
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
PDF
Microservices Best Practices
Aliasgar Muchhala
 
PDF
Standard Issue: Preparing for the Future of Data Management
Inside Analysis
 
PPTX
Object Store V2 Workshop
MuleSoft
 
PPTX
Introduction to Mulesoft
venkata20k
 
PDF
What's New with Anypoint Platform? Unified Platform Management
MuleSoft
 
PDF
MuleSoft Surat Virtual Meetup#20 - Unleash the power of Anypoint DataGraph
Jitendra Bafna
 
PPTX
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Ricardo Rodríguez
 
PDF
Deep-dive into Microservice Outer Architecture
WSO2
 
PPTX
Microservices with .Net - NDC Sydney, 2016
Richard Banks
 
PDF
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
WSO2
 
PDF
Microservices & anypoint service mesh calgary mule soft meetup
Jimmy Attia
 
Online Meetup - MuleSoft - June 2020
Royston Lobo
 
Service Mesh - Why? How? What?
Orkhan Gasimov
 
How to migrate an application in IBM APIc, and preserve its client credential
Shiu-Fun Poon
 
Integration patterns and practices for cloud and mobile computing
SHAKIL AKHTAR
 
Microservices with mule
Govind Mulinti
 
What is an API Gateway?
LunchBadger
 
A Decade of Microservices
Ruman Khan
 
Architecting SaaS
AxEdge Consulting
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
Microservices Best Practices
Aliasgar Muchhala
 
Standard Issue: Preparing for the Future of Data Management
Inside Analysis
 
Object Store V2 Workshop
MuleSoft
 
Introduction to Mulesoft
venkata20k
 
What's New with Anypoint Platform? Unified Platform Management
MuleSoft
 
MuleSoft Surat Virtual Meetup#20 - Unleash the power of Anypoint DataGraph
Jitendra Bafna
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Ricardo Rodríguez
 
Deep-dive into Microservice Outer Architecture
WSO2
 
Microservices with .Net - NDC Sydney, 2016
Richard Banks
 
WSO2Con EU 2016: Identity Management – A Cornerstone for the Connected Enter...
WSO2
 
Microservices & anypoint service mesh calgary mule soft meetup
Jimmy Attia
 
Ad

Similar to Building a microservice architecture for a 100mio# revenue company (20)

PPT
O2 Presentation Sdp Event
jameskenney
 
PPT
Ws Soa V6 Theory And Practice
Pini Cohen
 
PPTX
Over view of software artitecture
ABDEL RAHMAN KARIM
 
PPTX
Microservices
Ramesh (@Mavuluri)
 
PPT
Reqs analysis
Dr. C.V. Suresh Babu
 
PPTX
Microservices architecture
Faren faren
 
PPT
Symantec I3 Presentation
sebastian.guerrero
 
PPTX
Agile Gurugram 2023 | Observability for Modern Applications. How does it help...
AgileNetwork
 
PPTX
Observability for Application Developers (1)-1.pptx
OpsTree solutions
 
PDF
An Introduction to Microservices
Ad van der Veer
 
PPTX
Kafka/SMM Crash Course
DataWorks Summit
 
PPTX
Patterns&Antipatternsof SOA
Mohamed Samy
 
PPTX
N - Tier Applications, Enterprise Java Beans, Component technologies
Martin A
 
PPTX
PM Club session 6
Prateek Parashar
 
PDF
cahier des charges(1) (1).pdf du platform e-commerce
mohamedjawharchahed
 
PDF
Introduction to Event-Driven Architecture
Solace
 
DOC
Resumeupdated
venkatanarayanavudugundla
 
DOC
Resumeupdated
venkatanarayanavudugundla
 
PPTX
WEB API Gateway
Kumaresh Chandra Baruri
 
PDF
Data Microservices with Spring Cloud
Orkhan Gasimov
 
O2 Presentation Sdp Event
jameskenney
 
Ws Soa V6 Theory And Practice
Pini Cohen
 
Over view of software artitecture
ABDEL RAHMAN KARIM
 
Microservices
Ramesh (@Mavuluri)
 
