Christian Posta, Chief Architect at Red Hat, presented the story of a fictitious company1moving a monolithic application to microservices.
When considering risk, we think we know the bad things that can happen and the probabilities of those bad things actually happening. Christian defines a monolith as a large application developed over many years by different teams that delivers proven business value while being very difficult to update and maintain. Its architecture, elegant at one point, has eroded over time. That makes it difficult to assess the risk of migrating a monolith.
Let's hear from the new school:
Microservice is a highly distracting word that serves to confuse developers, architects, and IT leaders into believing that we can actually have a utopian application architecture.
Um, no. While that's cynical but true, the correct definition is:
Microservices are an architectural optimization that treats the modules of an application as independently owned and deployed services for the purpose of increasing an organization's velocity and eliminating technical debt.
The performance of an IT organization has a strong correlation to business performance, boosting productivity, profitability, and market share2. Statistics over the last few years for high performers versus low performers include moving code from commit to production 200x faster3, deployments being 46x more frequent, and the lead time for changes being 440x faster4. Technologies and techniques such as containers, automated testing, and deployment pipelines enable teams to go faster. In addition, high-performing teams are introducing errors at a much lower rate and are recovering from the errors they do create at a much higher rate.
When considering microservices, the goal is not to pursue a microservice architecture mindlessly. The goal is to use microservices where they make sense. Specifically, to use microservices to speed up development, to lower the risk of bad things happening, and to make it simpler to understand and recover from bad things when they happen. (Which, of course, they probably will.)
The case study Christian covered is the TicketMonster demo. Originally written for JBoss, the code has been around for at least a decade and has become, in Christian's words, "a morass of stuff." Maintaining this or any other monolith is a major pain for a long list of reasons:
- Making changes in one place negatively affects unrelated areas
- We have low confidence that reasonable changes won't break something somewhere else
- We spend lots of time coordinating work among team members
- The structure of the application has eroded or is non-existent
- We have no way to quantify how long code merges will take
- Development is tedious because the project is so big (the IDE bogs down, running tests take forever, bootstrap times are long, etc.)
- Changes to one module force changes across other modules
- Sunsetting outdated technology is difficult
- We may have to base new applications on old approaches like batch processing
- The monolith gets in its own way when managing resources, allocations, and computations.
All of these factors make microservices attractive. But it's important to remember that microservices are about optimizing for speed. You need to ask yourself the question, "Is the architecture of our application the bottleneck that keeps us from moving faster?" If it's not, Christian prescribes a three-step process:
- Figure out what is keeping you from moving faster.
- Fix that.
- Come back and look at microservices again.
If microservices are a good fit for you, the question is how to break a monolith into microservices. Some common approaches include, "Do one thing and do it well," "Organize around verbs," "Organize around nouns," and "Focus on products not projects." We said similar things about SOA back in the day, however. "Services are autonomous," "Loose coupling is vital," "Boundaries are explicit," were equally high-minded goals that often eluded us. So we have platitudes on what the system should be, but no real guidelines on how to make it happen. A more sophisticated approach:
- Identify modules and boundaries (aka use domain-driven design)
- Align to business capabilities
- Identify data entities responsible for features and modules
- Break out those entities and wrap them with APIs or services
- Update old code to call the new APIs
That's all well and good, but it misses a lot of detail5. As usual, reality rears its ugly, pointy little head, presenting difficult problems that can't be waved away:
- It's not easy to modularize a monolith. If it were, the teams that maintained the monolith over the years would have kept it modular.
- There are often tight couplings and integrity constraints with an SQL database. This is often overlooked. The database backing the monolith probably has normalized tables and referential integrity in place. Disregarding that can be disastrous. (In fact, it almost certainly will be disastrous.)
- It's difficult to understand which modules use which tables in the database.
- As appealing as it might be, we can't shut down the enterprise to do migrations.
- There will be some ugly migration steps that can't be wished away. You'll have to undo the existing technical debt accrued over the years.
