Building Microservices, 2nd Edition

Book description

As organizations shift from monolithic applications to smaller, self-contained microservices, distributed systems have become more fine-grained. But developing these new systems brings its own host of problems. This expanded second edition takes a holistic view of topics that you need to consider when building, managing, and scaling microservices architectures.

Through clear examples and practical advice, author Sam Newman gives everyone from architects and developers to testers and IT operators a firm grounding in the concepts. You'll dive into the latest solutions for modeling, integrating, testing, deploying, and monitoring your own autonomous services. Real-world cases reveal how organizations today manage to get the most out of these architectures.

Microservices technologies continue to move quickly. This book brings you up to speed.

  • Get new information on user interfaces, container orchestration, and serverless
  • Align system design with your organization's goals
  • Explore options for integrating a service with your system
  • Understand how to independently deploy microservices
  • Examine the complexities of testing and monitoring distributed services
  • Manage security with expanded content around user-to-service and service-to-service models

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. Who Should Read This Book
    2. Why I Wrote This Book
    3. What’s Changed Since the First Edition?
    4. Navigating This Book
      1. Part I, “Foundation”
      2. Part II, “Implementation”
      3. Part III, “People”
    5. Conventions Used in This Book
    6. O’Reilly Online Learning
    7. How to Contact Us
    8. Acknowledgments
  2. I. Foundation
  3. 1. What Are Microservices?
    1. Microservices at a Glance
    2. Key Concepts of Microservices
      1. Independent Deployability
      2. Modeled Around a Business Domain
      3. Owning Their Own State
      4. Size
      5. Flexibility
      6. Alignment of Architecture and Organization
    3. The Monolith
      1. The Single-Process Monolith
      2. The Modular Monolith
      3. The Distributed Monolith
      4. Monoliths and Delivery Contention
      5. Advantages of Monoliths
    4. Enabling Technology
      1. Log Aggregation and Distributed Tracing
      2. Containers and Kubernetes
      3. Streaming
      4. Public Cloud and Serverless
    5. Advantages of Microservices
      1. Technology Heterogeneity
      2. Robustness
      3. Scaling
      4. Ease of Deployment
      5. Organizational Alignment
      6. Composability
    6. Microservice Pain Points
      1. Developer Experience
      2. Technology Overload
      3. Cost
      4. Reporting
      5. Monitoring and Troubleshooting
      6. Security
      7. Testing
      8. Latency
      9. Data Consistency
    7. Should I Use Microservices?
      1. Whom They Might Not Work For
      2. Where They Work Well
    8. Summary
  4. 2. How to Model Microservices
    1. Introducing MusicCorp
    2. What Makes a Good Microservice Boundary?
      1. Information Hiding
      2. Cohesion
      3. Coupling
      4. The Interplay of Coupling and Cohesion
    3. Types of Coupling
      1. Domain Coupling
      2. Pass-Through Coupling
      3. Common Coupling
      4. Content Coupling
    4. Just Enough Domain-Driven Design
      1. Ubiquitous Language
      2. Aggregate
      3. Bounded Context
      4. Mapping Aggregates and Bounded Contexts to Microservices
      5. Event Storming
    5. The Case for Domain-Driven Design for Microservices
    6. Alternatives to Business Domain Boundaries
      1. Volatility
      2. Data
      3. Technology
      4. Organizational
    7. Mixing Models and Exceptions
    8. Summary
  5. 3. Splitting the Monolith
    1. Have a Goal
    2. Incremental Migration
    3. The Monolith Is Rarely the Enemy
      1. The Dangers of Premature Decomposition
    4. What to Split First?
    5. Decomposition by Layer
      1. Code First
      2. Data First
    6. Useful Decompositional Patterns