Reqs analysis
Dr. C.V. Suresh Babu
 
Microservices architecture
Faren faren
 
Symantec I3 Presentation
sebastian.guerrero
 
Agile Gurugram 2023 | Observability for Modern Applications. How does it help...
AgileNetwork
 
Observability for Application Developers (1)-1.pptx
OpsTree solutions
 
An Introduction to Microservices
Ad van der Veer
 
Kafka/SMM Crash Course
DataWorks Summit
 
Patterns&Antipatternsof SOA
Mohamed Samy
 
N - Tier Applications, Enterprise Java Beans, Component technologies
Martin A
 
PM Club session 6
Prateek Parashar
 
cahier des charges(1) (1).pdf du platform e-commerce
mohamedjawharchahed
 
Introduction to Event-Driven Architecture
Solace
 
Resumeupdated
venkatanarayanavudugundla
 
Resumeupdated
venkatanarayanavudugundla
 
WEB API Gateway
Kumaresh Chandra Baruri
 
Data Microservices with Spring Cloud
Orkhan Gasimov
 
Ad

Recently uploaded (20)

PPTX
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
PDF
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
PDF
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
PPTX
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
PDF
Protecting the Digital World Cyber Securit
dnthakkar16
 
PDF
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
PDF
Bandai Playdia The Book - David Glotz
BluePanther6
 
DOCX
Can You Build Dashboards Using Open Source Visualization Tool.docx
Varsha Nayak
 
PDF
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
PDF
Immersive experiences: what Pharo users do!
ESUG
 
PPTX
Presentation about Database and Database Administrator
abhishekchauhan86963
 
PPTX
Explanation about Structures in C language.pptx
Veeral Rathod
 
PPTX
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
PPTX
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
PDF
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
PPTX
Presentation about variables and constant.pptx
safalsingh810
 
PDF
New Download FL Studio Crack Full Version [Latest 2025]
imang66g
 
PDF
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
PPTX
Role Of Python In Programing Language.pptx
jaykoshti048
 
PDF
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 
ConcordeApp: Engineering Global Impact & Unlocking Billions in Event ROI with AI
chastechaste14
 
New Download MiniTool Partition Wizard Crack Latest Version 2025
imang66g
 
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
TRAVEL APIs | WHITE LABEL TRAVEL API | TOP TRAVEL APIs
philipnathen82
 
Protecting the Digital World Cyber Securit
dnthakkar16
 
vAdobe Premiere Pro 2025 (v25.2.3.004) Crack Pre-Activated Latest
imang66g
 
Bandai Playdia The Book - David Glotz
BluePanther6
 
Can You Build Dashboards Using Open Source Visualization Tool.docx
Varsha Nayak
 
MiniTool Power Data Recovery Crack New Pre Activated Version Latest 2025
imang66g
 
Immersive experiences: what Pharo users do!
ESUG
 
Presentation about Database and Database Administrator
abhishekchauhan86963
 
Explanation about Structures in C language.pptx
Veeral Rathod
 
Contractor Management Platform and Software Solution for Compliance
SHEQ Network Limited
 
Odoo Integration Services by Candidroot Solutions
CandidRoot Solutions Private Limited
 
Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19
CandidRoot Solutions Private Limited
 
Presentation about variables and constant.pptx
safalsingh810
 
New Download FL Studio Crack Full Version [Latest 2025]
imang66g
 
WatchTraderHub - Watch Dealer software with inventory management and multi-ch...
WatchDealer Pavel
 
