Upgrade to Pro — share decks privately, control downloads, hide ads and more …

One year later - A microservices experience in banking

One year later - A microservices experience in banking

This talk presents a real case of a new fully digital bank based on the principles of delivering maximum value in the minimum time, being customer centric and not sacrificing quality.

A culture of quality and commitment has been promoted and system, teams and processes have been split in autonomous parts using agile methodologies, DevOps, microservices and automatic testing.
During the talk the decisions taken and the results are explained.

A global and comprehensive vision of everything that is required enter the scary world of microservices with a chance of survival!

David García

December 10, 2019
Tweet

More Decks by David García

Other Decks in Technology

Transcript

  1. About Autentia 2 SOFTWARE DEVELOPMENT SUPPORT AGILE FACILITATION CUSTOM SOFTWARE

    DEVELOPMENT TECHNICAL AUDITS TRAINING PRODUCT DESIGN AND UX www.autentia.com www.adictosaltrabajo.com autentia @autentia
  2. About me David García Gil @davgarcia5 3 “Senior Technical Consultant

    at Autentia, developing software solutions for more than 15 years in a wide variety of technologies and platforms”
  3. Why another bank? Because of changes in ⸺ Society ⸺

    Economics ⸺ Technology ⇒ New regulations — GDPR — PSD2 Context - Environment 5
  4. Context - Business Shared vision and objectives ⸺ Produce maximum

    value to business — Minimize time to market — Reduce costs ⸺ Customer centric, not process centric — Digital omnichannel — Never disrupt service ⸺ Don’t sacrifice quality! 6
  5. How to deliver maximum value to customers in the minimum

    time with expected quality? ⸺ Encourage principles, purpose and mastery ⸺ Split system, teams and process in independent manageable parts ⇒ Autonomy — Every decision must support and improve it Context - Delivery 7
  6. Autonomy vs reusability Reusability ⸺ Sharing through components/libraries — Sharing

    == Coupling ⸺ Important software design principle? — Coupling goes against autonomy — How much value does it add? ‒ Starts to pay off after 3rd reuse (Fred Brooks) ⇒ Relegated in favour of autonomy 8
  7. 6. DevOps 7. Technology stack 8. Microservices architecture 9. Observability

    10. Runtime Decision log 1. Agility 2. Team organization 3. API first 4. Testing and quality 5. Branching policy 11
  8. Decision log - Agility Agile organization ⸺ SAFe, Scrum &

    Kanban ⇒ Conway’s Law Not all rainbows and unicorns ⸺ Agile coaches & scrum masters — Time suckers vs team assistants — Team policies enforced 12
  9. Spotify model ⸺ Squads — Vertical == product/feature — Scrum,

    2 week sprints ⸺ Chapters — Horizontal == layer, technology, concern — Kanban ⸺ Psychological safety Decision log - Teams 13
  10. Decision log - Teams Fighting capacity/experience/knowledge disparity ⸺ Pair programming

    — Senior/junior ⸺ Code review & live refactoring sessions ⸺ Technical workshops ⇒ Excellent results 14
  11. API Blueprint definition Cumbersome ⸺ Examples, tooling (Dredd, Drakov, Aglio,

    custom) Decision log - API first 15 Contract testing Mock server Human docs
  12. 2nd iteration ⸺ OpenAPI 3.0 (REST) + AsyncAPI (events) —

    Events are part of the API! ⸺ Consumer-driven contract testing — Cucumber ⸺ Mock server — Mountebank ⸺ Human docs — ReDoc & DocGen Decision log - API first 16
  13. Decision log - Testing and quality 17 Golden rules ⸺

    Quality is not negotiable ⸺ Software craftsmanship ⸺ Agile manifesto ⸺ Extreme programming ⸺ KISS & YAGNI
  14. Decision log - Testing and quality 18 ⸺ Dev techniques

    — SOLID — TDD — Refactoring ⸺ Testing strategy — Testing pyramid — Manual e2e — Overlaps and gaps
  15. Decision log - Testing and quality 19 2nd iteration ⸺

