Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright
Building Microservices with Go
Credits
About the Author
About the Reviewers
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
Introduction to Microservices
Building a simple web server with net/http
Reading and writing JSON
Marshalling Go structs to JSON
Unmarshalling JSON to Go structs
Routing in net/http
Paths
Convenience handlers
FileServer
NotFoundHandler
RedirectHandler
StripPrefix
TimeoutHandler
Static file handler
Creating handlers
Context
Background
WithCancel
WithDeadline
WithTimeout
WithValue
Using contexts
RPC in the Go standard library
Simple RPC example
RPC over HTTP
JSON-RPC over HTTP
Summary
Designing a Great API
RESTful APIs
URIs
URI format
URI path design for REST services
Collections
Documents
Controller
Store
CRUD function names
HTTP verbs
GET
POST
PUT
PATCH
DELETE
HEAD
OPTIONS
URI query design
Response codes
2xx Success
200 OK
201 Created
204 No Content
3xx Redirection
301 Moved Permanently
304 Not Modified
4xx Client Error
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
405 Method Not Allowed
408 Request Timeout
5xx Server Error
500 Internal Server Error
503 Service Unavailable
HTTP headers
Standard request headers
Authorization - string
Date
Accept - content type
Accept-Encoding - gzip, deflate
Standard response headers
Returning errors
Accessing APIs from JavaScript
JSONP
CORS
RPC APIs
RPC API design
RPC message frameworks
Gob
Thrift
Protocol Buffers
JSON-RPC
Filtering
Versioning APIs
Semantic versioning
Versioning formats for REST APIs
Versioning formats for RPC APIs
Naming for RPC
Object type standardization
Dates
Durations
Intervals
Documenting APIs
REST based-based APIs
Swagger
API Blueprint
RAML
RPC based-based APIs
Summary
Introducing Docker
Introducing Containers with Docker
Installing Docker
Running our first container
Docker volumes
Union filesystem
Mounting volumes
Docker ports
Removing a container starting with an explicit name
Docker networking
Bridge networking
Host networking
No network
Overlay network
Custom network drivers
Weaveworks
Project Calico
Creating custom bridge networks
Creating a bridge network
Connecting containers to a custom network
Writing Dockerfiles
Building application code for Docker
FROM
MAINTAINER
EXPOSE
COPY
ENTRYPOINT
CMD
Good practice for creating Dockerfiles
Building images from Dockerfiles
Docker build context
Docker Ignore files
Running Daemons in containers
Docker Compose
Installing Docker Compose on Linux
Service startup
Specifying the location of a compose file
Specifying a project name
Summary
Testing
The testing pyramid
Outside-in development
Unit tests
httptest.NewRequest
httptest.NewRecorder
Dependency injection and mocking
Code coverage
Behavioral Driven Development
Testing with Docker Compose
Benchmarking and profiling
Benchmarks
Profiling
Summary
Common Patterns
Design for failure
Patterns
Event processing
Event processing with at least once delivery
Handling Errors
Dead Letter Queue
Idempotent transactions and message order
Atomic transactions
Timeouts
Back off
Circuit breaking
Health checks
Throttling
Service discovery
Server-side service discovery
Client-side service discovery
Load balancing
Caching
Premature optimization
Stale cache in times of database or downstream service failure
Summary
Microservice Frameworks
What makes a good microservice framework?
Micro
Setup
Code generation
Tooling (CI/CD, cross platform)
Maintainable
Format (REST/RPC)
Patterns
Language independence
Ability to interface with other frameworks
Efficiency
Quality
Open source
Security
Support
Extensibility
What we learned about Micro
Kite
Setup
Code generation
Tooling
Maintainable
Format
Patterns
Language independence
Efficiency
Quality
Open source
Security
Support
Extensibility
Summing up Kite
gRPC
Setup
Code generation
Tooling
Maintainable
Format
Patterns
Language independence
Efficiency
Quality
Open source
Security
Support
Extensibility
A few lines about gRPC
Summary
Logging and Monitoring
Logging best practices
Metrics
Types of data best represented by metrics
Naming conventions
Storage and querying
Software as a service
Self-hosted
Grafana
Logging
Distributed tracing with Correlation IDs
Elasticsearch, Logstash, and Kibana (ELK)
Kibana
Exceptions
Panic and recover
Panic
Recover
Summary
Security
Encryption and signing
Symmetric-key encryption
Public-key cryptography
Digital signatures
X.509 digital certificates
TLS/SSL
External security
Layer 2 or 3 firewalls
Web application firewall
API Gateway
DDoS protection
Types of DDoS attack
UDP fragment attack
UDP flood
DNS
NTP
CHARGEN
SYN flood
SSDP
ACK
Application security
Prevention
Detection
Response
Recovery
Confused deputy
How an attacker could bypass the firewall
Scenario
Attack
Input validation
Fuzzing
TLS
Generating private keys
Generating X.509 certificates
Securing data at rest
Physical machine access
OWASP
Never storing session tokens in a URL
Cross-site scripting (XSS) and cross-site request forgery (CRSF)
Insecure direct object references
Authentication and authorization
Password hashing
Adding a little seasoning
Dictionary attacks
Adding a pepper
bcrypt
Benchmarks
JWTs
Format of a JWT
Secure messages
Shared secrets
Asymmetric encryption with large messages
Maintenance
Patching containers
Software updates
Patching application code
Logging
Summary
Event-Driven Architecture
Differences between synchronous and asynchronous processing
Synchronous processing
Asynchronous processing
Types of asynchronous messages
Pull/queue messaging
Push messaging
Command Query Responsibility Segregation (CQRS)
Domain-Driven Design
What is DDD?
Technical debt
Anatomy of DDD
Strategic design
Tactical design
Ubiquitous language
Bounded Contexts
Context Mapping
Software
Kafka
NATS.io
AWS SNS/SQS
Google Cloud Pub/Sub
Summary
Continuous Delivery
What is Continuous Delivery?
Manual deployment
The benefits of continuous delivery
Aspects of continuous delivery
Reproducibility and consistency
Artifact storage
Automation of tests
Automation of integration tests
Infrastructure as code
Security scanning
Static code analysis
Smoke tests
End-to-end tests
Monitoring
Continuous delivery process
Overview
What is container orchestration?
Options for container orchestration
What is immutable infrastructure?
Terraform
Providers
Terraform config entry point
VPC module
Output variables
Creating the infrastructure
Example application
Continuous delivery workflow
Build
Testing
Benchmarking
Static code analysis
Integration tests
Deployment
Smoke tests
Monitoring/alerting
Complete workflow
Summary
← Prev
Back
Next →
← Prev
Back
Next →