
What Are Microservices? [Costs and Benefits] - peter_heard01
https://www.logicroom.co/what-are-microservices-costs-and-benefits/
======
tracker1
I think that TFA is underplaying the cost of setting up CI/CD pipelines with
any manual review step, as well as simply orchestrating application/service
settings between micro services.

Docker and docker tooling in the big clouds has come a long way, but are
isolated to that cloud platform. Docker Cloud, imho is one of the nicer
options, that allows for multi-cloud and on-prem deployments, but even then
doesn't take care of a few issues.

In my mind, there are several things that are needed for a successful
microservice stack, beyond the micro services themselves.

    
    
        PKI - some means of having a microservice deployment 
        request it's own private key cert securely.  Not 
        embedded in the deployment asset.  Inter-service 
        api requests using signed jwt including a request id
        not to be reused.
    
        Configuration - environment configuration, A/B testing, 
        and other services in the system.  This may need a 
        service registry (maybe backed by etcd or similar).
    
        In-memory cache - something like Redis/memcache on each 
        node for local caching of near-term data (IP request 
        counts, error counts, other memory cache)
    
        Persistent cache - kv store backed by db for cached 
        records that exceed memory, but can avoid more costly 
        lookups.  C*, RethinkDB, Mongo may be good choices 
        here.
    
        Authentication service... something to manage user 
        auth separately from the apps/services and act as 
        an SSO end point.  OAuth/jwt, etc.
    
        Auto-updating load balancer... blue/green deploy 
        process combined with a load balancer that will detect 
        changes and upate itself.
    

Just getting those details right... not counting other application databases,
and the ci/cd is huge. It starts with a secure means of getting one's security
context, using that to request other configurations/services to communicate
with (not discounting dns-based structures), having those services available
to authenticate users, and the ability to securely make requests.

None of the options offers all of this in the box, there are parts, and
depending on where/how you deploy this is complex to _very_ complex in terms
of getting these underpinnings in place.

