Pourquoi choisir l’architecture Microservices?

Dans la vidéo suivante, Armon Dadgar, CTO et fondateur de HashiCorp, explique pourquoi l’architecture des microservices est adaptée à de nombreuses applications lorsqu’elle est transférée vers le cloud, et souligne les nouveaux problèmes qui peuvent survenir lors du transfert d’applications vers des microservices pour les mauvaises raisons – notant que ces les problèmes ont été résolus .

En bref l’architecture  microservice permet un développement plus agile ainsi qu’une croissance rapide des applications, et avec une conception appropriée, il permettra aux développeurs de se concentrer sur le développement de leur code plutôt que sur leur infrastructure.

Dans le même temps – le passage aux microservices crée de nouveaux défis – liés à l’infrastructure; Pour la communication entre les composants; Pour la sécurité; Pour la surveillance, l’observabilité et le temps de fonctionnement.

Il est important de ne pas résoudre un seul problème (démanteler un monolithe) en créant un nouveau problème, il explique donc  les nouveaux défis dans cette  vidéo – et recommande de séparer la plate-forme (gérée par des personnes DevOps) de l’application elle-même, afin que les développeurs se concentrent uniquement sur développement, et ceux   du DevOps dans les défis de la plate-forme.

Il souligne également que certains des problèmes d’infrastructure peuvent être résolus à l’aide des outils Consul et Vault de HashiCorp.

Pour votre commodité, nous avons également ajouté le texte intégral sous la vidéo (afin que vous puissiez, par exemple, ouvrir cet article dans 2 fenêtres et écouter tout en tout lisant le texte. 

 Voir la video (10 minutes):

Nous sommes spécialisés dans le conseil dans la transition vers les microservices tant en termes d’architecture qu’en termes d’infrastructure et de DevOps, et sommes expérimentés dans le démantèlement de monolithes, dans la conception, le téléchargement de solutions de microservices vers le cloud et la conception intégrée Kubernetes et conteneurs.

ALMtoolbox est le  représentant officiel de GitLab, Hashicorp  en France et dans d’autres pays.

Contactez pour nous toute question, un devis ou même une license d’évaluation.

ALMtoolbox : 01 84 17 53 28, devops.fr@almtoolbox.com

Transcript:

Hello! Today I want to spend a little bit of time talking about why microservices?
I think you know we often talk about microservices. It’s definitely a hot buzzword today but I think it’s useful to go one level deeper in terms of why are we actually motivated to adopt a microservices architecture and what are the implications of adopting it right because I think oftentimes we might not be adopting it for the right reasons, or we’re not fully cognizant of all the implications that come with adopting a microservice architecture.

Microservices in High Level:

So maybe starting high level you know what are microservices? Why adopt them?

I think if you look at sort of the way we historically developed applications it had a bit more of a monolithic design pattern, so if we had a large application that had multiple sorts of subsystems, so it might be retail banking and you have you know your login; your balance view; you know transfers; you know bill pay let’s say, as an example, you might have had each of these were built by a different team, so each of this is a distinct application team, but ultimately they’re building pieces sort of a common app, so the challenges in this type of a setting each of the application teams had to coordinate tightly with one another:
team A couldn’t do a release without team B, C and D all being ready. so what you tend to see is a very tight sort of release train, where all the teams have to coordinate on when do you cut the release candidate; when do you do betas; how do you do integration testing you have sort of almost a waterfall development timeline that comes with this.

Monolithic design
Monolithic design

And the reason is you have this tight coupling of the organization design, you have these four different teams app teams they’re tightly coupled into the application design we’re shipping a single app but it spans multiple parts of the organization.

Scale

Now this is even relatively simpler when you only have 4 teams but for simplicity of drawing you can see how this explodes in complexity, you know as you expand and if you had to say 10 different application teams working on a common code base.
Part of the design of microservices insofar as their technology is it’s closely aligned to the organizational reality, so I think when microservices are best to use the best leverage is when you look at this organizational reality and say “what we really want to do is allow each of these application teams to work independently of one another”, so we still have these different teams but now what we’ve done is actually split them out into different unique services, so each of these is now what we might call a microservice . We took the giant monolith we decomposed it into its constituent parts but we did it in a way that’s ideally aligned to the organization itself, because the goal was what we wanted to eliminate was sort of the human cost of coordination – the cost of each of these app teams having to talk to one another constantly, having to figure out “okay can I cut a release because I have a bug in system A, but code base for B is not ready to go out”? etc.