      1. Strangler Fig Pattern
      2. Parallel Run
      3. Feature Toggle
    7. Data Decomposition Concerns
      1. Performance
      2. Data Integrity
      3. Transactions
      4. Tooling
      5. Reporting Database
    8. Summary
  6. 4. Microservice Communication Styles
    1. From In-Process to Inter-Process
      1. Performance
      2. Changing Interfaces
      3. Error Handling
    2. Technology for Inter-Process Communication: So Many Choices
    3. Styles of Microservice Communication
      1. Mix and Match
    4. Pattern: Synchronous Blocking
      1. Advantages
      2. Disadvantages
      3. Where to Use It
    5. Pattern: Asynchronous Nonblocking
      1. Advantages
      2. Disadvantages
      3. Where to Use It
    6. Pattern: Communication Through Common Data
      1. Implementation
      2. Advantages
      3. Disadvantages
      4. Where to Use It
    7. Pattern: Request-Response Communication
      1. Implementation: Synchronous Versus Asynchronous
      2. Where to Use It
    8. Pattern: Event-Driven Communication
      1. Implementation
      2. What’s in an Event?
      3. Where to Use It
    9. Proceed with Caution
    10. Summary
  7. II. Implementation
  8. 5. Implementing Microservice Communication
    1. Looking for the Ideal Technology
      1. Make Backward Compatibility Easy
      2. Make Your Interface Explicit
      3. Keep Your APIs Technology Agnostic
      4. Make Your Service Simple for Consumers
      5. Hide Internal Implementation Detail
    2. Technology Choices
      1. Remote Procedure Calls
      2. REST
      3. GraphQL
      4. Message Brokers
    3. Serialization Formats
      1. Textual Formats
      2. Binary Formats
    4. Schemas
      1. Structural Versus Semantic Contract Breakages
      2. Should You Use Schemas?
    5. Handling Change Between Microservices
    6. Avoiding Breaking Changes
      1. Expansion Changes
      2. Tolerant Reader
      3. Right Technology
      4. Explicit Interface
      5. Catch Accidental Breaking Changes Early
    7. Managing Breaking Changes
      1. Lockstep Deployment
      2. Coexist Incompatible Microservice Versions
      3. Emulate the Old Interface
      4. Which Approach Do I Prefer?
      5. The Social Contract
      6. Tracking Usage
      7. Extreme Measures
    8. DRY and the Perils of Code Reuse in a Microservice World
      1. Sharing Code via Libraries
    9. Service Discovery
      1. Domain Name System (DNS)
      2. Dynamic Service Registries
      3. Don’t Forget the Humans!
    10. Service Meshes and API Gateways
      1. API Gateways
      2. Service Meshes
      3. What About Other Protocols?
    11. Documenting Services
      1. Explicit Schemas
      2. The Self-Describing System
    12. Summary
  9. 6. Workflow
    1. Database Transactions
      1. ACID Transactions
      2. Still ACID, but Lacking Atomicity?
    2. Distributed Transactions—Two-Phase Commits
    3. Distributed Transactions—Just Say No
    4. Sagas
      1. Saga Failure Modes
      2. Implementing Sagas
      3. Sagas Versus Distributed Transactions
    5. Summary
  10. 7. Build
    1. A Brief Introduction to Continuous Integration
      1. Are You Really Doing CI?
      2. Branching Models
    2. Build Pipelines and Continuous Delivery
      1. Tooling
      2. Trade-Offs and Environments
      3. Artifact Creation
    3. Mapping Source Code and Builds to Microservices
      1. One Giant Repo, One Giant Build
      2. Pattern: One Repository per Microservice (aka Multirepo)
      3. Pattern: Monorepo
      4. Which Approach Would I Use?
    4. Summary
  11. 8. Deployment
    1. From Logical to Physical
      1. Multiple Instances
      2. The Database
      3. Environments
    2. Principles of Microservice Deployment
      1. Isolated Execution
      2. Focus on Automation
      3. Infrastructure as Code (IAC)
      4. Zero-Downtime Deployment
      5. Desired State Management
    3. Deployment Options
      1. Physical Machines
      2. Virtual Machines
      3. Containers
      4. Application Containers
