Microserviços na vida real
•Descargar como PPTX, PDF•
0 recomendaciones•343 vistas
Nesta apresentação falo um pouco sobre o processo de construção de aplicações 100% baseada em microserviços com base em um projeto real - Arda.
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a Microserviços na vida real
Similar a Microserviços na vida real (20)
Más de Fabrício Lopes Sanchez
Más de Fabrício Lopes Sanchez (20)
Último
Último (20)
Microserviços na vida real
- 1. FABRÍCIO SANCHEZ TECHNICAL EVANGELIST @ MICROSOFT Microservices in real life #VSSUMMIT
- 2. Application architectural view Common microservices environment Application architectural view Common host environment
- 4. ARCHITECTURAL VIEW Dashboard web Power BI Others Permissions / Security Internet Kanban Intelligence Crowler ReportsAuthentication / Users
- 5. ARDA AZURE ARCHITECTURE (WEB APP BASED) Azure Active Directory Azure App Services Web App API App Azure SQL Database Azure Redis Cache Azure Storage (blob) SendGrid (free tier)
- 6. ARDA AZURE ARCHITECTURE (CONTAINER BASED) Azure Active Directory VM or ACS Docker containers Azure SQL Database Azure Redis Cache Azure Storage (blob) SendGrid (free tier)
- 8. Azure AD Authorization Endpoint Azure AD Token Endpoint Arda APIs Request authorization code Sign-in via browser Return authorization code Get authorization code and require (via POST) access token for Arda API resource Return access token and refresh token Return Http Response Call Arda API using the access token (inside header) https://login.microsoftonline.com/common/oauth2/authorize https://login.microsoftonline.com/common/oauth2/token Layer1:LoginLayer2:APIaccessAPIS PROTECTION FLOW USING AZURE AD Arda App (browser)
- 9. HOW WE DELIVER Git Repositories Arda Arda.Main Arda.Intelligence Arda.Crowler Build & Deploy Web Apps ACS (on going) Release Management Web Apps ACS (on going)
- 10. TOEXPLORE... Arda core microservices: http://github.com/DXBrazil/Arda Arda frontend: http://github.com/DXBrazil/Arda.Main Arda intelligence: https://github.com/DXBrazil/Arda.Intelligence Arda crowler: https://github.com/DXBrazil/Arda.Crawler About microservices: https://docs.microsoft.com/en-us/azure/service- fabric/service-fabric-overview-microservices
- 11. CONCLUSIONS We’ve tested Web Apps, Docker Host and ACS. I intent to try Service Fabric as well Azure Web App is robust and make microservices environment management easy Azure is a great platform to deliver microservices-based applications Azure AD is an excelent option in order to provide security in different levels Microservices can be a good architectural choice if: Application must scale in separatedly way Application is big and complex and break it will make things better Company has a senior development team Company has a mature DevOps process implemented You would like to have a cross-technologies application (optional) In other cases, monolithic layered architecture continues being a good option After release 1.0, ASP.NET Core is recommended to production development SQL Azure is strongly recommended to work with microservices Microsoft deliver one great solution for DevOps (VSTS) but presents some limitations
Notas del editor
- Arda is a free management tool designed to help managers have some insights about workloads and time offenders for its teams. We developed the first version specifically to Microsoft but with some small adjustments can be used for any time of companies and teams. Soon as possible we intend share the solution through Microsoft’s GitHub. As we will see, Arda is fully developed with Microsoft’s technologies stack, is 100% microservices-based and fully hosted on Azure. So... Let’s get started with Arda. Link to production environment: https://ardaapp.azurewebsites.net.
- This is the current architecture in which system run today: Using browser the user access Arda. Every user final request is happen in “ardaapp” Web App When the sign in process is requested, “ardaapp” goes to Azure AD and request the authorization for this user. If ok (user exists) Azure AD return the requested informations, Arda store this informations in a cookie and create an entry in Redis Cache Each microservice can store data in it own Azure SQL Database in a 100% isonomic process Each microservice can consume and share informations with any other All this structure is managed for the the same Resource Group (Arda)
- This is another option to deliver Arda microservices on Azure: using Docker containers We have almost the same environment. The difference here is: we have a Virtual Machine running Ubuntu that acts how Docker Host. The Docker containers that run Arda microservices are hosted in this VM. The request continues get in “ardaapp”. This microservice “ardaapp” direct their calls to public ports in Docker Host VM. Docker Engine convert this public ports to internal ports (NAT) and then the microservice can answer We are trying this approach, making the first tests. Next tests will be: ACS and Service Fabric
- The Azure AD protection happens in two different moments: 1. When user request “sign in” Arda application send a request for one “authorization code” to Azure AD. Azure AD verify if caller user exists. If “yes” the authorization code is returned to Arda. Arda store this authentication code in one cookie and creates a “session” with this information on Azure Redis Cache. 2. When an API needs to consume data from another API Arda APIs are protected by Azure AD. This means that when a microservice need consume some information provided by other, the caller service must validate with AD if the caller have permissions to execute that access and if access is happening in a write way (the audience information is correct). What happens follow: Caller service read cookie in order to get “authentication code” Caller service request (doing a POST to AD Token Endpoint) for an “access token”. AD Token Endpoint consult related AD application to know what can be accessed by another service Caller service get the returned “access token” Caller service call target service sending “access token” on header. Target service validate information provided by “access token” and, if is everything ok, returns content requested. If not, return a 401 error (unauthorized) This flow guarantee security on APIs access.