For organizations that are planning to migrate an existing monolithic application to microservices, the upfront infrastructure investment is very significant. Some essential services must be implemented before deploying a large number of services.
Usually, you can start building several services and deploy them to your existing data center; however, once you have a dozen services running with multiple instances, you will need supporting services for security, tracing, monitoring, metrics, etc.
The following are some of the important services recommended by Light. Some of them are built ourselves as existing products on the market cannot meet our requirement with microservices in the cloud. For example, light-oauth2 and light-portal. Other services are our picks of industry leaders, and the list is changing as the landscape of cloud-native computing is changing dramatically these days.
light-oauth2 is our security service built on top of light-rest-4j to protect services accessed by the unauthorized client. It has a unique feature to facilitate the service to service communication with two tokens.
- Why this OAuth 2.0 Provider
- Getting started
- Authorization Code - Authenticate to OAuth 2.0 and get authorization code
- SPNEGO/Kerberos - Authenticate to OAuth 2.0 with SPNEGO/Kerberos
- Token Endpoint - Token endpoint of OAuth 2.0 provider
- Signing Endpoint - Securely exchange information between microservices
- Service Registration - Service registration endpoints
- Client Registration - Client registration endpoints
- User Management - User management endpoints
- Key Distribution - Public key certificate distribution
- Refresh Token - Refresh token service
- Provider Registration - Oauth provider server service
- Custom grant type - Client authenticated user grant type
- PKCE PKCE implementation
- OpenID Connect OpenID Connect implementation
oauth-kafka is our enterprise OAuth 2.0 provider built on top of light-kafka and kafka streams for event sourcing and CQRS. It is scalable and integrated with light-portal. The light-oauth2 will still be available for users who want to put everything together on a desktop or a laptop. The API interface is the same and the serviceIds are slightly different. This component is available for enterprise customers and subscription services will be available from light-portal site.
light-portal is an API runtime management and marketplace. In the service mesh context, it is the control plane.
light-controller is a standard edition of global registry and discovery service with runtime monitoring.
light-scheduler is an distributed schedueler based on Kafka and Kafka Streams for cloud applications.
light-router is a proxy service that can help an external or a legacy client access cloud-native microservices by encapsulating consumer side cross-cutting concerns into a microservice as a distributed gateway.
light-proxy is a proxy service that can bring legacy REST API to the Light ecosystem by encapsulating all provider side cross-cutting concerns into a microservice as a distributed gateway.
light-gateway is a combination of light-router and light-proxy that can be deployed as a standalone service on the client/application host, or service/API host, or as an API gateway.
http-sidecar is a service mesh sidecar to address cross-cutting concerns for both incoming and outgoing traffic for a backend API in the same pod.
kafka-sidecar is a service mesh sidecar to address cross-cutting concerns for backend API to interact with Kafka.