      5. Platform as a Service (PaaS)
      6. Function as a Service (FaaS)
    4. Which Deployment Option Is Right for You?
    5. Kubernetes and Container Orchestration
      1. The Case for Container Orchestration
      2. A Simplified View of Kubernetes Concepts
      3. Multitenancy and Federation
      4. The Cloud Native Computing Federation
      5. Platforms and Portability
      6. Helm, Operators, and CRDs, Oh My!
      7. And Knative
      8. The Future
      9. Should You Use It?
    6. Progressive Delivery
      1. Separating Deployment from Release
      2. On to Progressive Delivery
      3. Feature Toggles
      4. Canary Release
      5. Parallel Run
    7. Summary
  12. 9. Testing
    1. Types of Tests
    2. Test Scope
      1. Unit Tests
      2. Service Tests
      3. End-to-End Tests
      4. Trade-Offs
    3. Implementing Service Tests
      1. Mocking or Stubbing
      2. A Smarter Stub Service
    4. Implementing (Those Tricky) End-to-End Tests
      1. Flaky and Brittle Tests
      2. Who Writes These End-to-End Tests?
      3. How Long Should End-to-End Tests Run?
      4. The Great Pile-Up
      5. The Metaversion
      6. Lack of Independent Testability
    5. Should You Avoid End-to-End Tests?
      1. Contract Tests and Consumer-Driven Contracts (CDCs)
      2. The Final Word
    6. Developer Experience
    7. From Preproduction to In-Production Testing
      1. Types of In-Production Testing
      2. Making Testing in Production Safe
      3. Mean Time to Repair over Mean Time Between Failures?
    8. Cross-Functional Testing
      1. Performance Tests
      2. Robustness Tests
    9. Summary
  13. 10. From Monitoring to Observability
    1. Disruption, Panic, and Confusion
    2. Single Microservice, Single Server
    3. Single Microservice, Multiple Servers
    4. Multiple Services, Multiple Servers
    5. Observability Versus Monitoring
      1. The Pillars of Observability? Not So Fast
    6. Building Blocks for Observability
      1. Log Aggregation
      2. Metrics Aggregation
      3. Distributed Tracing
      4. Are We Doing OK?
      5. Alerting
      6. Semantic Monitoring
      7. Testing in Production
    7. Standardization
    8. Selecting Tools
      1. Democratic
      2. Easy to Integrate
      3. Provide Context
      4. Real-Time
      5. Suitable for Your Scale
    9. The Expert in the Machine
    10. Getting Started
    11. Summary
  14. 11. Security
    1. Core Principles
      1. Principle of Least Privilege
      2. Defense in Depth
      3. Automation
      4. Build Security into the Delivery Process
    2. The Five Functions of Cybersecurity
      1. Identify
      2. Protect
      3. Detect
      4. Respond
      5. Recover
    3. Foundations of Application Security
      1. Credentials
      2. Patching
      3. Backups
      4. Rebuild
    4. Implicit Trust Versus Zero Trust
      1. Implicit Trust
      2. Zero Trust
      3. It’s a Spectrum
    5. Securing Data
      1. Data in Transit
      2. Data at Rest
    6. Authentication and Authorization
      1. Service-to-Service Authentication
      2. Human Authentication
      3. Common Single Sign-On Implementations
      4. Single Sign-On Gateway
      5. Fine-Grained Authorization
      6. The Confused Deputy Problem
      7. Centralized, Upstream Authorization
      8. Decentralizing Authorization
      9. JSON Web Tokens
    7. Summary
  15. 12. Resiliency
    1. What Is Resiliency?
      1. Robustness
      2. Rebound
      3. Graceful Extensibility
      4. Sustained Adaptability
      5. And Microservice Architecture
    2. Failure Is Everywhere
    3. How Much Is Too Much?
    4. Degrading Functionality
    5. Stability Patterns
      1. Time-Outs
      2. Retries
      3. Bulkheads
      4. Circuit Breakers
      5. Isolation
      6. Redundancy
      7. Middleware
      8. Idempotency
    6. Spreading Your Risk
    7. CAP Theorem
      1. Sacrificing Consistency
      2. Sacrificing Availability
      3. Sacrificing Partition Tolerance?
      4. AP or CP?
      5. It’s Not All or Nothing
