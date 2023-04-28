3. Duplicate implementation of authentication in every service

Every time we wanted to extend our function, we were supposed to create and connect to another service. Micro services or monolithic won't change the fact that we need to build mutual authentication between different services.

There are different ways of implementing authentication. In my projects, the most common way has been to use a signed JWT token and do public key signature check on each service, as well as some other embedded payload check, such as audience and other customized properties.

One of our clever ideas is to use an owned universal login system and a well-encapsulated shared library to handle the verification of JWT tokens.

Furthermore, since we were already using kubernetes, Service Mesh was very useful. We also tried to use some existing services that Istio provides, such as Authentication Policy, to delegate our token verification work.







4. Complicated logic for service failure retries

Every outgoing request in backend service may fail, and not just because the IO exception is a checked exception on some platforms.

Most of the time there will be hundreds of error responses when the downstream requests fail, but sometimes we want to increase the possibility to make our service work and retry the failure request.

Defining a pattern of retry in the system isn’t easy, and will be even more complicated when we try to have a backoff logic once it fails again.

For those projects where we use advanced programming languages, such as Kotlin, things become easier with syntactic sugar to simplify our logic. We can make a runIO and retry tool function to support.

For our projects using Kubernetes, Service Mesh saved us time. All the network stuff was already part of the service mesh infrastructure layer of work. With Istio, we could easily define the retry policy out of the program and make things look much neater and discoupled.