When microservices are best used?

So this is when I think microservices are best used. When you have this larger organization you have many different teams that need to work together on a common code base, and you can decompose such that each of them now has their own schedule. So if A has has a bug they can deploy without needing to tightly coordinate with B, C and D. Now in reality there’s no free lunch, right? so you know the human cost of coordinating between these teams on a release that has to go somewhere. There still is a coordination cost – we’re just moving it around. This is okay we’re making trade-offs here so the trade-off now becomes the great if a wants to be able to deploy at any time because they’re fixing a bug or they’re adding new features. Well if they have dependencies – if B and C depend on A then they have to have an API contract. They can’t just change their API because they’re pushing out a bug fix because they’re going to break B and C.
So part of this now requires that you have a little bit more discipline a little bit more rigor in terms of how do you do things like API management. You have to
actually manage versioning; you have to have some sort of a deprecation schedule or work at least closely with your downstream to coordinate what might be a breaking change.
So in general when you’re in a mode of “I’m just fixing a bug – I’m not changing my API” that’s great. You don’t have to coordinate – you have total freedom. If I’m adding net new APIs that’s great – I don’t have to tightly coordinate.

New challenges

As you break things that’s when you still need to have some of that coordination or you need to have you know a well-known policy of how you do it: you add new features you have a deprecation period B and C can update independently and you know move to the newer API as an example.
Now at the same time you also inherit a set of operational challenges when you go to microservices.
Here by virtue of deploying this as a single monolithic application, if A needed to interact with D – this is an in memory function call. We don’t have to worry about networks. We don’t have to worry about authentication or authorization or all the challenges that come with now becoming a distributed system, so I think as you move into this world you inherit a bunch of challenges. Part of them around things like “how did these pieces discover and network to one another” so if A needs to communicate to D “how do we do that discovery?”

Networking challenges

So there’s a whole set of service networking challenges that we need to look at
so when you talk about service networking. The most basic initial challenge is how do you just do Discovery?
so A needs to find D somehow to be able to route to it – this is piece one.
I think especially as we move to a more sort of secure posture we don’t want any app to be able to call any app you have to start to think about things like “how do I authenticate and authorize these different interactions”
so A might be allowed to talk to D but C should not be allowed to. so I need to have some way to authenticate to note is my caller A as my caller B as my caller C that’s the off end challenge.

Security challenges

Then I have an authorization challenge where I define and say “which of these sort of communications are allowed or disallowed?”.
Then as you get more sophisticated you have things like a traffic management challenge right so we talk about traffic management you might get into scenarios where you’re saying “great I’m actually running obviously multiple copies of service A. Maybe I want to send 90% of my traffic to version 1 and 10% to version 2 so I can do a canary or a blue green test before going 100 rolled out to version 2.
As you get more sophisticated, these become your sort of networking challenges that you didn’t necessarily have or at least not to the same degree when you had kind of a monolithic challenge. I think at the same time closely related to some of these pieces for example (authentication and authorization)
is things like secret management credential management if the way I’m authenticating A talking to D is I’m using a signed JWT token or I’m using a certificate that’s signed to prove my identity, well then I have a challenge of how do these applications get those certificates get those JWTs sign and verify transactions
So that’s where you typically have sort of a secret management problem as well, and so this might be something where you’re using a solution like Vault.

