Micro-Service Architecture in Openshift

In this blog series , I will be developing a micro-service architecture , secure it and deploy in RedHat Openshift. Openshift is an on-premises platform as a service built around Docker containers orchestrated and managed by Kubernetes .

If you have an enterprise monolithic application and planning to migrate to micro-service architecture using traditional spring boot , RedHat Openshift could be a game changer. It provides all the important hooks and products that are required for micro-service orchestration . I am trying to cover the complete micro-service setup on RedHat Openshift .

Below is the tech stack I am going to use :

  • I will be using spring-boot project for micro-service .
  • Angular for front end .
  • RedHat provides Keycloak which I am using as the Identity provider for Single Sign On.
  • I will be using Jenkins for CI CD .
  • Redhat provides 3scale for API Gateway (Although I am not much impressed by this product )

Below are the topics to cover:

  1. Micro-service Design & Architecture
  2. Securing Spring boot Micro-service with Keycloak
  3. Jenkins Build Pipeline of the Micro-service in Openshift
  4. Securing 3Scale API Gateway
  5. Angular Integration with Keycloak and 3Scale

Topics which I will not cover from the design below are :

  • Spring Config server
  • Log management .

Micro-service Design & Architecture

Below is the high level design :

1.1 High Level Design of Micro-service Architecture

In the above design we have secured all rest calls with Keycloak . I used 3scale to do API management and a APICast gateway for external facing applications. There are multiple microservices which are grouped together under external and internal . External are exposed via gateway where as internals are only meant for internal communication. Be it internal or external, all the calls are secured and are executed only when they are validated in Keycloak.

1.2 Low Level Design of the Microservice Architecture

Here is a sequence of events that happens :

  • User request for the secured pages in angular app
  • Angular app looks for the token in request header , but did not get hence redirects to the keycloak login page .
  • User enters credentials in login page of the keycloak, and keycloak sends back a token to angular app .
  • Amgular pass this token to the 3scale or the APICast gateway , which validates the token and the request pass on to the micro-services .
  • The spring-security keycloak adapter in Spring boot app also validates the token and gives back appropriate response .
  • We will be keeping all the spring boot configuration details in Spring config server .
  • We will be having the zipkin for distributed tracing and Elastic Logstash and Kibana for logging .

I will be applying the above design in building my Recipe book . My Recipe Book will have these below features :

  • Retrieve my account profile
  • Create Ingredients and List all ingredients
  • Create recipe with those added ingredients and show an approximate cost of the recipe .

The app is still under development , however i will be mainly focusing on the setup of the aforementioned design .

High level functionalities

Dashboard without login :

My Recipe Home page

On click of Login , the page redirects to Keycloak login page :

Keycloak login screen

The login is happening at keycloak server end , hence it will be completely secure . After login , page redirects back to the home page which now shows the Create recipe page :

Create New Recipe

And in the Ingredients tab has list of ingredients section ,

List of Ingredient

We will create an ingredient first ,

Add an ingredient

Now we will create a recipe :

Recipe creation

Description with cost of the recipe ,:

Clicking My Account displays the Profile details :

The design in 1.2 can be redrawn as below for understanding purpose . :

Micro-service design architecture

recipe-service helps in creating and listing of recipe .
cost-service provides the cost of the recipe. recipe-service invokes cost-service to retrieve the cost of the recipe . Profile details comes from profile-service .

In the next section we will see how we can secure the above micro-services with keycloak .

Digiprove sealCopyright secured by Digiprove © 2020 Geeks 18

1 Comment

Leave a Reply

Your email address will not be published.