Availability

Cloud computing achieves high availability through redundancy. Cloud servers are not magical—they fail just like the servers in your own datacenters. But when a cloud server fails, the provider won’t have enough human resources to diagnose and fix the server problem on the fly. Instead, they’ll simply pull another server from their enormous server pool and migrate your application over, and it will continue as usual.

This means that at any time, your application might be stopped and restarted on a brand-new server instance. This raises some challenges in terms of how you design your services. For example, if you accumulate in-memory state, the state will be lost when the restart happens. If your service takes a long time to be initialized, service availability will be affected as well. Furthermore, if you save some state locally, such as by writing a file to a local drive, that state will be lost when the migration happens. Migrating state is always troublesome. Therefore, many cloud workload management systems require the applications to be stateless, which means these applications don’t save any local state to the hosting environment.

Moving application bits from one server to another takes time. If an application can be broken down into smaller pieces, moving and restoring those smaller pieces is much more efficient. Using these smaller services, sometimes referred to as microservices, is becoming the de facto way of composing applications. Microservices are usually loosely coupled, because they should remain functional as their peers are being moved and restarted.

If your service must be stateful, which means it must save some local state, the state needs to be replicated to ensure availability. In such cases, a single writer instead of multiple writers is often used to avoid data conflicts.

Elasticity

When the demands of a service exceed the capacity of the hosting server, there are two possible solutions: the service can be migrated to a more powerful server, or multiple copies of the service can be deployed to share the workload. The latter approach, which is called scaling out, is the preferred way to scale in the cloud. Because cloud providers have huge numbers of servers, a service in theory can be scaled out infinitely. On the flip side, when the workload diminishes, a service can be scaled in to release unused compute capacity. Because you pay for what you consume in the cloud, such elasticity can be a major cost saver if you have seasonal heavy loads (such as in retail businesses) or occasional spikes (such as in news businesses) in your workloads.

For simple web APIs, scaling out is relatively straightforward. This is because each web request is often self-contained, and data operations are naturally segmented by transaction scopes. For such APIs, scaling out can be as simple as adding more service instances behind a load balancer. However, not all applications are designed to be scaled out. Especially when a service assumes it has full control of the system state, multiple instances of the service may make conflicting decisions. Reconciling such conflicts is a hard problem, especially when prolonged network partitioning happens. The system is then said to have a “split brain,” which often leads to irreconcilable conflicts and data corruption.

Partitioning is an effective way to scale out a service. A large workload can often be split into multiple partitions along logical or physical boundaries, such as by customers (or tenants), business units, geographic locations, countries, or regions. Each of the partitions is a smaller system that can be scaled in or out as needed. Partitioning is especially useful when scaling a stateful service. As mentioned before, the state of a stateful service needs to be replicated to ensure availability. Partitioning controls the amount of data being replicated and allows parallel replication because all replication operations are scoped to partitions.

Partitions can be either static or dynamic. Static partitioning is easier in terms of routing, as routing rules can be predetermined. However, static partitioning may lead to unbalanced partitions, which in turn lead to problems such as overstressed hotspots and underutilized server capacity. Dynamic partitioning dynamically adjusts partitions using techniques such as consistent hashing. Dynamic partitioning usually can ensure evenly distributed workloads across partitions. However, some partition-aware routing logic is needed to route user traffic to the appropriate partitions. It’s also hard to ensure data separation, which is required by some compliance standards, on dynamic partitions. When you design your services, you need to decide on a partitioning strategy based on both your technical and nontechnical needs and stick to it, because changing partitioning strategies later is often difficult, especially when you have constant incoming data streams.

Cloud Native Applications

Cloud native applications are designed to be operated in a cloud environment. For an application to be considered “cloud native,” it should present the following characteristics:

Automatically deployable

A cloud native application can be consistently redeployed when necessary. This feature is required when automatic failover is enabled to ensure high availability. Virtualization and containerization allow applications to be packaged as self-contained packages that can be deployed on different hosting nodes without possible conflicts in external dependencies. These packages must be deployable without human intervention because the failover mechanism may get triggered at any time due to different conditions such as machine failures and compute resource rebalancing.

