Microservices Development Cookbook
eBook - ePub

Microservices Development Cookbook

Design and build independently deployable, modular services

Paul Osman

Compartir libro
  1. 260 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Microservices Development Cookbook

Design and build independently deployable, modular services

Paul Osman

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Quickly learn and employ practical methods for developing microservices

Key Features

  • Get to grips with microservice architecture to build enterprise-ready applications
  • Adopt the best practices to find solutions to specific problems
  • Monitor and manage your services in production

Book Description

Microservices have become a popular way to build distributed systems that power modern web and mobile apps. Deploying your application as a suite of independently deployable, modular, and scalable services has many benefits. In this book, you'll learn to employ microservices in order to make your application more fault-tolerant and easier to scale and change.

Using an example-driven approach, Microservice Development Cookbook introduces you to the microservice architectural style. You'll learn how to transition from a traditional monolithic application to a suite of small services that interact to provide smooth functionality to your client applications. You'll also learn about the patterns used to organize services, so you can optimize request handling and processing and see how to handle service-to-service interactions. You'll then move on to understanding how to secure microservices and add monitoring in order to debug problems. This book also covers fault-tolerance and reliability patterns that help you use microservices to isolate failures in your applications.

By the end of the book, you'll be able to work with a team to break a large, monolithic codebase into independently deployable and scalable microservices. You'll also study how to efficiently and effortlessly manage a microservice-based architecture.

What you will learn

  • Learn how to design microservice-based systems
  • Create services that fail without impacting users
  • Monitor your services to perform debugging and create observable systems
  • Manage the security of your services
  • Create fast and reliable deployment pipelines
  • Manage multiple environments for your services
  • Simplify the local development of microservice-based systems

Who this book is for

Microservice Development Cookbook is for developers who would like to build effective and scalable microservices. Basic knowledge of the microservices architecture is assumed.

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Microservices Development Cookbook un PDF/ePUB en línea?
Sí, puedes acceder a Microservices Development Cookbook de Paul Osman en formato PDF o ePUB, así como a otros libros populares de Informatique y Programmation. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Packt Publishing
Año
2018
ISBN
9781788476362
Edición
1
Categoría
Informatique
Categoría
Programmation

Security

In this chapter, we will cover the following recipes:
  • Authenticating your microservices
  • Securing containers
  • Secure configuration
  • Secure logging
  • Infrastructure as Code

Introduction

As with many of the topics covered in this book, security in a microservice architecture is about trade-offs. In a microservice architecture, individual code bases have limited responsibilities. If an attacker is able to compromise a single running service, they will only be able to perform actions that are governed by that particular microservice. The distributed nature of a microservice architecture, however, means that there are more targets for an attacker to potentially exploit in services running in separate clusters. The network traffic between those clusters, including traffic between edge services and internal services, presents many opportunities for an attacker to discover vulnerabilities.
Because of the distributed nature of microservice architectures, network topology must be considered when configuring how services are able to communicate with one another. This concern exists in monolithic code bases as well, where a running instance of a single code base needs to communicate over the network with database servers, caches, load balancers, and so on. It could be argued that microservice architectures make these challenges more obvious and therefore force engineers to consider them earlier.
Security is a big topic. This chapter will discuss a number of good practices to consider when building, deploying, and operating microservices, but it's important to note that this is not an exhaustive list of considerations. Good API practices and defense in depth should be considered when developing any system and microservices are no exception. I heartily recommend OWASP (https://www.owasp.org/index.php/Main_Page) as a resource for learning more about web application security.

Authenticating your microservices

In Chapter 1, Breaking the Monolith, we introduced a Ruby on Rails code base that powers our fictional image-sharing application, pichat. The Rails code base authenticates each request by inspecting the Authorization header. If the header is present, the application attempts to decode it using a shared secret read from an environment variable (see the Secure configuration recipe). If the token provided in the Authorization header is valid, the decoded value contains contextual information about the user, including the user ID. That information is then used to retrieve the user from the database so that the application has context on the user making the request. If the Authorization header is missing or cannot be decoded successfully, the application raises an exception and returns an HTTP 401 to the caller, including an error message. In order to obtain a token to include in the Authorization header, a client application can send a POST request to the /auth/login endpoint with valid user credentials. The following CURL commands demonstrate this flow:
$ curl -D - -X POST http://localhost:9292/auth/login -d'[email protected]&password=foobar123'

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
ETag: W/"3675d2006d59e01f8665f20ffef65fe7"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 6660a102-059f-4afe-b17c-99375db305dd
X-Runtime: 0.150903
Transfer-Encoding: chunked

{"auth_token":"eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1MzE2ODUxNjR9.vAToW_mWlOnr-GPzP79EvN62Q2MpsnLIYanz3MTbZ5Q"}
Now that we have a token, we can include it in the headers of subsequent requests:
$ curl -X POST -D - -H 'Authorization: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1MzE2ODUxNjR9.vAToW_mWlOnr-GPzP79EvN62Q2MpsnLIYanz3MTbZ5Q' http://localhost:9292/messages -d'body=Hello&user_id=1'
HTTP/1.1 201 Created
Content-Type: application/json; charset=utf-8
ETag: W/"211cdab551e63ca48de48217357f1cf7"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: 1525333c-dada-40ff-8c25-a0e7d151433c
X-Runtime: 0.019609
Transfer-Encoding: chunked

{"id":1,"body":"Hello","user_id":1,"created_at":"2018-07-14T20:08:19.369Z","updated_at":"2018-07-14T20:08:19.369Z","from_user_id":1}
Because pichat-api is a monolithic code base, it is playing many different roles to support this flow. It is acting as an Authorization service, an Authentication gateway, a user store, and an Authorization client. This kind of coupling of responsibilities is exactly what we want to avoid in a microservice architecture.
Luckily, it's easy to divide these responsibilities into separate code bases while keeping the flow the same. Encoding information in JSON Web Tokens (JWT) using a shared secret allows individual microservices to securely authenticate requests without having to make requests to a centralized authentication service for each request. Obtaining an authentication token can be the responsibility of a centralized service, but this fact can be made transparent to the client using an API Gateway or a backend for a frontend. The following diagram demonstrates how some of the responsibilities will be divided:
We will create an Authentication Service that handles user registration and exchanges credentials...

Índice