Michael Hofmann
Architect
Actions
Michael Hofmann is a freelance architect, consultant and developer. He has been gaining project experience for more than 2 decades on the German and international scenes, mainly in the areas of software architecture, Enterprise Java and DevOps. Since 2015, he has been increasingly involved with topics related to microservices architectures. In addition to his project assignments, he is active as a speaker at various conferences or as an author of professional articles and books.
Links
The Easy Way To Secure Microservices
Every microservice in production must be secured. In order to ensure this, there is a significant additional effort compared to a monolithic system due to the high number of services. If the operation then still takes place in a public cloud, neither the communication within the infrastructure of the cloud provider nor the connection via the Internet may be unencrypted. In addition, corresponding authorization checks must take place in each individual service.
This session shows how easy and effortless it is to implement security measures with a service mesh tool like Istio. With a few small Istio rules, all communication in the service mesh is secured with mutual TLS (mTLS). Basic checks of service-to-service communication and end-user authorization using JWT can also be delegated to Istio. The extended authorization checks within a Java service are illustrated using the MicroProfile specifications.
Crashing Pods - How To Compensate For Such An Outage?
Kubernetes offers a lot of functionalities to keep the downtime of pods very low. Graceful shutdown and zero downtime deployments are definitely possible with Kubernetes. However, this only applies to the proper transition of containers or pods. Despite all precautions taken by Kubernetes, it can happen that a service crash leads to HTTP 5xx responses. Other measures must be taken to fully compensate for services that are in such an error state.
This session shows why the classic approach with a resilience framework cannot completely solve these types of problems. For this purpose, the pod lifecycle is taken into account and the Kubernetes workflow for replacing faulty pods is analyzed. One possible solution strategy is client side load balancing. A service mesh tool like Istio is used to demonstrate what it takes to achieve full compensation using this strategy.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top