As mentioned previously, moving a stateless service to a new machine is simpler than moving a stateful service, and being able to launch a new service instance quickly is key to improving availability. However, being stateless is not a mandatory requirement of a cloud native application. Techniques such as partitioning enable stateful service instances to be moved efficiently as well.

Isolation among components

A component in a multicomponent cloud native application should continue to operate when other components fail. Although the component may be unable to deliver the required functionality, it should be able to restore to a fully functional state when all dependent services come back online. In other words, a failing component or a restarting component should not cause cascading errors in other components.

Such isolation is usually achieved by a combination of clearly defined APIs, client libraries with automatic retires, and loosely coupled design through messaging.

Isolation among components also means the components should be individually scalable. The consumption-based model requires cloud native application operators to fine-tune the resource consumptions of individual components to better meet the requirements with minimum resource consumption. This requires components to be adaptive to workload changes when related components are being scaled.

Cloud native applications are usually composed of microservices (in fact, the two terms are often thought of as synonymous). Despite the name, microservices don’t have to be small—the concept is all about operations. Microservices applications are isolated, consistently deployable, and easy to scale, making them ideally suited to a cloud environment.

Infrastructure Is Boring

For a cloud platform to fulfill the promise of availability and elasticity, workloads must be separated from the underlying infrastructure so that infrastructure can be mobilized as needed for common cloud operations such as failover and scaling. Infrastructural concerns should be the last thing on a developer’s mind. Projects such as Open Application Model (OAM, discussed later in this chapter) and Dapr aim at providing developers tools and abstractions so that they can design and develop applications that are agnostic to the underlying infrastructure, for both cloud and edge deployment.

Name Resolution

The first step required to invoke another service is to locate the service. Each Dapr sidecar is identified by a string ID. The task of name resolution is to map the Dapr ID to a routable address. By default, Dapr uses the Kubernetes name resolution mechanism when running on Kubernetes, and it uses multicast DNS (mDNS) while running in local mode. Dapr also allows other name resolvers to be plugged into the runtime as a component.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pythonapp
  labels:
    app: python
spec:
  replicas: 1
  selector:
    matchLabels:
      app: python
  template:
    metadata:
      labels:
        app: python
      annotations:
        dapr.io/enabled: "true"
        dapr.io/id: "pythonapp"
    spec:
      containers:
      - name: python
        image: dapriosamples/hello-k8s-python

kubectl get svc pythonapp-dapr
NAME             TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)            AGE
pythonapp-dapr   ClusterIP   10.0.79.144   <none>        80/TCP,50001/TCP   11m

kubectl apply -f https://k8s.io/examples/admin/dns/busybox.yaml
kubectl exec busybox cat /etc/resolv.conf

nameserver 10.0.0.10
search default.svc.cluster.local svc.cluster.local 
  cluster.local vvdjj2huljtelaqnqfod0pbtwh.xx.internal.cloudapp.net
options ndots:5

kubectl exec -ti busybox -- nslookup pythonapp-dapr

Server:    10.0.0.10
Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local

Name:      pythonapp-dapr
Address 1: 10.0.79.144 pythonapp-dapr.default.svc.cluster.local

Requests and Responses

Dapr forwards all request headers as well as query parameters for HTTP requests, and all metadata associated with gRPC requests. Although services can talk to Dapr through either HTTP or gRPC, Dapr sidecars always communicate with each other through gRPC. When converting an HTTP request to a gRPC request, all HTTP headers are encoded into the headers metadata element of the gRPC request. Dapr supports common HTTP verbs including GET, POST, DELETE, and PUT.

