Open Closed

Questions regarding new microservice design #2268


User avatar
0
cangunaydin created
  • ABP Framework version: v5
  • UI type: MVC
  • DB provider: EF Core

Hello, I am new to Abp structure and i was checking out the docs for microservice structure, i have created a sample solution from abp suite. And i was going through the docs and trying to understand how the system works. I believe on the previous version, solution was using internal gateway to do the communication between services. Why was it removed in this version? Actually i am not sure what was the internal gateway was doing on the previous version. was it only a gateway that is publishing the events from rabbitmq and do the communication between all micro-services? And if it was doing all the communication between all microservices before right now how it has been solved? And i believe only "administration service" needs to make a call to "identity service", is there any other microservice making a call to other microservices?

I think all the built-in modules coming from Abp are now using static http client generation explained here: https://github.com/abpframework/abp/blob/dev/docs/en/Blog-Posts/2021-11-18%20v5_0_Preview/POST.md#static-generated-client-proxies-for-c-and-javascript I understand that administration service need to talk to identityservice and this is done with static http client proxies now. But what i don't understand is why administrationservice needs to depend on 5 contractsmodule which are

AbpAccountAdminApplicationContractsModule AbpAccountPublicApplicationContractsModule ProductServiceApplicationContractsModule SaasServiceApplicationContractsModule IdentityServiceApplicationContractsModule

i couldn't see anything on the documentation why these are needed maybe i am missing sth over here maybe it is related with static http client proxies. Maybe these are kind of basic questions but i am new to microservice concept and new abp structure. I would be glad if you could clarify those points for me.

ps: still on the doc it mentions about internal gateway which is not present probably it would be modified when the v5 is released. https://docs.abp.io/en/commercial/5.0/startup-templates/microservice/microservices#administrationservice


6 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Hello,

    Why was it removed in this version? Actually i am not sure what was the internal gateway was doing on the previous version. was it only a gateway that is publishing the events from rabbitmq and do the communication between all micro-services?

    Internal gateway was working as a service locator when microservices make synched (http) communication. It was not related with publishing events but only related with synched communication between microservices. I would suggest reading guide communication between microservices to learn more about it.

    And if it was doing all the communication between all microservices before right now how it has been solved?

    We were using dynamic proxy which resolves endpoint configurations in runtime. This required api-gateways to be dependent on other microservices' Http.Api layer. There were some problems related with design like having difficulty to change Ocelot to any other gateway (like envoy etc).

    And i believe only "administration service" needs to make a call to "identity service", is there any other microservice making a call to other microservices?

    Yes, specifically when you request User Permissions, AdministrationService makes a request to IdentityService. As default, there is no other synched inter-service communication.

    But what i don't understand is why administrationservice needs to depend on 5 contractsmodule which are

    Because of permissions. Each microservice has their own permissions but AdministrationService hosts the Permission Management module. Also for api-configuration see this issue.

    ps: still on the doc it mentions about internal gateway which is not present probably it would be modified when the v5 is released.

    Thanks, we'll update docs.

  • User Avatar
    0
    cangunaydin created

    Allright i think it is more clear in my mind now, thank you for the answer.

    So to summarize, you removed internal gateway because there was only one synched (http) communication which is between administration service and identity service.

    All the permissions are defined in application contracts, so this brings us to the conclusion, whatever microservice that implements permission manager module needs to define every microservice application contracts module, so permission manager can do crud operations on the permissions?

    And as the last thing if i want to create a communication for ex between productservice and saas service

    • I need to create productservice as a client in identity server give the scope as "saasservice"
    • configure productservice by changing appsettings.json in the project like sth similar that has been made in administration service config.

    "AuthServer": { "Authority": "https://localhost:44322", "RequireHttpsMetadata": "true" }, "RemoteServices": { "AbpIdentity": { "BaseUrl": "https://localhost:44388/", "UseCurrentAccessToken": "false" } }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "Adzup_AdministrationService", "ClientSecret": "1q2w3e*", "Authority": "https://localhost:44322", "Scope": "IdentityService" } },

    • And as the last step i need to have the "HttpApiClientModule" of the "saas microservice" in the "productservice module" and i don't need any contracts module since "HttpApiClientModule" also have a reference to the "Saas Contract Module" and this microservice doesn't manage permissions.

    Further Questions:

    • So as i understand identityclients options are configured in AbpHttpClientIdentityModelWebModule but in the docs it has been used AbpHttpClientIdentityModelModule can you clarify the difference between 2?

    • Also if i am planning lots of communications between different microservices internally isn't the internal gateway with ocelot is better approach maybe it is not very efficient if one microservice needs to call another but overall can we say that if we have many communcations between our microservices isn't it better to configure an internal gateway instead of configuring all the microservices one by one? What i am asking is are you planning to replace back internal gateway with another solution than ocelot or is it gonna be gone for good?

