WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Architecture, Service Mesh, and More
- 3. ● Modularity, a fundamental principle in software design, plays a crucial role
in making software manageable and maintainable.
● It involves breaking down a system into smaller, manageable, and
interchangeable components or modules. Each module is designed to
execute one specific aspect of the desired functionality and interacts with
other modules through well-defined interfaces.
Modularity
3
- 5. ● Domain-Driven Design (DDD) is a methodology for software design that
involves creating detailed models to capture the business requirements of
a specific domain. These models form the conceptual basis for software
development.
● DDD helps us build a microservice architecture by splitting a big system
into smaller, independent parts. We figure out what each part does and
how they connect to each other.
Domain-driven design (DDD)
5
- 6. Domain-Driven Design for microservices
6
● Strategic phase: identify the Bounded Contexts and map them out in a
context map
● Tactical phase: model each Bounded Context according to the business
rules of the subdomain.
● DDD is iterative and adaptive.
Analyze Domain
Define Bounded
Contexts
Identify
Microservices
- 7. ● Domain-Driven Design: Tackling Complexity in the Heart of Software by
Eric Evans
● Implementing Domain-Driven Design by Vaughn Vernon
● Domain-Driven Design Distilled by Vaughn Vernon
Learn more about Domain-Driven Design
7
- 9. Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
9
- 10. ● Map bounded contexts into the deployment concepts
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
10
- 11. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
11
- 12. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
12
- 13. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
● Service discovery and governance
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
13
- 14. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
● Service discovery and governance
● Complexity in scaling and resiliency
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
14
- 15. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
● Service discovery and governance
● Complexity in scaling and resiliency
● Infrastructure automation and frequence release management
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
15
- 16. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
● Service discovery and governance
● Complexity in scaling and resiliency
● Infrastructure automation and frequence release management
● Security implications
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
16
- 17. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
● Service discovery and governance
● Complexity in scaling and resiliency
● Infrastructure automation and frequence release management
● Security implications
● Observability and monitoring
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
17
- 18. ● Map bounded contexts into the deployment concepts
● Autonomous team operations
● Dependency management
● Service discovery and governance
● Complexity in scaling and resiliency
● Infrastructure automation and frequence release management
● Security implications
● Observability and monitoring
● Infrastructure/cloud cost
Key Challenges in Transitioning from Domain-Driven Design to
Cloud-Native Deployment
18
- 19. By combining the right architecture
with cloud-native middleware, these
challenges can be effectively
overcome.
- 23. ● A Decentralized Reference Architecture for Cloud-native Applications by
Asanka Abeysinghe, CTO @WSO2 and Paul Fremantle, founder CTO
@WSO2
● Cell-based Architecture (CBA) and Domain-Driven Design (DDD) align well
together.
● CBA is an approach for modularizing a group of related capabilities from
(part of) a domain into a network cell and managing access to them
through well-defined gateways.
Cell-based architecture (CBA)
23
https://github.com/wso2/reference-architecture/blob/master/reference-architecture-cell-based.md
- 26. ● Cloud-native middleware is a software or set of software tools that
provide common services and capabilities to applications beyond those
offered by the underlying cloud infrastructure.
● It is designed to support scalability, resilience, maintainability, and
observability in cloud-native environments.
● This middleware integrates seamlessly with cloud services and caters to
the dynamic nature of cloud-native applications, enabling them to
communicate efficiently, scale, and adapt to changing demands without
compromising performance or security.
● Additionally, it includes features for monitoring and observing application
behavior, which is crucial for troubleshooting and optimizing performance.
Cloud-Native Middleware
26
- 29. ● Github
● Github Runners
● Docker
● Trivy Scanner
● Buildpacks
● Kubernetes
● Key Vault
● API Gateway
● eBPF
● Cilium Service Mesh
Cloud-Native Middleware used in Choreo Implementation
29
● Cilium CNI
● Wireguard
● Hubble
● Envoy
● Prometheus
● Opensearch
● FluentBit
● Keda
- 30. 30
DDD and Dev time Deployment and Runtime
Domain Foo
S1
S2
Domain Bar
S1
S2
S3
- 31. Key Vault
31
DDD and Dev time
Project Foo Project Bar
S2
S1
Domain Foo
S1
S2
Domain Bar
S1
S2
S3
S2
S3
S1
Deployment and Runtime
Buildpacks
Docker Registry
Deployment
Services
Namespaces
HPA
ConfigMaps
- 32. 32
Dev time
Project Foo Project Bar
S2
S1
Foo
● S1 need to expose to
public
● S1−>S2
Bar
● S2 need to expose to
public
● S2−>S3
Cross Domain
● Foo/S2−>Bar/S1
● Service Discovery
Security
● Authentication and
Authorization
● All network call need to
be encrypted
● Allow only defined
network communication
and deny all others.
