Building Microservices with Go电子书

Title Page

Copyright

Building Microservices with Go

Credits

About the Author

About the Reviewers

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

Introduction to Microservices

Building a simple web server with net/http

Reading and writing JSON

Marshalling Go structs to JSON

Unmarshalling JSON to Go structs

Routing in net/http

Paths

Convenience handlers

FileServer

NotFoundHandler

RedirectHandler

StripPrefix

TimeoutHandler

Static file handler

Creating handlers

Context

Background

WithCancel

WithDeadline

WithTimeout

WithValue

Using contexts

RPC in the Go standard library

Simple RPC example

RPC over HTTP

JSON-RPC over HTTP

Summary

Designing a Great API

RESTful APIs

URIs

URI format

URI path design for REST services

Collections

Documents

Controller

Store

CRUD function names

HTTP verbs

GET

POST

PUT

PATCH

DELETE

HEAD

OPTIONS

URI query design

Response codes

2xx Success

200 OK

201 Created

204 No Content

3xx Redirection

301 Moved Permanently

304 Not Modified

4xx Client Error

400 Bad Request

401 Unauthorized

403 Forbidden

404 Not Found

405 Method Not Allowed

408 Request Timeout

5xx Server Error

500 Internal Server Error

503 Service Unavailable

HTTP headers

Standard request headers

Authorization - string

Date

Accept - content type

Accept-Encoding - gzip, deflate

Standard response headers

Returning errors

Accessing APIs from JavaScript

JSONP

CORS

RPC APIs

RPC API design

RPC message frameworks

Gob

Thrift

Protocol Buffers

JSON-RPC

Filtering

Versioning APIs

Semantic versioning

Versioning formats for REST APIs

Versioning formats for RPC APIs

Naming for RPC

Object type standardization

Dates

Durations

Intervals

Documenting APIs

REST based-based APIs

Swagger

API Blueprint

RAML

RPC based-based APIs

Summary

Introducing Docker

Introducing Containers with Docker

Installing Docker

Running our first container

Docker volumes

Union filesystem

Mounting volumes

Docker ports

Removing a container starting with an explicit name

Docker networking

Bridge networking

Host networking

No network

Overlay network

Custom network drivers

Weaveworks

Project Calico

Creating custom bridge networks

Creating a bridge network

Connecting containers to a custom network

Writing Dockerfiles

Building application code for Docker

FROM

MAINTAINER

EXPOSE

COPY

ENTRYPOINT

CMD

Good practice for creating Dockerfiles

Building images from Dockerfiles

Docker build context

Docker Ignore files

Running Daemons in containers

Docker Compose

Installing Docker Compose on Linux

Service startup

Specifying the location of a compose file

Specifying a project name

Summary

Testing

The testing pyramid

Outside-in development

Unit tests

httptest.NewRequest

httptest.NewRecorder

Dependency injection and mocking

Code coverage

Behavioral Driven Development

Testing with Docker Compose

Benchmarking and profiling

Benchmarks

Profiling

Summary

Common Patterns

Design for failure

Patterns

Event processing

Event processing with at least once delivery

Handling Errors

Dead Letter Queue

Idempotent transactions and message order

Atomic transactions

Timeouts

Back off

Circuit breaking

Health checks

Throttling

Service discovery

Server-side service discovery

Client-side service discovery

Load balancing

Caching

Premature optimization

Stale cache in times of database or downstream service failure

Summary

Microservice Frameworks

What makes a good microservice framework?

Micro

Setup

Code generation

Tooling (CI/CD, cross platform)

Maintainable

Format (REST/RPC)

Patterns

Language independence

Ability to interface with other frameworks

Efficiency

Quality

Open source

Security

Support

Extensibility

What we learned about Micro

Kite

Setup

Code generation

Tooling

Maintainable

Format

Patterns

Language independence

Efficiency

Quality

Open source

Security

Support

Extensibility

Summing up Kite

gRPC

Setup

Code generation

Tooling

Maintainable

Format

Patterns

Language independence

Efficiency

Quality

Open source

Security

Support

Extensibility

A few lines about gRPC

Summary

Logging and Monitoring

Logging best practices

Metrics

Types of data best represented by metrics

Naming conventions

Storage and querying

Software as a service

Self-hosted

Grafana

Logging

Distributed tracing with Correlation IDs

Elasticsearch, Logstash, and Kibana (ELK)

Kibana

Exceptions

Panic and recover

Panic

Recover

Summary

Security

Encryption and signing

Symmetric-key encryption

Public-key cryptography

Digital signatures

X.509 digital certificates

TLS/SSL

External security

Layer 2 or 3 firewalls

Web application firewall

API Gateway

DDoS protection

Types of DDoS attack

UDP fragment attack

UDP flood

DNS

NTP

CHARGEN

SYN flood

SSDP

ACK

Application security

Prevention

Detection

Response

Recovery

Confused deputy

How an attacker could bypass the firewall

Scenario

Attack

Input validation

Fuzzing

TLS

Generating private keys

Generating X.509 certificates

Securing data at rest

Physical machine access

OWASP

Never storing session tokens in a URL

Cross-site scripting (XSS) and cross-site request forgery (CRSF)

Insecure direct object references

Authentication and authorization

Password hashing

Adding a little seasoning

Dictionary attacks

Adding a pepper

bcrypt

Benchmarks

JWTs

Format of a JWT

Secure messages

Shared secrets

Asymmetric encryption with large messages

Maintenance

Patching containers

Software updates

Patching application code

Logging

Summary

Event-Driven Architecture

Differences between synchronous and asynchronous processing

Synchronous processing

Asynchronous processing

Types of asynchronous messages

Pull/queue messaging

Push messaging

Command Query Responsibility Segregation (CQRS)

Domain-Driven Design

What is DDD?

Technical debt

Anatomy of DDD

Strategic design

Tactical design

Ubiquitous language

Bounded Contexts

Context Mapping

Software

Kafka

NATS.io

AWS SNS/SQS

Google Cloud Pub/Sub

Summary

Continuous Delivery

What is Continuous Delivery?

Manual deployment

The benefits of continuous delivery

Aspects of continuous delivery

Reproducibility and consistency

Artifact storage

Automation of tests

Automation of integration tests

Infrastructure as code

Security scanning

Static code analysis

Smoke tests

End-to-end tests

Monitoring

Continuous delivery process

Overview

What is container orchestration?

Options for container orchestration

What is immutable infrastructure?

Terraform

Providers

Terraform config entry point

VPC module

Output variables

Creating the infrastructure

Example application

Continuous delivery workflow

Build

Testing

Benchmarking

Static code analysis

Integration tests

Deployment

Smoke tests

Monitoring/alerting

Complete workflow

Summary