How to use Hsytrix to be the gateway for multiple webapps - hystrix

We have many web apps deployed in tomcat container. All these applications, make REST API calls to a couple of external services. What we want is all these rest API calls (across these web apps) to be going via single Hystrix gateway so we can build resiliency into the system. Any idea how to do this? If these independent web apps package hystrix in their own war then there will be multiple hystrix instances created? How to have a single instance of Hystrix per JVM which should deal with multiple web apps ?
Thanks,
Sidd

You need a gateway that will serve as a reverse proxy to dispatch incoming requests to the different services. This gateway can implement hystrix commands in order make the calls to the different external services.
Look at Zuul made by Netflix it's the most popular choice in terms of gateways. Hystrix is already in place and wraps the different external calls. You can also use spring cloud Netflix which includes an embedded Zuul proxy, here's an example: https://spring.io/guides/gs/routing-and-filtering/

Related

Is there a way to limit only allow incoming requests from other App Engine services?

I have four services running within the same app on App Engine. I have a frontend SvelteKit application, and three backend services. If possible, I'd like to set up security in such a way that the backend services will only accept HTTP requests from the frontend application (which sends all API requests via its Node server).
Is there a way of doing this without spending a load of money on a Serverless VPC Access connector?
Ideally I want to keep these all within the same GCP project as well. So far the only solution I can come up with is to ship the services with a secret that they check against when receiving a request, but there must be a better way to do it.
Take a look at Identity Aware Proxy
Pay attention to the part of the above documentation that says
In order to make a resource publicly-accessible (while sibling resources are restricted), grant the IAP-secured Web App User role to allUsers or allAuthenticatedUsers.
Per your use case, your front-end application will be available to the public while your 3 backend services will only be available to the front-end application
Since your backend services are now secured (via IAP), you have to programmatically invoke them in your front end. See documentation on how to do that.

How can I deploy an angular-spring-postgres application on gcp?

I'm new to GCP and currently, I try to deploy all my applications on their services.
For an application in a single container I use CloudRun which I already really like.
Now I want to deploy an application that uses Angular in the frontend and spring in the backend and a SQL-DB (Postgres). Every part of this is in its own separated container.
Should I use for this purpose although CloudRun or does GCP have more suitable services I should consider to use if I want to host a scalable and serverless Application? So is there such a thing as the best practice for Frontend-backend architecture applications on GCP?
I recommend you to use these services:
Cloud SQL to host the database. It's managed for you and efficient
Cloud Run for the business tier (the spring application).
Be careful, with spring the cold start can take several seconds. I wrote an article on this (the article is quite old and the perf are now better on Cloud Run, but the latency on the first request exists (and take 5 - 7s for an hello world container)). Add several CPU (4 is a good number) to speed up the cold start or use the --min-instance parameter for this (or other solution that you can find in one of my articles)
For the front end, I recommend you to host the static files on Cloud Storage.
To serve this on internet, put a Load Balancer in front of this
Create a serverless network endpoint group (NEG) for Cloud Run service
Create a Cloud Storage backend to serve the static files.
Use the domain that you want and serve it in SSL
Optionally, use CDN to cache your static files.
CloudRun runs stateless containers. It doesn't make a distinction between frontend and backend, or worker jobs.
You can run your frontend, backend, admin code base as Cloud Run service.
Next to these you setup Cloud SQL for your operational database, and connect the Cloud Run services with the Cloud SQL connector so they are able to use for read/write queries.