    Thank you so much for the help and assistance

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    So to summarize, you removed internal gateway because there was only one synched (http) communication which is between administration service and identity service.

    Not really. We didn't want gateways to be dependent on Http.Api layers of microservices so that developers can easily switch to an other gateway stack (like envoy etc).

    All the permissions are defined in application contracts, so this brings us to the conclusion, whatever microservice that implements permission manager module needs to define every microservice application contracts module, so permission manager can do crud operations on the permissions?

    Pretty much, yes.

    Your sample about synched communication between porudct service and saas service seems right. Also you can check this answer about Client Credential Flow.

    So as i understand identityclients options are configured in AbpHttpClientIdentityModelWebModule but in the docs it has been used AbpHttpClientIdentityModelModule can you clarify the difference between 2?

    AbpHttpClientIdentityModelWebModule is used for UI involved flows when http context accessor is used while AbpHttpClientIdentityModelModule doesn't use the http context. AbpHttpClientIdentityModelWebModule already implements AbpHttpClientIdentityModelModule.

    Also if i am planning lots of communications between different microservices internally isn't the internal gateway with ocelot is better approach maybe it is not very efficient if one microservice needs to call another but overall can we say that if we have many communcations between our microservices isn't it better to configure an internal gateway instead of configuring all the microservices one by one? What i am asking is are you planning to replace back internal gateway with another solution than ocelot or is it gonna be gone for good?

    Surely. If you want to use dynamic proxy and keep using ocelot you can use an internal gateway and set

    "RemoteServices": { 
        "Default": { 
            "BaseUrl": "https://localhost:44388/" // Internal Gateway url
        }
    }
    

    in other microservices.

    However, keep in mind that you are tightly coupling the microservices by making synched inter-communication. If you have lots of communications between different microservices, I would suggest differentiating them and decide which ones should be synched communication (with http requests) and which ones can be async over eventbus.

  • User Avatar
    0
    cangunaydin created

    Hello again, I really understand now, also i read this doc from microsoft, which is not a good practice to do synced communications between microservices as they say https://docs.microsoft.com/en-us/dotnet/architecture/microservices/architect-microservice-container-applications/communication-in-microservice-architecture

    https://docs.microsoft.com/en-us/dotnet/architecture/microservices/architect-microservice-container-applications/media/communication-in-microservice-architecture/sync-vs-async-patterns-across-microservices.png

    So this brings me another question Isn't there anyway to get users without being coupled to identity service. For ex first thing that comes to my mind is to make identityservice not being a seperate microservice and include it in administration service? But probably it is the most used service? Why did you choose to make it a seperate service if it is gonna be coupled to administration service? or how do i need to do decisions when i am seperating monolith project to microservices? Is there any guide or docs or any book to read to learn more about it?

    I really appreciate your help, and thank you for answering my questions.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    So this brings me another question Isn't there anyway to get users without being coupled to identity service.

    What makes you think you have to be coupled to identity service for identity user? I would suggest digging more on Domain Driven Design to see how to handle these kind of coupling (using data duplication etc).

    For ex first thing that comes to my mind is to make identityservice not being a seperate microservice and include it in administration service? But probably it is the most used service? Why did you choose to make it a seperate service if it is gonna be coupled to administration service?

    IdentityService, AdministrationService and SaasService are infrastructural services. Their dependency to each will not change when you develop your business services. Think of a case where you have to make a synced call (http request) to user list endpoint. Wouldn't it make more sense to be dependent on to only IdentityService instead of a merged AdministrationService where its main functionality is managing existing modules?

    or how do i need to do decisions when i am seperating monolith project to microservices? Is there any guide or docs or any book to read to learn more about it?

    Deciding how to seperate monolith into microservices is a very popular question that you can find many related answers to that from google. I mostly favor the answer: experience. Hardest part of DDD is deciding bounded contexts (henceforth, dividing monolith context into bounded contexts) which requires domain experts or high knowledge about DDD and experience.

    There is a great free-ebook Domain Driven Design with the ABP Framework i would suggest. And also Domain-Driven Design: Tackling Complexity in the Heart of Software by Eric Evans.

  • User Avatar
    0
    cangunaydin created

    Hello again thank you for the answer.

    What makes you think you have to be coupled to identity service for identity user? I would suggest digging more on Domain Driven Design to see how to handle these kind of coupling (using data duplication etc).

    Actually i was talking about it from the administration microservice perspective, I was looking at the problem like "reduce the number of intersynched communications if it possible". So that was my intuition at the first place but i understand your point.

    There is a great free-ebook Domain Driven Design with the ABP Framework i would suggest. And also Domain-Driven Design: Tackling Complexity in the Heart of Software by Eric Evans.

    Thanks for the suggestions i have already read the Domain Driven Design book from Abp, i will check the Eric Evans's Book also.

    Thanks for the assistance.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15