Dapr uses mutual TLS to secure communications among sidecars. Dapr sidecars authenticate with each other with sidecar-specific certificates that are rooted to a cluster-level CA (when running on Kubernetes), or a customer-supplied root certificate—see Chapter 4 for details. The communication between a service and its associated sidecar is often unprotected as the sidecar is assumed to be in the same security domain as the service, but you can configure end-to-end encryption between two services through Dapr.

Concurrency Control

The Dapr runtime supports a max-concurrency switch. When set to a positive value, this controls how many concurrent requests can be dispatched to a user service. Once the number of concurrent requests exceeds the given threshold, additional requests will be held in flight until additional processing capacity is freed up. This means a client request may time out due to a busy service.

Service Invocation Experiment

In this section, we’ll conduct a small service invocation experiment. We’ll use PHP here, but remember that you can pick any language you like; all you need to do is to write a simple web server without any Dapr-specific logic or libraries.

kubectl edit svc phpapp-dapr

service/phpapp-dapr edited

The Universal Namespace

At the time of writing, we are designing a new Dapr capability tentatively called the universal namespace. So far, Dapr name resolution and communication work only in a single cluster. However, we’d like to extend Dapr so that it supports name resolution and communication across multiple clusters.

The idea of the universal namespace is to allow users to postfix service names with cluster identifiers so that services on different clusters can address each other through names such as <service name>.<cluster identifier>. For example, to invoke a method foo on service-1 on cluster1, a client would simply send a POST request to a Dapr endpoint at http://localhost:3500/v1.0/invoke/service-1.cluster1/foo.

Because Dapr sidecars are often exposed as ClusterIP services, we plan to introduce a new Dapr gateway service that can be associated with a public IP. Name resolution through DNS will resolve to the gateway service address, and the gateway will forward the request to local services. Of course, if you choose to expose a Dapr service with a public IP, the DNS records on the other cluster can be updated to directly route the traffic to the target service without going through the gateway.

To secure communication across clusters, root certificates of the clusters (or a shared root certificate) are exchanged for mutual TLS authentication.

Benefits of Message-Based Integration

Message-based integration allows services to exchange messages through a messaging backbone, as shown in Figure 1-2. Instead of sending requests directly to one another, all services communicate with each other by exchanging messages through the messaging backbone. This additional level of indirection brings many desirable characteristics, as summarized in the following subsections.

Figure 1-2. Message-based integration

Flexible integration topology

You can implement various service topologies through message-based integration: pub/sub, bursting to cloud, content-based routing, scatter-gather, competing consumer, dead letter channel, message broker, and many more.

In the pub/sub pattern, publishers publish messages to a topic to which subscribers subscribe. Figure 1-3 illustrates some of the integration topologies you can achieve with pub/sub.

Figure 1-3. Integration patterns with pub/sub

One of the major benefits of pub/sub is that the publishers and subscribers are totally decoupled (well, to be exact, they are still coupled by message format, but we’re just talking about topology here). A publisher never cares how many subscribers subscribe to the topic it publishes to, or who the subscribers are. The same applies to the subscribers. This means publishers and subscribers can be evolved or replaced at any time without affecting each other. This is quite powerful, especially when multiple teams are trying to work together to deliver a complex application.

Pub/Sub with Dapr

To subscribe to topics, your application should send a GET request to the Dapr sidecar with a list of topics and corresponding routes as a JSON array, as shown in the following Node.js sample code:

app.get(’/dapr/subscribe’, (_req, res) => {
    res.json([
      {
        topic: "A",
        route: "A"
      },
      {
         topic: "B",
         route: "B"
      }
    ]);
});

Then the sidecar sends you events through POST requests when publishers publish content to the subscribed-to topics:

app.post(’/A’, (req, res) => {
    console.log("A: ", req.body);
    res.sendStatus(200);
});

To publish to a topic, your application should send a POST request to a /publish/<topic> endpoint on your Dapr sidecar with the message to be sent as the POST body, wrapped as a CloudEvent (more on this in the following section):

const publishUrl = `http://localhost:3500/v1.0/publish/<topic>`;
request( { uri: publishUrl, method: ’POST’, json: <message> } );

How Pub/Sub Works

Pub/sub needs a messaging backbone. However, as explained in the Introduction, one of Dapr’s design principles is to not reinvent the wheel. So instead of creating a new messaging backbone, Dapr is designed to be integrable with many popular messaging backbones, including Redis Streams, NATS, Azure Service Bus, RabbitMQ, Kafka, and more (for the complete list, see the Dapr repository).