S2
S3
S1
Deployment and Runtime
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 33. 33
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
● S1 need to expose to
public
● S1−>S2
Bar
● S2 need to expose to
public
● S2−>S3
Cross Domain
● Foo/S2−>Bar/S1
● Service Discovery
Security
● Authentication and
Authorization
● All network call need to
be encrypted
● Allow only defined
network communication
and deny all others.
API GW API GW
API GW
API GW
AA AA
AA
AA Authn & Authz
Deployment and Runtime
Dev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 34. 34
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
● S1 need to expose to
public
● S1−>S2
Bar
● S2 need to expose to
public
● S2−>S3
Cross Domain
● Foo/S2−>Bar/S1
● Service Discovery
Security
● Authentication and
Authorization
● All network call need to
be encrypted
● Allow only defined
network communication
and deny all others.
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
API GW
AA Authn & Authz
AA
Deployment and Runtime
Dev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 35. 35
Project Foo Project Bar
S2
S1
S1
S2
S3
Foo
● S1 need to expose to
public
● S1−>S2
Bar
● S2 need to expose to
public
● S2−>S3
Cross Domain
● Foo/S2−>Bar/S1
● Service Discovery
Security
● Authentication and
Authorization
● All network call need to
be encrypted
● Allow only defined
network
communication and
deny all others.
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Deployment and Runtime
Dev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 36. 36
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
● Logs: access, debugs
etc
● System metrics:
memory, cpu etc
● Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
● Resiliency: retry, circuit
breaker etc
Serverless
● Scale to zero
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Deployment and Runtime
Dev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 37. 37
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
● Logs: access, debugs
etc
● System metrics:
memory, cpu etc
● Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
● Resiliency: retry, circuit
breaker etc
Serverless
● Scale to zero
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Logs
Logs
Deployment and Runtime
Dev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 38. 38
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
● Logs: access, debugs
etc
● System metrics:
memory, cpu etc
● Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
● Resiliency: retry, circuit
breaker etc
Serverless
● Scale to zero
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Logs
Logs
Metrics
Metrics
Deployment and Runtime
Dev time
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 39. 39
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
● Logs: access, debugs
etc
● System metrics:
memory, cpu etc
● Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
● Resiliency: retry, circuit
breaker etc
Serverless
● Scale to zero
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
Deployment and Runtime
Dev time
Service Mesh
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 40. 40
Project Foo Project Bar
S2
S1
S1
S2
S3
Observability
● Logs: access, debugs
etc
● System metrics:
memory, cpu etc
● Runtime metrics:
network traces, request
counts, latency, errors
etc
Service Mesh
● Resiliency: retry, circuit
breaker etc
Serverless
● Scale to zero
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and Runtime
Dev time
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 41. 41
Project Foo Project Bar
S2
S1
S1
S2
S3
● Never Trust, Always
Verify
● Verify Explicitly
● Least Privilege Access
● Micro-Segmentation
● Layered Security
Controls and MFA
● Assume Breach
● End-to-End Encryption
● Full User and System
Visibility
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and Runtime
Zero Trust Principals
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 42. 42
Project Foo Project Bar
S2
S1
S1
S2
S3
● Map bounded contexts
into the deployment
concepts
● Autonomous team
operations
● Dependency
management
● Service discovery and
governance
● Complexity in scaling
and resiliency
● Infrastructure
automation frequence
release management
● Security Implications
● Observability,
Monitoring and
Maintenance
● Infrastructure/cloud
cost
API GW API GW
API GW
E
E
E
E
E
E
E Encrypted
AA AA
X
L3/L4
Access
Deny
X
L3/L4
Access
Deny
L3/L4 Access
Deny
API GW
AA Authn & Authz
AA
Logs
Logs
Metrics
Retry
if 503
No request:
scale to zero
Deployment and Runtime
Revisit Challengers
Service Mesh
Scale to
zero
Metrics
Buildpacks
Deployment
Services
Namespaces
HPA
ConfigMaps
Docker Registry
Key Vault
- 43. After building this platform, you'll
streamline the development process,
enhance productivity, and accelerate
time-to-market, all of which are
essential for business success.
- 45. ● Platformless by Sanjiva, Paul and Asanka
● Cell-Based Architecture by Paul and Asanka
● Unlocking the Power of Programmable Data Planes in Kubernetes with
eBPF by Lakmal
● How We Implemented Zero Trust in Choreo by Lakmal
● Scaling Smart: Introducing Choreo’s Scale-to-Zero for Optimal Resource
Utilization by Lakmal
● Reference Architecture for a Cloud Native Digital Enterprise by Lakmal
● Reference Implementation for a Cloud Native Digital Enterprise by Lakmal
Read more…
45