      6. And the Real World
    8. Chaos Engineering
      1. Game Days
      2. Production Experiments
      3. From Robustness to Beyond
    9. Blame
    10. Summary
  16. 13. Scaling
    1. The Four Axes of Scaling
      1. Vertical Scaling
      2. Horizontal Duplication
      3. Data Partitioning
      4. Functional Decomposition
    2. Combining Models
    3. Start Small
    4. Caching
      1. For Performance
      2. For Scale
      3. For Robustness
      4. Where to Cache
      5. Invalidation
      6. The Golden Rule of Caching
      7. Freshness Versus Optimization
      8. Cache Poisoning: A Cautionary Tale
    5. Autoscaling
    6. Starting Again
    7. Summary
  17. III. People
  18. 14. User Interfaces
    1. Toward Digital
    2. Ownership Models
      1. Drivers for Dedicated Frontend Teams
    3. Toward Stream-Aligned Teams
      1. Sharing Specialists
      2. Ensuring Consistency
      3. Working Through Technical Challenges
    4. Pattern: Monolithic Frontend
      1. When to Use It
    5. Pattern: Micro Frontends
      1. Implementation
      2. When to Use It
    6. Pattern: Page-Based Decomposition
      1. Where to Use It
    7. Pattern: Widget-Based Decomposition
      1. Implementation
      2. When to Use It
    8. Constraints
    9. Pattern: Central Aggregating Gateway
      1. Ownership
      2. Different Types of User Interfaces
      3. Multiple Concerns
      4. When to Use It
    10. Pattern: Backend for Frontend (BFF)
      1. How Many BFFs?
      2. Reuse and BFFs
      3. BFFs for Desktop Web and Beyond
      4. When to Use
    11. GraphQL
    12. A Hybrid Approach
    13. Summary
  19. 15. Organizational Structures
    1. Loosely Coupled Organizations
    2. Conway’s Law
      1. Evidence
    3. Team Size
    4. Understanding Conway’s Law
    5. Small Teams, Large Organization
    6. On Autonomy
    7. Strong Versus Collective Ownership
      1. Strong Ownership
      2. Collective Ownership
      3. At a Team Level Versus an Organizational Level
      4. Balancing Models
    8. Enabling Teams
      1. Communities of Practice
      2. The Platform
    9. Shared Microservices
      1. Too Hard to Split
      2. Cross-Cutting Changes
      3. Delivery Bottlenecks
    10. Internal Open Source
      1. Role of the Core Committers
      2. Maturity
      3. Tooling
    11. Pluggable, Modular Microservices
      1. Change Reviews
    12. The Orphaned Service
    13. Case Study: realestate.com.au
    14. Geographical Distribution
    15. Conway’s Law in Reverse
    16. People
    17. Summary
  20. 16. The Evolutionary Architect
    1. What’s in a Name?
    2. What Is Software Architecture?
    3. Making Change Possible
    4. An Evolutionary Vision for the Architect
    5. Defining System Boundaries
    6. A Social Construct
    7. Habitability
    8. A Principled Approach
      1. Strategic Goals
      2. Principles
      3. Practices
      4. Combining Principles and Practices
      5. A Real-World Example
    9. Guiding an Evolutionary Architecture
    10. Architecture in a Stream-Aligned Organization
    11. Building a Team
    12. The Required Standard
      1. Monitoring
      2. Interfaces
      3. Architectural Safety
    13. Governance and the Paved Road
      1. Exemplars
      2. Tailored Microservice Template
      3. The Paved Road at Scale
    14. Technical Debt
    15. Exception Handling
    16. Summary
  21. Afterword: Bringing It All Together
    1. What Are Microservices?
    2. Moving to Microservices
    3. Communication Styles
    4. Workflow
    5. Build
    6. Deployment
    7. Testing
    8. Monitoring and Observability
    9. Security
    10. Resiliency
    11. Scaling
    12. User Interfaces
    13. Organization
    14. Architecture
    15. Further Reading
    16. Looking Forward
    17. Final Words
  22. Bibliography
  23. Glossary
  24. Index
  25. About the Author

Product information

  • Title: Building Microservices, 2nd Edition
  • Author(s): Sam Newman
  • Release date: August 2021
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492034025