Dapr uses Redis Streams as the default messaging backbone. The Stream is an append-only data structure introduced by Redis 5.0. You can use XADD to add data elements into a Stream, and you can use APIs like BLPOP to retrieve data. Each subscriber is assigned its own consumer group so that they can process their own copies of messages in parallel.

Dapr follows the CloudEvents v1.0 spec. CloudEvents is a Cloud Native Computing Foundation (CNCF) sandbox-level project at the time of writing; its goal is to create a consistent way to describe events that can be used across event producers and consumers. Dapr implements all the required attributes: id, source, specversion, and type. It also implements the optional datacontenttype and subject attributes. Table 1-1 shows how these attributes are populated.

Dapr Configurations

A Dapr sidecar can be launched with a custom configuration, which is a file in local mode or a configuration object in Kubernetes mode. A Dapr configuration again uses Kubernetes CRD semantics so that the same configuration can be used in both local mode and Kubernetes mode.

At the time of writing, you can use Dapr configurations to customize distributed tracing and create custom pipelines. The schema is likely to be extended in future versions; consult the online Dapr documentation for updated details. The following sample shows a configuration that enables distributed tracing and defines a custom pipeline with the OAuth middleware:

apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: pipeline
spec:
  tracing:
    samplingRate: "1"
  httpPipeline:
    handlers:
    - type: middleware.http.oauth2
      name: oauth2

To apply this configuration, use kubectl (assuming the filename is pipeline.yaml):

kubectl apply -f ./pipeline.yaml

To apply the custom configuration, you need to add a dapr.io/config annotation to your pod spec:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoapp
  labels:
    app: echo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echo
  template:
    metadata:
      labels:
        app: echo
      annotations:
        dapr.io/enabled: "true"
        dapr.io/id: "echoapp"
        dapr.io/port: "3000"
        dapr.io/config: "pipeline"
    spec:
      containers:
      - name: echo
        image: <your Docker image tag>
        ports:
        - containerPort: 3000
        imagePullPolicy: Always

Custom Pipelines

Middleware defined in a custom pipeline are applied in the order in which they appear in the custom configuration file on the request side and in the reverse order on the response side. A middleware implementation can choose to participate in the ingress pipe, egress pipe, or both, as shown in Figure 1-4.

In addition to custom middleware, Dapr always loads two middleware at the top of the chain: the distributed tracing middleware and the CORS middleware. We’ll talk about distributed tracing in the next section. CORS is configured by a runtime switch, allowed-origins, that contains a list of comma-separated allowed request origins. This switch may get merged into the Dapr configuration in future versions.

Figure 1-4. A custom pipeline

Custom Pipeline Experiment

In the following experiment, you’ll create a custom pipeline with a strange middleware that changes all request bodies to uppercase. We created the middleware for testing purposes; you can use it to verify whether your custom pipeline is in place.

Since we’ve been using a different programing language for each of the samples so far, we’ll switch to Rust for this exercise. You can certainly choose a different language and web framework to write the app, which simply echoes back what’s received. The following discussion assumes you have Rust installed and configured on your machine.

dapr run --app-id rust-web --app-port 8088 --port 8080 --config ./pipeline.yaml
cargo run

OAuth 2.0 Authorization

OAuth 2.0 authorization middleware is one of the middleware components shipped with Dapr. It enables the OAuth 2.0 Authorization Code Grant Flow. Specifically, when a request is received by the Dapr sidecar with OAuth 2.0 middleware enabled, the following steps happen:

1. The Dapr sidecar checks whether an authorization token exists. If not, Dapr redirects the browser to the configured authorization server.