Role Of Python In Programing Language.pptx
jaykoshti048
 
Salesforce Implementation Services Provider.pdf
VALiNTRY360
 

Building a microservice architecture for a 100mio# revenue company

  • 1. Lessons learned when building a microservice architecture for a 100mio+ revenue company 28.04.2017
  • 2. ???
  • 3. Summary – Takeaways 1. Microservices are no silver bullet! 2. Microservices come with a lot of complexity that you don’t see at the first glance! 3. Microservices are a tool. Check if it is the right one!
  • 4. About me  Stephan Schulze  CTO@Project A  [email protected]  https://www.linkedin.com/in/stephan-schulze-24115957/  https://twitter.com/nahpeps  https://insights.project-a.com/tagged/tech
  • 6. Introduction – Overview  Developing a new eCommerce Platform based on a microservice architecture  Current KPIs:  Revenue: > 100mio€/year  SKUs: 500k  Expected KPIs:  Revenue: > 200mio€/year  SKUs: 1.5mio  General Expectations:  Scalable, flexible, developed inhouse  Should allow to run different business models in parallel  Should be suitable for online and offline sales
  • 7. Introduction – Our stack  Infrastructure Stack:  AWS  Terraform  Kubernetes  Docker  Application Stack:  Java  PHP  Nginx  Tomcat  PostgreSql  Redis  …
  • 9. Introduction – A common understanding of microservices Microservices are a distributed System Characteristics:  isolated vertical infrastructure for each service  communication only via APIs  no referential integrity across services  each service serves one business domain  Service provides its own HTML (Customer Facing and Backoffice)
  • 10. Introduction – The abstract architecture R o u t i n g / R e n d e r i n g S1 S5 S2 S6 S4 S7 S9 S3 S8
  • 13. Challenge – Preparation  Think about and define basic parameters for your system  Communication formats (Language; Protocol; Message Formats; Error Handling, …)  Security Model  Notifications and Configuration Mgmt.  API Versioning  Deployments  Document your results
  • 15. Challenge – Preparation – Examples  API Request with Success:
  • 16. Challenge – Preparation – Examples  API Request with Error:
  • 17. Challenge – Preparation – Examples  API-Versioning
  • 18. Challenge – Preparation – Examples  Documentation
  • 19. Challenge – Preparation – Takeaways 1. You will not be prepared enough! 2. Build PoC application infrastructure and test it. 3. Have a common understanding and documentation.
  • 21. Challenge – Global data types  Rare changing data:  Countries  Languages  Currencies  can be part of the service  should be cached  Often changing data  User/Customer Sessions  Tracking  Must not be part of the service  Must not be cached  Regular changing data  URLs  Configurations  Permissions  should not be part of the service  should be cached
  • 23. Challenge – Global data – How we share it  Rare/Regular changing data is:  Provided by a central registry  Cached in the service  Updated via deployment and notification  Often changing data is:  Part of the request/response of a service call
  • 24. Challenge – Global data – Example: Session Data  Routing/Rendering Service is session data master R o u t i n g / R e n d e r i n g S1 S5 S2 S6 S4 S7 S9 S3 S8
  • 25. Challenge – Global data – Example: Session Data  Routing/Rendering Service is session data master  Each service has its namespace in the session  There is a global part in the session which is well defined  Session data is part of the request header, including:  Global part  Service specific part  Updates to the session are part of the response of a service request  Problem:  Inconsistent Global Data in two different services
  • 26. {{Header}} {{Content}} Template1 Routing/Rendering Challenge – Global data – Example: Session Data S1 S2 /url123 URL Template /url123 Template1 /url1234 Template2 … … URL Placeholder Service Endpoint /url123 Header S1 /header /url123 Content S2 /customer/login … … /header /customer/login  Problem: Inconsistent Global Data in two different services
  • 27. Challenge – Global Data – Takeaways 1. Independent of what others say: There will be global data and you will depend on it. 2. Thinking about different data types and the best implementation approach early, helps a lot!
  • 29. Challenge – Security  Rule #1: Don’t trust anybody else  Roles and Permissions  Must be part of your architecture from day one  Tokens (e.g. JWT) or similar approaches are best practice  token can contain permissions already OR  Permissions can be provided by a central registry  Each service must care about its own security
