Microservices architecture has been gaining a lot of ground as the preferred architecture for implementing solutions, as it provides benefits like scalability, logical and physical separation, small teams managing a part of the functionality, flexibility in technology, etc. But since microservices are distributed the complexity of managing them increases. One of the key challenges is how to implement authentication and authorization in microservices so that we can manage security and access control.
Avoid extensive APIs. If the microservice is getting too complicated, then you are giving the service too much functionality. The goal is to have a series of services that can be strung together to meet the needs of future business problems.
I clearly understand that this is a not silver bullet. Clean Architecture by Robert C. Martin has a good describe base problems. Here I want to add some plus from me:
- small and single in purpose;
- communicate via technology agnostic protocols;
- support continuous integration;
- independently deployable.
Service that combines work with microservices. For more information, click here.
In this strategy, a microservice is created for the purpose of authentication. Authentication primarily involves issuing and verifying tokens. JWT (JSON Web Tokens) can be used to verify tokens without having to hit a database or other persistent storage. This means each service can verify requests on their own. Token issuing is done in the auth service, while verification is handled in every service where it’s required. A client library is usually used to share this verification functionality with all the services that need to perform authentication.
When you take a JWT from the authorization server you can use it for communicating with another service, putting token inside a request header. Or you can use the SSL certificate between microservices and left the problem of security for DevOps.
For more information, click here.
For more information, click here.
Exist a lot of ways how you can organize architecture to work with the admin panel. I have experience working with four. Taking into consideration the first of the SOLID principles (Single Responsibility Principle) on the modules level I would take for realization approach №2. On the picture use a REST for data transfer between a service but this is a detail, request/response can easily be implemented by using messaging.
For more information, click here.
Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, managed. Service provide API for easy connect and use base methods cloud or file storage.
For more information read here.
Sentry provides self-hosted and cloud-based error monitoring that helps all software teams discover, triage, and prioritize errors in real-time.
Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data.
Newman is a command-line collection runner for Postman. It allows you to effortlessly run and test a Postman Collections directly from the command-line. It is built with extensibility in mind so that you can easily integrate it with your continuous integration servers and build systems.
Run a collection using the newman image:
docker-compose run postman_checks
Swagger provides more benefits than just helping create clear API documentation for users, teams, and enterprises with the Swagger open source and professional toolset. Find out how Swagger can help you design and document your APIs at scale. Link on the official documentation you find here.
Monitoring helps me ensure that all my services in good health. For that, I use a collection of metrics, and the presentation of these metrics in a convenient form (tables, graphs, scales, notifications, reports). The more components in my system (microservices), the greater the load on it, the more expensive the downtime, the more important it is to have a good monitoring system. Prometheus is not a “set-up and works” solution. This is a platform, a set of tools that allows you to do the monitoring you need.
I host the source code for almost all of my projects on GitHub and have Travis CI run automated tests as soon as the code there is updated. This help me ensure the quality of our code and simplifies the automation of related tasks, such as releasing new versions of my software. Another advantage for me with Travis CI is that the service is free for open source projects, and most of my code is open source.
One of the most difficult things in any kind of application (not just web applications) is how to protect "secret" values. These values might be API keys, database passwords or even special bypass codes. Ideally, you're not having to define these directly in the application and can have them loaded from another source.
In PHP applications there's a common pattern to keep configuration values and access details in a .env file that resides in a place where the PHP application can reach it.
!!! Before using this technology, you need to remember about a network communication and php specification work (PHP born to die. And each request for the server will be like a new).
For more information, click here.
After using Docker in some projects, it’s amazing how much more organized and isolated the files, technologies, and resources become. The integration between containers is easy and leaves the host free of installation and setup of many languages, databases, etc. It’s easy to instantly put another project up to facilitate some specific task without a huge setup.
However, after using “Docker for Mac” for a long time, it’s clear that exists a performance issue on Mac/Windows because of the file system. Basically, in a Linux environment, Docker runs on the host without a VM (Virtual Machine), and this provides a fast response when changing/accessing files. On a Mac/Windows environment, it’s necessary to have a VM between Host and Containers, causing high latency when accessing files.
Install docker-sync gem on your machine:
gem install docker-sync
Install unison:
brew install unison
brew install eugenmayer/dockersync/unox
Two important points for docker sync works is the docker-sync.yml and docker-compose.mac.yml files.
Messaging Patterns for Event-Driven Microservices
REST vs Messaging for Microservices – Which One is Best?
Enable HTTPS on your local Docker dev environment
Dykyi Roman, e-mail: [email protected]