2. The user logs in and grants access to the application. The request is redirected back to the Dapr sidecar with an authorization code.

3. Dapr exchanges the authorization code for an access token.

4. The sidecar injects the token into a configured header and forwards the request to the user application.

   Note

   At the time of writing, the middleware doesn’t support refresh tokens.

Figure 1-5 illustrates how the OAuth middleware can be configured to provide OAuth authorization to an application.

Figure 1-5. Custom pipeline with OAuth middleware

OAuth is a popular protocol that is supported by many authorization servers, including Azure AAD, Facebook, Fitbit, GitHub, Google APIs, Slack, Twitter, and more. To work with these authorization servers, you need to register your application with the servers you want to use. Different servers offer different registration experiences. At the end, you need to collect the following pieces of information:

• Client ID

• Client secret

• Scopes

• Authorization URL

• Token URL

Table 1-2 lists the authorization and token URLs of some of the popular authorization servers.

Once you collect the required information, you can define the OAuth middleware and your custom pipeline. The middleware follows the OAuth flow and injects the access token into the configured authHeaderName header.

Authoring a Custom Middleware

Dapr’s HTTP server uses FastHTTP, so Dapr HTTP middleware are also written as FastHTTP handlers. Dapr defines a simple middleware interface that consists of one GetHandler method that returns a fasthttp.RequestHandler:

type Middleware interface {
  GetHandler(metadata Metadata) (func(h fasthttp.RequestHandler) 
    fasthttp.RequestHandler, error)
}

Your implementation should return a function that takes in the downstream request handler and returns a new request handler. Then you can insert inbound or outbound logic around the downstream handler, as shown in the following code snippet:

func GetHandler(metadata Metadata) fasthttp.RequestHandler {
  return func(h fasthttp.RequestHandler) fasthttp.RequestHandler {
    return func(ctx *fasthttp.RequestCtx) {
      //inbound logic
      h(ctx)  //call the downstream handler
      //outbound logic
    }
  }
}

Your custom middleware, like other custom components, should be contributed to Dapr’s components-contrib repository, under the /middleware folder. Then you’ll need to submit another pull request against the main repository to register the new middleware type. You’ll also need to follow the registration process to register your middleware.

Tracing Middleware

Dapr distributed tracing is a middleware that can be plugged into any Dapr sidecar. It works under both the HTTP and gRPC protocols. The middleware is built around two key concepts: the span and correlation ID.

Tracing with Zipkin

Zipkin is a popular distributed tracing system. The following walkthrough shows you the steps for configuring Dapr distributed tracing with Zipkin.

docker run -d -p 9411:9411 openzipkin/zipkin

kubectl run zipkin --image openzipkin/zipkin --port 9411
kubectl expose deploy zipkin --type ClusterIP --port 9411

Tracing with Azure Monitor

At the time of writing, Dapr users a Local Forwarder that collects OpenCensus traces and telemetry data and forwards it to Application Insights. Dapr offers a prebuilt container, daprio/dapr-localforwarder, to facilitate the configuration process. Once you have the container running, you can follow steps similar to those used to configure Zipkin to configure the Local Forwarder as a ClusterIP service on your Kubernetes cluster. Once the Local Forwarder is configured, enter the Local Forwarder agent endpoint in your native exporter configuration file:

apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: native
spec:
  type: exporters.native
  metadata:
  - name: enabled
    value: "true"
  - name: agentEndpoint
    value: "<Local Forwarder address, for example: 50.140.60.170:6789>"

You can then use the rich Azure Monitor features to view and analyze your collected tracing data. Figure 1-6 shows an example of the Azure Monitor UI showing an application with multiple services calling each other.

Figure 1-6. Viewing tracing data in Azure Monitor

You can deploy multiple exporters at the same time. Dapr forwards traces to all exporters.

