CraftConf in sunny Budapest aims to be the conference in Central Europe where developers share what's state of the art in building software. Joining the 2015 edition was an easy choice, after the first edition a year earlier received rave reviews from attendees. Three days, 16 talks and a workshop later I emerged with 6,062 words worth of notes, distilled into a few broad trends that seem to represent the edge of the industry right now.
Microservices entering the mainstream
At SoCraTest 2014, less than a year ago, a lot of people were still asking basic questions about microservices—what they are, how to build them, how are they different from any other SOA approach. Not anymore. CractConf saw a lot of companies sharing battlefield experiences with these architectures—what works, what doesn't, whether to consider the approach at all and how much it will cost.
- Microservices are a means to scale the organization—allow many people to work on the same system, reduce dependencies, and thus enable rapid development without having to coordinate huge releases or continuously breaking one another's code. They're routinely described as “easier to reason about” and built to “minimize the amount of program one needs to think about” by the very virtue of being small and focused on doing one task well.
- Microservice ecosystems at established companies routinely consist of 50+ and even 100+ services, usually built in a whole range of technologies. If a single service is small enough, say “2,000 lines of code", or “takes 6 weeks to build from scratch by a newcomer” (both actual definitions), then building one in a wholly new technology is easily sold as an inexpensive POC.
- All companies successfully implementing microservices started out with monolith applications and afterwards split out the services one at a time. This approach was broadly recommended, even for greenfield projects, because monoliths are easier to refactor while the organization works to research and understand its product better.
- The supporting tooling is already there and mostly quite mature. Early adopters, like Netflix, had to build their own tools, which they later shared and improved with the open source community. Meanwhile, commercial tools popped up, offered by specialized vendors, with support contracts and other conveniences that pointy-haired bosses like so much.
But most importantly:
To benefit from microservices without getting killed, you need to:
- automate everything—builds, testing, deployment, provisioning of virtual machines and container instances. It's the only way to manage hundreds of running service instances.
- monitor everything—each service must have its own health checks, showing whatever information is most relevant. Typically numbers of transactions, timings, latency, hardware utilization, but often also business KPIs. You'll also need a means to track requests flowing through the system, ie. by IDs being passed in service calls. This information must be available to development teams in real time.
- build for failure—crashes, disconnections, load spikes, bugs, all of which will occur more often than with monoliths. Make sure failures are reported, tracked, and the system is self-healing, via techniques like circuit-breakers, bulkheads or resource pools. Work with business representatives to determine for each use case whether consistency or availability are more important, because you cannot always offer both.
Not everyone was pleased with such a high degree of saturation with microservice themes at CraftConf, but that only proves that this architecture is well past the stage of early adoption and entering into the mainstream.
Everybody has an API
The consequence of adopting microservices is that APIs become the norm, starting out internally, and often “sooner than you think” being made available to the outside world, either to support different devices or integrate with 3rd parties. Their costs also became more evident:
- An API is for life. Once it becomes public, it's very difficult to change, so early design mistakes become much more difficult to fix.
- Use techniques that allow you to add new fields and methods to an API without disturbing clients.
- Semantic versioninig, coupled with decent deprecation procedures, help move the process of making backwards incompatible changes.
- You'll still have customers who “missed the memo", whom you may have to offer commercial legacy support for an additional fee.
- Create good documentation, generated and published automatically.
- Assign people who will be monitoring community sites, like StackOverflow, for questions regarding your API.
@ade_oshineye (of Apprenticeship Patterns fame) was spot-on summarizing the process of deciding whether to create an API by showing an analogy to puppies—everybody wants one, but not everyone is ready.
Moving towards Domain-Driven Design
Frameworks these days tend to dictate the design of applications by suggesting organizing code by layers into packages like
views. The consequence is that:
- modifications to a single business scenario require often changing code in many packages,
- it's all too easy for components to reach into layers outside their hierarchy, too deep down for their own good, while they should only be calling public APIs,
- there's very little information presented by the package structure on what the application does.
Several speakers postulated that this should stop and instead code should be packaged by business units, with relevant models and controllers sharing the same packages. Encapsulation could further be improved by changing method and component access to
package instead of the common
public. It's an old theme that finally seems to be getting traction, with past support from developer celebrities like Uncle Bob:
What do you see? If I were to show you this and I did not tell you that it was a Rails app, would you be able to recognize that it is, in fact, a Rails app? Yeah, looks like a Rails app.
Why should the top-level directory structure communicate that information to you? What does this application do? There's no clue here!
Robert Martin, Architecture, the Lost Years
Well worth watching.
TDD and Agile now taken for granted
Two themes notably absent from the vast majority of CraftConf talks were TDD and Agile. They implicitly became accepted as defaults—the baseline, cost of entry and survival in the game of software development.
- Microservices will only reach their full potential when their owning teams can work and make decisions independently from central authority, including frequent deployments to production.
- Frequent, decentralized deployments require comprehensive, automated test coverage.
- TDD drives the design of code, meaning every line exists only to make a failing test pass. “Every new line of immediately becomes legacy code” so code as little as possible.
- Google continues to build new tools to satisfy business problems they are facing—tools that often get adopted company-wide, but never enforced. They call it an evolutionary approach, where the best ideas will be adopted simply on merit, while the others will die in obscurity.
- @cagan argued how the whole top-down oriented product design cycle is broken by being grossly inaccurate and too heavy, and companies need to adopt bottom-up idea spawning and rapid testing instead.
- Transparency is key, so that everybody can make better decisions based on as much information as possible.
Oh, and “doocracy” is a word now:
A vibrant community
It's been a blast to mingle with some of the 1,300 energetic attendees, meeting friends, old and new. @MrowcaKasia and @kubawalinski turned from Twitter handles into real, live, and engaging persons. The slightly grumpy but ever competent @maniserowicz is always a pleasure to meet, and then there's the whole SoCraTes gang of @leiderleider, @c089, @Singsalad, @egga_de and @rubstrauber, whose passion for community and craftsmanship continues to inspire.
The 2015 CraftConf was only the second edition, but already organized with such painstaking detail, that I can easily call it the best conference I've ever been to. The team's already fishing out and working to improve what didn't quite work this year, so next year's event is bound to be even more polished.
*[API]: Application Programming Interface *[DDD]: Domain-Driven Design *[KPIs]: Key Performance Indicators *[POC]: Proof of Concept *[SOA]: Service-Oriented Architecture *[TDD]: Test-Driven Development