Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DevOpsNorth 2017 "Seven (More) Deadly Sins of Microservices"

All is not completely rosy in microservice-land. It is often a sign of an architectural approach’s maturity that in addition to the emergence of well established principles and practices, that anti-patterns also begin to be identified and classified. In this talk Daniel will introduce the 2016 edition of the seven deadly sins that if left unchecked could easily ruin your next microservices project... This talk will take a tour of some of the nastiest anti-patterns in microservices, giving you the tools to not only avoid but also slay these demons before they tie up your project in their own special brand of hell.

Topics covered include:
• Envy - introducing inappropriate intimacy within services by creating a shared domain model, and how many teams deploy and use data stores incorrectly;
• Wrath - failing to deal with the inevitable bad things that occur within a distributed system;
• Sloth - ignoring the importance of NFRs; and
• Lust - embracing the latest and greatest technology without evaluating the impact incurred by these choices.

  • Login to see the comments

DevOpsNorth 2017 "Seven (More) Deadly Sins of Microservices"

  1. 1. The Seven (More) DEADLY SINS OF Microservices @opencredo Daniel Bryant @danielbryantuk
  2. 2. Previously, AT Devoxx UK & QCON NYC 2015... 22/02/2017 @danielbryantuk https://www.infoq.com/presentations/7-sins-microservices
  3. 3. The Seven (more) Deadly Sins of Microservices 1. LUST - Using the (Unevaluated) latest and greatest tech… 2. GLUTTONY - Communication lock-in 3. GREED - What'S Mine is mine (within the organisation)… 4. SLOTH - Getting lazy with NFRs 5. WRATH - Blowing up when bad things happen 6. ENVY - The shared single domain fallacy 7. PRIDE - testing in the world of transience 22/02/2017 @danielbryantuk
  4. 4. @danielbryantuk • Chief Scientist at OpenCredo, CTO at SpectoLabs • Agile, architecture, CI/CD, Programmable infrastructure • Java, Go, JS, microservices, cloud, containers • Continuous delivery of value through effective technology and teams 22/02/2017 @danielbryantuk bit.ly/2jWDSF7
  5. 5. What are our goals? • Delivery of value to end users (customers) • Business agility • Safer, more rapid changes to software systems – But Consider CI/CD, Devops, and value stream before microservices 22/02/2017 @danielbryantuk
  6. 6. 1. Lust - Using THE (unevaluated) LATEST and Greatest Tech… 22/02/2017 @danielbryantuk
  7. 7. Evaluation - are Microservices A good fit? • “our 'mode TWO' apps are Microservices” – Middle-management latch on to Buzzword – New app evolution limited by existing system – Lipstick on the pig • Not understanding architecture principles – Not building around business Functionality – Creating Mini-monoliths (no twelve factors) • No Well-defined DevOps / SRE / Ops – Deployment/ops free-for-all 22/02/2017 @danielbryantuk
  8. 8. Tech example: To containerise, or not to containerise? (dockaH, dockah, dockah... Dockah?) 22/02/2017 @danielbryantuk
  9. 9. Strategy #fail 22/02/2017 @danielbryantuk
  10. 10. Architecture/ops: Expectations versus reality 22/02/2017 @danielbryantuk “DevOps”
  11. 11. Evaluation: Beware of Confirmation bias 22/02/2017 @danielbryantuk https://thehftguy.wordpress.com/2016/11/01/docker-in-production-an-history-of-failure/ http://patrobinson.github.io/2016/11/05/docker-in-production/
  12. 12. Evaluation - It'S easy to be tricked 22/02/2017 @danielbryantuk
  13. 13. Evaluation - beware of bias and heuristics 22/02/2017 @danielbryantuk
  14. 14. 2. GLUTTONY - Communication lock-in 22/02/2017 @danielbryantuk
  15. 15. Rpc - not the devil in disguise • Don'T rule out RPC (e.g. grpc) – Sometimes the contract (and speed) are beneficial – Human readability of JSON can be over-rated • Sometime events are better – Asynchronous (AP vs CP) – durable message queues are interesting (But, No one size fits all) 22/02/2017 @danielbryantuk
  16. 16. The ESB is dead - long live the esb! 22/02/2017 @danielbryantuk
  17. 17. The ESB is dead - long live the esb! 22/02/2017 @danielbryantuk
  18. 18. The ESB is dead - long live the esb! 22/02/2017 @danielbryantuk • Is this an ESB? • Or an API gateway?
  19. 19. The ESB is dead - long live the API Gateway! 22/02/2017 @danielbryantuk • Watch for the API Gateway morphing into an Enterprise service bus – Loose coupling is vital • But let me be clear... – The API Gateway pattern is awesome – Centralise cross-cutting concerns – Prevent wheel-reinvention (plugins) – Check out kong, apigee, Mulesoft etc
  20. 20. 3. GREED - What'S mine is mine... (within the organisation)… 22/02/2017 @danielbryantuk