    ATDD — Cucumber — Less tooling, less overlap, less manual e2e — Additional Maven module in the microservice ⸺ 3rd party providers — fabric8 docker-maven-plugin
  16. Decision log - Branching policy ⸺ Don’t branch! — Master

    based development FTW! — Feature toggles for unfinished functionality ⸺ Branches are opposed to CI & CD — With branches ⇒ Integration problems hidden for days or weeks — Without branches ⇒ Integration problems revealed quickly 20
  17. Decision log - DevOps CI & (ready for) CD ⸺

    Containers everywhere ⸺ Fully automated pipelines & deployments Combat tendency to create silos ⸺ Communication, collaboration and participation 21
  18. Decision log - DevOps ⸺ GitLab — Source code control

    — CI/CD pipeline ‒ Own runners, GitLab’s hosted ones very slow ⸺ Nexus — All artifacts repository & Docker registry ⸺ SonarQube — Quality gate 22
  19. Decision log - DevOps 2nd iteration ⸺ Moved to BitBucket

    + Jenkins ⸺ GitOps — Separate -ops repository for config & deployment — Pull requests ⸺ Deployment windows — What about CD? 23
  20. Decision log - Tech stack ⸺ Spring Boot 2.0 recommended

    but not enforced — Shared starters and libs created on-demand ⸺ Hybrid and native for mobile — Native FTW ‒ Same effort & cost than hybrid ‒ Higher quality ⸺ Angular for the web 24
  21. Decision log - Microservices architecture Starting straight with microservices?!?!?! ⸺

    Domain known & understood ⸺ Autonomy is #1 priority ⸺ Aware of the perils (hopefully) ⇒ Not regretting it — It can be done even if some microservices are thrown away along the road 25
  22. ⸺ Inside a microservice — Public interface + Value Objects

    + Events ‒ Separate shared module — Hexagonal design Decision log - Microservices architecture 27 REST Kafka Database Providers... Service logic Domain
  23. 2nd iteration ⸺ No shared module with public interface ⸺

    “Clean architecture” packaging — Domain Services ⇒ Root Ports — Adapters ⇒ Impl details Decision log - Microservices architecture 28
  24. Decision log - Observability ⸺ Collection — Custom interceptors, handlers...

    — Execution context + correlation id (Sleuth) ⸺ Forwarding — K8S daemonset Filebeat & Metricbeat ⸺ Aggregation & usage — ElasticSearch + Kibana ⇒ Very successful 29
  25. Decision log - Observability 2nd iteration ⸺ Forwarding — Logstash

    for processing — Kafka for persistent queue ⸺ Prometheus + Grafana for metrics 30
  26. Decision log - Runtime Multi-cloud native ⸺ AWS for commodity

    services — RDS, ElastiCache, S3, ALB, Cognito... ⸺ EC2 instances for everything else ⇒ Cognito not ok (for us) — Proprietary authn flow with AWS-provided libraries 31
  27. Decision log - Runtime Kubernetes runtime ⇒ The new OS

    ⸺ Config & secrets ⸺ Network & comms — Service discovery — Load balancing — Circuit breaking — Security ⸺ Scaling & availability ⸺ Cloud/infra agnostic 32
  28. Decision log - Runtime 2nd iteration ⸺ Kubernetes — Helm

    deployments — Summon for secrets — Istio for all comms ⸺ Optimize Docker images — GCR distroless — jib-maven-plugin 33
  29. ⸺ Improved onboarding ⸺ ArchUnit ⸺ DDD + Event Storming

    — Clearer boundaries for greater autonomy ⸺ Bank in a box ⸺ API governance ⸺ Observability — Jaeger instead of Sleuth The future 34
  30. ⸺ Notice talk structure Conclusions 37 Context & business needs

    guide Technical decisions (not the opposite)
  31. ⸺ Always vigilant — Evolutionary architectures (Neal Ford) — Culture,

    methods, autonomy — Accept some loses ‒ Positive net balance Conclusions 38