Bottlenecks

To deliver a high-performance application, you need to identify and address potential bottlenecks in your system. This document outlines some common bottlenecks and how to mitigate them.

Bottleneck	Description	Mitigation
Caching	Storing frequently accessed data in memory to reduce database load.	Use in-memory databases like Redis or Memcached.
Observability	Monitoring the internal state of the system to identify performance issues.	Use tools like Prometheus and Grafana for monitoring.
Messaging	Decoupling components to handle asynchronous tasks.	Use message queues like RabbitMQ or Apache Kafka.
Load Balancing	Distributing incoming traffic across multiple servers to prevent overload.	Use load balancers like Nginx or HAProxy.
Vulnerability Scanning	Identifying and addressing security vulnerabilities in the application.	Use tools like SonarQube, OWASP ZAP, or Snyk for vulnerability scanning.
Payment Processing	Handling payment transactions efficiently and securely.	Use third-party payment gateways like Stripe or PayPal, and ensure proper integration and error handling.
Authentication & Authorization	Managing user permissions and access control efficiently.	Implement role-based access control (RBAC). Or, use OAuth2 for token-based authentication.

Caching

In-memory databases are a great way to improve the performance of your application. They can be used to store frequently accessed data, reducing the need to query the database for every request. Examples of in-memory databases include Redis and Memcached.

Observability

Observability is the ability to measure and understand the internal state of a system based on its external outputs. It is essential for identifying and diagnosing performance issues in your application. Tools like Prometheus and Grafana can help you monitor your application's performance and identify bottlenecks.

Spring + Prometheus + Grafana

This tip provides a basic configuration for integrating Spring Boot with Prometheus and Grafana for monitoring purposes.

Suggested file structure:

📁 microservice
├── 📁 src
│   └── 📁 main
│       └── 📁 resources
│           └──  application.yaml
└──  pom.xml
📁 volume
├── 📁 prometheus
│   └──  prometheus.yml
└── 📁 grafana
    └── 📁 provisioning
        └── 📁 datasources
            └──  datasources.yml
 .env # (1)!
 compose.yaml

VOLUME=./volume

1. pom.xml2. application.yaml3. compose.yaml4. prometheus.yml5. Grafana to Prometheus6. Access Grafana

Add the following dependencies to your pom.xml file:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
    <groupId>io.micrometer</groupId>
    <artifactId>micrometer-registry-prometheus</artifactId>
    <scope>runtime</scope>
</dependency>

Configure the application.yaml file to enable the actuator and Prometheus endpoint:

server:
  port: 8080

spring:
  application:
    name: gateway

management:
  endpoint:
    gateway:
      enabled: true
  endpoints:
    web:
      base-path: /gateway/actuator
      exposure:
        include: [ 'prometheus', 'gateway' ]

Include into the compose.yaml file to set up Prometheus and Grafana:

name: store

services:

  prometheus:
    image: prom/prometheus:latest
    hostname: prometheus
    ports:
      - 9090:9090
    volumes:
      - $VOLUME/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml

  grafana:
    image: grafana/grafana-enterprise
    hostname: grafana
    ports:
      - 3000:3000
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin
    volumes:
      - $VOLUME/grafana:/var/lib/grafana
      - $VOLUME/grafana/provisioning/datasources:/etc/grafana/provisioning/datasources      
    restart: always
    depends_on:
      - prometheus

Connect Prometheus to your Spring Boot application by creating a prometheus.yaml file:

scrape_configs:

  - job_name: 'GatewayMetrics'
    metrics_path: '/gateway/actuator/prometheus'
    scrape_interval: 1s
    static_configs:
      - targets:
        - gateway:8080
        labels:
          application: 'Gateway Application'

  - job_name: 'AuthMetrics'
    metrics_path: '/auth/actuator/prometheus'
    scrape_interval: 1s
    static_configs:
      - targets:
        - auth:8080
        labels:
          application: 'Auth Application'

  # - job_name: 'AccountMetrics'
  #   metrics_path: '/account/actuator/prometheus'
  #   scrape_interval: 1s
  #   static_configs:
  #     - targets:
  #       - account:8080
  #       labels:
  #         application: 'Account Application'

  # - job_name: 'ProductMetrics'
  #   metrics_path: '/product/actuator/prometheus'
  #   scrape_interval: 1s
  #   static_configs:
  #     - targets:
  #       - product:8080
  #       labels:
  #         application: 'Product Application'

  # - job_name: 'OrderMetrics'
  #   metrics_path: '/order/actuator/prometheus'
  #   scrape_interval: 1s
  #   static_configs:
  #     - targets:
  #       - order:8080
  #       labels:
  #         application: 'Order Application'

To connect Grafana to Prometheus, create a datasources.yml file in the provisioning/datasources directory:

apiVersion: 1

datasources:
  - name: Prometheus
    type: prometheus
    access: proxy
    url: http://prometheus:9090
    isDefault: true

After starting the containers and binding the ports to your local machine, you can access Grafana at http://localhost:3000 with the default username admin and password admin. You can then create or import dashboards to visualize the metrics collected from your Spring Boot application.

For more information on how to create dashboards in Grafana, refer to the Grafana documentation.

A nice dashboard for Spring Boot

You can find a nice dashboard for Spring Boot applications in the Grafana dashboard repository: SpringBoot APM Dashboard.

Messaging

Message queues are a great way to decouple your application and improve its performance. They can be used to handle asynchronous tasks, such as sending emails or processing background jobs. Examples of message queues include RabbitMQ and Apache Kafka.

Load Balancing

Load balancing is the process of distributing incoming network traffic across multiple servers. This helps to ensure that no single server is overwhelmed with requests, improving the overall performance and reliability of your application. Tools like Nginx and HAProxy can help you implement load balancing in your application.

How To Configure Nginx as a Reverse Proxy on Ubuntu

Vulnerability Scanning

Vulnerability scanning is the process of identifying and addressing security vulnerabilities in your application. Tools like OWASP ZAP and Snyk can help you identify potential security issues in your code and dependencies.

Entrega

Individualmente, cada aluno deve criar um repositório no GitHub, com a documentação em MkDocs dos exercícios realizados e também com o projeto e entrega o link via BlabkBoard. Na documentação publicada deve constar:

Nome do aluno e grupo;
Documentação das atividades realizadas;
Código fonte das atividades realizadas;
Documentação do projeto;
Código fonte do projeto;
Link para todos os repositórios utilizados;
Destaques para os bottlenecks implementados (ao menos 2 por indivíduo);
Apresentação do projeto;
Vídeo de apresentação do projeto (2-3 minutos);

Um template de documentação pode ser encontrado em Template de Documentação.