Service Deployment and Upgrade

When running on Kubernetes, Dapr uses the sidecar injector that automatically injects Dapr sidecar containers into pods annotated with the dapr.io/enabled attribute. You then manage your pods as usual using common Kubernetes tools such as kubectl. For example, the following YAML file describes a deployment with a single container and a load-balanced service (this example is from the distributed calculator sample which you can find in Dapr’s sample repository):

kind: Service
apiVersion: v1
metadata:
  name: calculator-front-end
  labels:
    app: calculator-front-end
spec:
  selector:
    app: calculator-front-end
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
  type: LoadBalancer

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: calculator-front-end
  labels:
    app: calculator-front-end
spec:
  replicas: 1
  selector:
    matchLabels:
      app: calculator-front-end
  template:
    metadata:
      labels:
        app: calculator-front-end
      annotations:
        dapr.io/enabled: "true"
        dapr.io/id: "calculator-front-end"
        dapr.io/port: "8080"
    spec:
      containers:
      - name: calculator-front-end
        image: dapriosamples/distributed-calculator-react-calculator
        ports:
        - containerPort: 8080
        imagePullPolicy: Always

You can use kubectl to deploy the deployment:

kubectl apply -f calculator-front-end.yaml

Once the deployment is created, you can use kubectl to scale it to multiple replicas:

kubectl scale deployment calculator-front-end --replicas=3

You can also use kubectl to update a deployment to a new image version—for example:

kubectl set image deployment.v1.apps/calculator-front-end calculator-front-end
  =dapriosamples/distributed-calculator-react-calculator:<version tag>

OAM

Open Application Model is an open source project that aims to provide a platform-agnostic modeling language for cloud native applications. OAM describes the topology of an application that is comprised of multiple interconnected components. It is concerned with application topology, but not with how individual services are written. Dapr goes to a deeper level and provides a common programming model and the supporting runtime for cloud native applications. As you’ve seen earlier in this chapter, Dapr can handle service name resolution and invocation routing. At the same time, Dapr can be configured to be used with existing service mesh systems to provide fine-tuned traffic control among services. Figure 1-7 shows how OAM’s logical topology, Dapr routes, and service mesh policies overlay on top of each other.

Figure 1-7. Relationship between OAM and Dapr

OAM allows you to attach traits to each component to control behavior such as scaling. For example, the following manual scaling trait scales a frontend component to five replicas:

apiVersion: core.oam.dev/v1alpha1
kind: ApplicationConfiguration
metadata:
  name: custom-single-app
  annotations:
    version: v1.0.0
    description: "Customized version of single-app"
spec:
  variables:
  components:
    - componentName: frontend
      instanceName: web-front-end
      parameterValues:
      traits:
        - name: ManualScaler
          properties:
            replicaCount: 5

You can group multiple components into a scope, and you can associate scopes, components, and traits through an application configuration. The core rationale behind this design is separation of concerns. The goal of OAM is to give developers a way to describe an application independently of any infrastructural concerns, to give the application operators a way to configure applications to satisfy business needs, and to give the infrastructural operators a way to describe how the desired topology and configuration are realized on a specific platform.

A common form of component is a container deployed as a Kubernetes pod. This means you can add Dapr annotations to your component and the Dapr sidecar injector can inject Dapr sidecars into your pods.

The combination of OAM and Dapr provides a complete solution for writing platform-agnostic applications—OAM provides the platform-agnostic modeling language, and Dapr provides abstract common APIs for state, service invocation, pub/sub, security, and bindings. At the time of writing, both OAM and Dapr are under active development. It’s expected that more integrations will be introduced in future versions.

Why do we believe writing platform-agnostic applications is important? Because we envision a future of ubiquitous computing, in which compute happens within the context of data. An application should be adaptive to where data is. This means applications need to work on different cloud platforms and on-premises systems, as well as in hybrid environments that span across cloud and edge.