  21. 21. Previously... • Conway'S Law • Microservices are about people, as much as they are tech – Maybe more – Particularly in a migration / transformation 22/02/2017 @danielbryantuk
  22. 22. We hear this a lot... “We’ve decided to reform our teams around squads, chapters and guilds” • Beware of cargo-culting – Repeat three times “We are not spotify” • Understand the practices, principles, values etc 22/02/2017 @danielbryantuk
  23. 23. 4. SLOTH - Getting Lazy with NFRs 22/02/2017 @danielbryantuk
  24. 24. Getting lazy with non-Functional Requirements “The driving technical requirements for a system should be identified early to ensure they are properly handled in subsequent design” Aidan Casey Guiding principles for evolutionary architecture 22/02/2017 @danielbryantuk
  25. 25. Getting lazy with non-Functional Requirements • The 'ilities' Can be (often) be an afterthought – Availability, Scalability, auditability, testability etc • Agile/Lean: Delay decisions to the ‘last responsible moment’ – NewsFlash - Sometimes this is up-front • It can be costly (or prohibitive) to adapt late in the project – Microservices don'T make this easier (sometimes more difficult) 22/02/2017 @danielbryantuk
  26. 26. Testing NFRs in the build pipeline • Performance and Load testing – Gatling / jmeter – Flood.io • Security testing – Findsecbugs / OWASP Dependency check – Bdd-security (OWASP ZAP) / Arachni – Gauntlt / Serverspec – Docker Bench for Security / Clair 22/02/2017 @danielbryantuk
  27. 27. 5. WRATH - Blowing up when bad things happen 22/02/2017 @danielbryantuk
  28. 28. When bad things happen, people are always involved 22/02/2017 @danielbryantuk | @oakinger
  29. 29. People Pain point - How does Devops fit into this? • Devops topologies – http://web.devopstopologies.com/ – @matthewpskelton 22/02/2017 @danielbryantuk
  30. 30. DevOps - Responsibilities 22/02/2017 @danielbryantuk
  31. 31. Devops - define responsibilities • Focus on what matters – Ci/CD – Mechanical sympathy – Logging – Monitoring – Nfrs / cfrs – Change management – Incident resolution 22/02/2017 @danielbryantuk
  32. 32. How much value does non-deployed code provide to users? 0 (*Universal Unit of Value) 22/02/2017 @danielbryantuk *
  33. 33. 6. ENVY - The shared SINGLE domain fallacy 22/02/2017 @danielbryantuk
  34. 34. Previously - One Model to Rule Them All... • One model… – Breaks encapsulation – Introduces coupling • Know your DDD – Entities – Value Objects – Aggregates and Roots 22/02/2017 @danielbryantuk
  35. 35. Context mapping (static) & event storming (dynamic) 22/02/2017 @danielbryantuk | @spoole167 35 www.infoq.com/articles/ddd-contextmapping ziobrando.blogspot.co.uk/2013/11/introducing-event-storming.html
  36. 36. 7. PRIDE - testing in the world of transience 22/02/2017 @danielbryantuk
  37. 37. Previously... • Local verification – Consumer-Driven contracts • End-to-end – BDD-style critical path • Remember the test pyramid 22/02/2017 @danielbryantuk martinfowler.com/articles/microservice-testing/
  38. 38. Service virtualisation / API simulation • Virtualise request/response of services – Unavailable – Expensive to run – Fragile/brittle – Non-deterministic – Cannot simulate failures https://dzone.com/articles/continuously-delivering-soa 22/02/2017 @danielbryantuk
  39. 39. Service virtualisation • Classics – CA service virtualization – Parasoft virtualize – HPE service virtualization – IBM Test Virtualization server • New (open source) kids on the block – Hoverfly – Wiremock – VCR/Betamax – Mountebank – mirage 22/02/2017 @danielbryantuk
  40. 40. Hoverfly • Lightweight Service virtualisation – Open source (Apache 2.0) – Go-based / single binary – Written by @Spectolabs • Flexible API simulation – HTTP / HTTPS – Highly performant 22/02/2017 @danielbryantuk
  41. 41. 22/02/2017 @danielbryantuk • Middleware • Remove PII • Rate limit • Add headers • Middleware • Fault injection • Chaos monkey
  42. 42. Right, Let'S Wrap this up... 22/02/2017 @danielbryantuk
  43. 43. The Seven (more) Deadly Sins of Microservices 1. LUST - Using the (Unevaluated) latest and greatest tech… 2. GLUTTONY - Communication lock-in 3. GREED - What'S Mine is mine (within the organisation)… 4. SLOTH - Getting lazy with NFRs 5. WRATH - Blowing up when bad things happen 6. ENVY - The shared single domain fallacy 7. PRIDE - testing in the world of transience 22/02/2017 @danielbryantuk
  44. 44. Other talks... 22/02/2017 @danielbryantuk www.youtube.com/watch?v=_QboviUY05g vimeo.com/195476330 www.oreilly.com/pub/e/3850
  45. 45. Bedtime reading 22/02/2017 @danielbryantuk
  46. 46. THANKS... www.opencredo.com muservicesweekly.com (Credit to The entire openCredo team for inspiration/guidance) 22/02/2017 @danielbryantuk

×