Startups, Monoliths and Microservices

Transcript

1. Startups, Monoliths and Microservices Arnav Gupta

2. an interesting exercise WeekendDevPuzzle 29 Jan 2022 by Amod Malviya

   (@amodm)
3. None
4. None
5. None

6. P(LB) P(N) P(WEB) P(DB) P(N)

7. P(LB) P(N) P(WEB) P(SVC) P(N) P(N) P(N) P(LB)

8. P(LB) P(N) P(N) P(N) P(SVC) P(SC) P(WEB)

9. some assumptions of the different probabilities P(LB) = 99.995% P(N)

   = 99.995% P(SC) = 99.99% (bound by P(N)) P(WEB) = 99.6%

10. two cases - good refactoring vs bad refactoring Hypothesis A

    refactoring improved web server and microservice availability P(WEB) = 99.7% P(SVC) = 99.7% Hypothesis B refactoring decreased web server and microservice availability P(WEB) = 99.5% P(SVC) = 99.5%
11. None

12. when will it make sense ? for scenario B and

    C to be better than scenario A, we need; P(WEB) and P(SVC) greater than 99.85% post refactoring for scenario B to be better than scenario C, we need; P(SC) >>> P(LB), but remember P(SC) is bound by P(N)

13. the saga of the user service Our company runs multiple

    products - - a video OTT - a forum - a customer support portal So we need “SSO”

14. video OTT forum cust support DB DB DB auth DB

15. forum auth login redirect

16. forum auth login redirect challenge DB validate save token

17. forum auth login redirect challenge DB validate save token grant-token

    exchange forum’s auth token

18. forum auth login redirect challenge DB validate save token grant-token

    exchange forum’s auth token req w/ token in header validate DB

19. video OTT forum cust support DB DB DB auth DB

    auth library auth library auth library

20. how this works ? classical JWT (vs token based system)

    Auth Service • connected to user DB • has private key side of JWT signing • does not need to be exposed outside DMZ/VPC • can be called for extra-security calls, 2FA, where required • basic request authorization flow doesn’t touch this • can have downtime, without affecting majority of API calls Auth Library (Embeddable) • embeddable, stateless library that can be included in other services • contains the public key side of the JWT signing • can call auth service for additional checks • simple JWT verification is handled, without needing auth service • Cons: challenges around server-side invalidation

21. cutting across seams A trivial web backend of a blogging

    platform. Users, Articles, Comments

22. users clients DB other services SQ, REST APIs, grpc HTML,

    JSON, Graphql Presentation Layer routes controllers Domain Layer services Data Layer repositories models data sources

23. users clients DB other services SQ, REST APIs, grpc HTML,

    JSON, Graphql Users Controller Articles Controller Comments Controller Auth Controller Users Repository Articles Repository Comments Repository Users Service Articles Service Comments Service Moderation Service Feed Service

24. users clients DB other services SQ, REST APIs, grpc HTML,

    JSON, Graphql Users Controller Articles Controller Comments Controller Auth Controller Users Repository Articles Repository Comments Repository Users Service Articles Service Comments Service Moderation Service Feed Service API Gateway Data Service Auth Service

25. users clients DB other services SQ, REST APIs, grpc HTML,

    JSON, Graphql Users Controller Articles Controller Comments Controller Auth Controller Users Repository Articles Repository Comments Repository Users Service Articles Service Comments Service Moderation Service Feed Service

26. users clients DB other services SQL, REST APIs, grpc HTML,

    JSON, Graphql Users Controller Articles Controller Auth Controller User Model Article Model Comment Model Users Service Articles Service Moderation Service Feed Service Proxy Data Library Auth Service Data Library Data Library Articles Cache Comment Controller Comment Service Comment Cache Data Library ML pipelines

27. the real overheads of a microservice • each layer introduces

    a new availability factor in the equation • serialization/deserialization overheads pile up faster than expected • documentation • observability • on-call (stems from Conway’s Law driven microservices too) • introducing new single-point of failures

28. what should startups do?

29. extracting out services: the no brainers • “dumb” labour, i.e.

    image upload, video transcode • “side effects” - logging, auditing, cold-storage • “post-processing” - MLops on ingested data, moderation workflows • “spiky” workflows - code evaluation during online test • “sacrifice-able” features - during IPL, Hotstar can drop recommendations

30. dragons beware: process/ops guidelines • engineers : services ratio always

    N : 1, not 1 : N (ideally N>2) • exotic services - API gateway, service registry, multi-tenant queues, non-trivial caches • senior* engineers : exotic services also to be N : 1, (ideally N > 2) • creating services shouldn’t be “cheap”. RFCs, arch docs, and valid reasoning

31. what should startups do ? Refer further reading: • MonolithFirst

    - Martin Fowler • How to Break a Monolith to Microservices • Segment.com - Goodbye microservices • Lyft Blog - Scaling productivity on microservices

32. thank you and open to questions Drop a 👋 @championswimmer