This might be something we’re using a solution like Consul that’s providing the networking and then like I said Vault might be providing this, but I think part of the way to think about it again coming back to this organizational challenge is the reason and the motivator to go to this kind of microservice architecture is ultimately i want to make these application teams more agile. So what I don’t want to do is burden them with all of this complexity of service networking and secret management and application deployment etc
because in some sense that’s going to take away from the original goal which is to let them focus on the application
and allow them to be more agile so I think often when you’re moving to a microservices design what’s helpful to think about is what’s the platform experience right and so what we really want ideally is that our developers are really focused on you know their source code; their application and then you know to the lightest degree possible
some additional metadata you know this might live in a manifest of sorts, right?
That describes you know what their application needs what regions it should run in upstream dependencies; configuration … things like that, and then these should really be the inputs to sort of a platform layer.

The Platform Layer

The platform layer is ultimately what should shield them from the reality of how this thing operates.
Everything below this line really becomes an operational concern.

microservices-platform-layer
Everything below the Platform line should become an operational concern

So this is where you really see teams that are successful with this you have sort of a strong notion of a platform team a central operations team that they own everything up to this line, and the developers can really focus on what matters to them — the actual app ; the lifecycle and operation of that and to the degree possible we can mask these things right The platform teams obviously then have to deal with a bunch of these pieces of you know how do we standardize things on you know infrastructure management;  provisioning how do we think about security and you know things like secret management how do we do networking you know what how’s our application runtime actually look like you know what’s our container runtime platform as an example;
you know how do we do builds; how do we do observability.

microservices-platform-layer-devops
The platform is managed by Ops

There’s a lot underneath this line, but I think if you’re going to be successful you want the platform to largely standardize these details, put that below the line making an operational problem or a platform problem and then let the developers operate at this higher level.
I think ultimately again it’s coming back to understanding what’s the organizational problem we’re trying to solve. it’s that as we scale this cost of sort of communication and coordination becomes increasingly expensive that slows down our development velocity — — versus if we can move and have tens hundreds of these teams operating in parallel and not having to tightly coordinate but instead have a set of norms around

things like API management and then allow them to operate on top of a platform that gives them that agility, then these teams can go much much faster. You could be making changes on a daily basis rather than on a quarterly basis

Epilog

Hopefully, this gave a little bit of a useful overview in terms of what microservices are and why.
What’s the organizational impact of adopting them as well as what are some of the implications as we go down this model.

Nouvel enregistrement: Webinaire Consul

La semaine dernière, nous avons accueilli John Boero de   HashiCorp, qui a présenté les nouveautés de Consul (pendant environ une demi-heure) et a également répondu aux questions posées sur le produit (pendant environ une demi-heure).

Au total, 8 questions ont été posées et il a réussi à toutes y répondre. Nous avons ajouté les questions à la fin de cet article. Nous avons édité l’enregistrement et ajouté des sous-titres à votre convenance.

consul webinar

Veuillez saisir vos coordonnées et nous vous enverrons l’enregistrement

    * Full Name

    * Work Email

    * Are you using Consul?

    Avez-vous d’autres questions sur Consul?

    Nous serons heureux de répondre – vous pouvez nous contacter pour toute question sur le produit – à la fois du point de vue technologique et en ce qui concerne les différences entre les versions, les prix et les coûts de la version Enterprise payante.

    Nous représentons officiellement la société HashiCorp et fournissons des licences, des services professionnels (y compris Kubernetes, clouds et git), l’hébergement de Vault et d’autres produits HashiCorp, y compris Terraform, Consul et Nomad.

    Pour toute question sur les licenses et les differences   un devis ou même une license d’évaluation, contactez nous :
    EGDS France – ALMtoolbox : 01 84 17 53 28, devops.fr@almtoolbox.com

     

    *** Questions posées sur Consul pendant le webinaire (réponses à tous dans l’enregistrement):

    1. Comment Consul peut-il travailler avec Vault?
    2.Quelles sont les principales différences entre Consul et Istio?
    3. Comment votre Sentinel fonctionne-t-il avec Consul?
    4. Consul m’aide-t-il à opérer un équilibrage de charge dynamique?
    5. Que manque-t-il  si j’utilise la version open source Consul au lieu de la version Entreprise?
    6. Y a-t-il une différence majeure concernant les performances lorsque 2 instances communiquent via Consul d’OpenVPN ou une autre méthode?