Using Docker compose within Google App Engine

I am currently experimenting with the Google App Engine flexible environment, especially the feature allowing you to build custom runtimes by providing a Dockerfile.
Docker provides a really nice feature called docker-compose for defining and running multi-container Docker applications.
Now the question is, is there any way one can use the power of docker-compose within GAE? If the answer is no, what would be the best approach for deploying a multi-container application (for instance Nginx + PHP-FPM + RabbitMQ + Elasticsearch + Redis + MongoDB, ...) within GAE flexible environment using Docker?
It is not possible at this time to use docker-compose to have multiple application containers within a single App Engine instance. This does seem however to be by design.
Scaling application components independently
If you would like to have multiple application containers, you would need to deploy them as separate App Engine services. There would still only be a single application container per service instance but there could be multiple instances of each service. This would grant you the flexibility you seek of scaling each application component independently. In addition, if the application in a container were to hang, it could not affect other services as they would reside in different VMs.
An added benefit of deploying each component as a separate service is that one need not use the flexible environment for every service. For some very small tasks such as API backends or serving relatively slow-changing web content, the standard environment may suffice and may be less expensive at low resource levels.
Communication between components
Since one of your comments mentions getting instance IPs, I thought you might find inter-service communication useful. I'm not certain for what reason you wish to use VM instance IPs but a typical use case might be to communicate between instances or services. To do this without instance IPs, your best bet is to issue HTTP request from one service to another simply using the appropriate url. If you have a service called web and one called api, the web service can issue a request to api.mycustomdomain.com where your application is hosted and the api service will receive a request with the X-Appengine-Inbound-Appid header specified with your project ID. This can serve as a way a identifying the request as coming from your own application.
Multicontainer application using Docker
You mention many examples of applications including NGinx, PHP-FPM, RabbitMQ, etc.. With App Engine using custom runtimes, you can deploy any container to handle traffic as long as it responds to requests from port 8080. Keep in mind that the primary purpose of the application is to serve responses. The instances should be designed to start up and shut down quickly to be horizontally scalable. They should not be used to store any application data. That should remain outside of App Engine using tools like Cloud SQL, Cloud Datastore, BigQuery or your own Redis instance running on Compute Engine.
I hope this clarifies a few things and answers your questions.
You can follow following steps to create a container with docker-compose file in Google App Engine.
Follow link
You can build your custom image using docker-compose file
docker-compose build
Create a tag for local build
docker tag [SOURCE_IMAGE] [HOSTNAME]/[PROJECT-ID]/[IMAGE]
Push image to google registry
docker push [HOSTNAME]/[PROJECT-ID]/[IMAGE]
deploy Container
gcloud app deploy --image-url=[HOSTNAME]/[PROJECT-ID]/[IMAGE]
please add auth for docker commands to run.

What are the advantages of using Google Cloud Endpoints, explained in non-technical terms with examples?

I have previously used
#app.route('/mypage/<int:myvariable>/')
to create rules for what should happen when users land on different urls on my website. I have done this on local machines that have been running on my own virtual servers.
Now I am learning to publish my first web app to Google App Engine. I have heard that I should be using Google Cloud Endpoints instead of the route decorator.
#endpoints...
I've read a few articles about endpoints and some of the benefits of endpoints that they list are:
Endpoints makes it easier to create a web backend for web clients and mobile clients
Endpoints free you from having to write wrappers to handle communication with App Engine
Even if I have read this I can't wrap my head around what this means. I don't understand it. Can you explain in non-technical terms with examples what the advantages of using #endpoints is compared to alternatives? The alternative that I am familiar with is #app.route.
Google Cloud Endpoints can be thought of as a subset of #app.route. They are intended to solve the API backend problem for mobile and javascript clients. They are not intended to serve web pages and other hypermedia. You can use the normal routing methods of your framework of choice to create a web service for your application but Google Cloud Endpoints takes care of a lot of boilerplate for you.
There are a lot of limitations with Google Cloud Endpointsso be sure to familiarize yourself with them before committing. For one, you cannot host Google Cloud Endpoints on a custom domain name. They are only accessible via <app_id>.appspot.com/_ah/api/*
Endpoints makes it easier to create a web backend for web clients and
mobile clients
What this means is that you can create one backend and then iOS, Android and Web-apps (via Javascript for example), can execute your API methods with specific client generated libraries.
This is convenient if you are building a backend that you want to be easily accessed via smartphones or through a web browser.
Endpoints free you from having to write wrappers to handle
communication with App Engine
With Endpoints you can generate client libraries (e.g. Android, iOS, Javascript) that you can then execute your API methods. You don't have to worry about writing a bunch of additional code to do that.
My Opinion:
I have never used Cloud Endpoints to make a web-app but it is very convenient if you are making a mobile app for iOS and Android because you can access your backend with both platforms.
One reason you might want to use Cloud Endpoints for a web-app instead of something else is because of Datastore. Datastore is the way Cloud Endpoints stores data. It is a NoSQL storage method which is kinda tricky to wrap your head around at first if you come from a relational database background, but once you get it, it makes a lot of sense.

Does Google App Engine charge for network traffic between apps?

I am going to build an API for my mobile app using GAE. I am looking for a way to separate the whole application into separate services, trying out the microservice architecture.
The problem is there seems to be no information about any VPN or private network between GAE apps. Therefore, based on my understanding, when one of the GAE apps sends HTTP requests to other GAE apps in same account, its traffic will be treated as Internet traffic and therefore I will be charged for outbound bandwidth.
Am I correct?
Yes.
App Engine applications/Cloud Platform projects are isolated from each other by default, even if they were created using the same Google account.
Consider looking into Modules (link for Java) to implement individual services of your application.

Resources