  • 31. Challenge – Security – Example: API Permissions
  • 32. Challenge – Security – Example: Permissions – Grants  Permissions are not only for users but also for services
  • 33. Challenge – Security – Token (in)validation  How do I know whether a Token is still valid?  Two approaches: 1. Authorize Token on every call 2. Cache permissions and token locally  We go for approach 2  If permissions behind a token changes or token becomes invalid  Whole system is notified  every Service must take care on its own
  • 34. Challenge – Security – Example: Permissions at S2S calls  Situation  User registers new Customer in Backoffice (via CustomerService)  Registration requires Discount creation (DiscountService)  Registrations requires sending a Welcome Mail with Discount (via Mailservice)  Case 1: User Token is used for subsequent calls  User must have permission to create Discounts and send welcome Mails also  Case 2: CustomerService Token is used for subsequent calls  User must have permission to create Customer  CustomerService must have permissions to do all business steps
  • 35. Challenge – Security – Takeaways 1. Security is crucial 2. Use tokens (and think about how to authorize and invalidate them) 3. Take care of a chain of rights
  • 37. Challenge – Versioning  What need to be versioned?  Whole services  Service APIs  Service Frontends and so Assets, Sessions, Permissions, …  Things get more complicated:  Services must provide more than one API version at once  Different API Versions of a Service can have a dependency to different API Versions of other services  Different API Versions will operate on the same database
  • 39. Challenge – Versioning – our Approach for APIs  API Version is part of the request header  One Service release must support multiple API/Frontend versions  Every service expose the API versions it offers and it consumes (in code)
  • 40. Challenge – Versioning – our Approach for APIs  How does that look at runtime? Release 1 API: 1.2.3 Release 2 API: 1.2.3 API: 2.0.0 Release 3 API: 1.2.3 API: 2.0.0 API: 2.1.0
  • 41. Challenge – Versioning – our Approach for APIs Release 3 API: 1.2.3 API: 2.0.0 API: 2.1.0 X-Api-Version: 1.2 X-Api-Version-Used: 1.2.3 X-Api-Version: 1.2.3 X-Api-Version-Used: 1.2.3 X-Api-Version: 2 X-Api-Version-Used: 2.1.0 X-Api-Version: 3.1.0 ERROR
  • 42. Challenge – Versioning – Takeaways 1. Versioning is a pain but necessary 2. A lot parts in the application can/should/must be versioned 3. Validating API/Service dependencies should happen before deployment
  • 44. Challenge – Logging – Areas  Infrastructure centric: everything necessary to run a service (Docker, Kubernetes, …)  Service centric: everything that is related to a specific service (Webserver, ApplicationEngine)  Application centric: everything that is related to the application itself (Exceptions, Warnings, Notices, …)  Major Question: How should be logged and what?
  • 46. Challenge – Logging – Our stack  Logs are going to stdout  Using Fluentd as logshipper to elasticsearch setup  Why not logstash?  Much faster ramp up  Native kubernetes integration  Each log entry includes:  Instance-Id (always)  Service release (if available)  API-Version (if available)  Correlation-Id (if available)  Visitor-Id (if available)
  • 47. Challenge – Logging – Correlation and Visitor Id  Correlation Id  forwarded by each service or created if none is available  See the way of a request through the whole application  Is valid for one request  Visitor Id  forwarded by each service if received  Group all calls of a specific User/Customer  Stored at the User/Customer for longterm usage
  • 48. Challenge – Logging – Correlation and Visitor Id
  • 49. Challenge – Logging – Takeaways 1. You need to know everything! 2. Infrastructure vs. Applications vs. Request Logs  each of them matter 3. Using Correlation-Ids and Visitor-Ids is recommended 4. Service-Identifier, -release, -instance and API Version must be part of every application log entry
  • 51. I could continue for a while…
  • 52. The question is still…
  • 54. Contact Stephan Schulze CTO Project A Services GmbH & Co. KG Julie-Wolfthorn-Str. 1 10115 Berlin Tel: + 49 30 340 606 300 Fax: + 49 30 340 606 399 [email protected] www.project-a.com facebook.com/projectaberlin twitter.com/projectacom