- Finally, there is probably a point of diminishing returns at which it simply doesn't make sense to break any more things out of the monolith6.
Yet another list—you need to make sure that these things are in place:
- Test coverage for the existing project7 (consider Arquillian for integration testing. Also consider Michael Feathers' book Working Effectively with Legacy Code.)
- Some level of monitoring to detect issues, exceptions, etc.
- Some level of black-box system tests and load testing in place (JMeter and Gatling can help here)
- The ability to deploy to an environment reliably (OpenShift or Kubernetes)
- Some kind of CI/CD pipeline to make changes economical
With that in mind, Christian stressed the difference between deployments and releases. A deployment is simply code that lives on a production server but doesn't get any traffic. It isn't considered a release until it's using live data in a production environment. A deployment should be a non-event to the business. Developers should be able to deploy code without approvals or intervention by administrators or the ops staff. Deciding to route production traffic to the deployment, on the other hand, is a business decision made once the deployment has been tested thoroughly.
The Istio service mesh makes this easy in an OpenShift / Kubernetes environment. It is an infrastructure that allows you to separate deployments and releases. (Read Don Schenck’s excellent Introduction to Istio blog series to fully understand this technology.) Istio lets you say that only 1% of the traffic should go to the new deployment or that only users who have certain characteristics should see the new deployment. Another definition:
A service mesh is a decentralized application networking infrastructure among your services that provides resiliency, security, observability, and routing control. A service mesh is comprised of a control plane and a data plane.
Istio works via sidecar proxies. Every service in the service mesh has a proxy beside it. Any traffic meant for a service first goes to the sidecar proxy. Istio controls the sidecar proxy to determine how or when or if that traffic is actually delivered to the service. This approach allows you to manage all the microservices in your service mesh without changing any code..
Continuing the refactoring of the monolith, we can take a particular function of the monolith and move that code into a service. The starting point, once again, is to copy the code from the monolith and put it into a separate module. Then we can use Istio to route only some of the traffic to the new service. To maximize the value of our investment, the service we choose should be something that provides significant business value. In other words, we look at the monolith and determine that some part of the system could give us a substantial ROI if we made it more agile and flexible. In the Ticket Monster example, the order processing functions could be far more valuable to the business if they were in a separate module that could be enhanced independently of the monolith. For example, if that code was written a decade ago, it doesn't support things like ApplePay or Venmo. A low-risk architecture for adding new methods of payment would clearly help the business stay current.
To sum up:
- Write lots of tests. For the monolith if you can, but definitely for the new services.
- Use advanced techniques such as canary deployments and other fine-grained traffic control to manage the transition from deployments to releases.
- Reduce boilerplate code for data integration in the initial service implementation.
- Use technical debt to your advantage.
- Have lots of monitoring in place.
- Leverage your deployment and release infrastructure to experiment and learn about your system as you go forward.
This was a great session with lots of practical advice based on real-world experience. If you'd like to get it from the source, the video of Christian's presentation is one of the 100+ Red Hat Summit 2018 breakout sessions you can view online for free.
Good luck with your enterprise modernization!
Learn more about microservices architecture on developers.redhat.com.
- Christian's slides for this presentation on SlideShare
- Christian and Burr Sutter's new book: Introducing Istio Service Mesh for Microservices
- Christian's book: Microservices for Java Developers: A Hands-on Introduction to Frameworks and Containers
- Christian's articles on developers.redhat.com/blog
- Fictitious, but based on a true story. Many of them, in fact.
- See Puppet.com: 2014 State of DevOps report.
- See Puppet.com: 2015 State of DevOps report.
- See Puppet.com: 2017 State of DevOps report.
- What, you were expecting a full, prescriptive recommendation from a blog post? Sorry, but the real world is more complicated than that.
- You can stab it with your steely knives, but you just can't kill the beast.
- One definition of legacy code is "code that doesn't have any tests."’