How do you deploy Microservices?
1) Package each service
- Containerize: Dockerfile per service (multi‑stage builds, minimal base images).
-
Versioning: Semantic tags (e.g.,
orders:1.4.2), immutable images. - Artifacts: Push to a private registry.
2) Continuous Integration (CI)
- Build & Test: unit → contract → integration (with test doubles).
- Security: SAST/dep scans, container scan.
- Image signing: Sigstore/Cosign.
3) Infrastructure (pick your runtime)
- Kubernetes (common choice): Pods/Deployments, Services, Ingress/Gateway API.
- Serverless: AWS Lambda/Cloud Run for event‑driven services.
- VMs: Systemd + Consul/NGINX if K8s is overkill.
- IaC: Terraform/Pulumi to provision clusters, networks, registries, DBs.
4) Configuration & Secrets
- Externalized config: env vars, ConfigMap; keep prod overrides in Git.
- Secrets: K8s Secrets + cloud KMS/Secret Manager; rotate regularly.
- Runtime flags: feature flags (LaunchDarkly/Unleash) for safe rollouts.
5) Service Networking
- Service discovery: K8s DNS/Service, or Consul/Eureka.
- Ingress/API Gateway: NGINX/Envoy/API Gateway; auth, rate limits, routing.
- (Optional) Service Mesh: Istio/Linkerd for mTLS, retries, traffic policy.
6) Data changes
- Migrations: expand‑contract; run schema migrations as jobs before traffic shift.
- Per‑service DB: avoid shared schemas; use read models for joins.
7) Deployment strategies
- Rolling update: default; gradual pod replacement.
- Blue‑Green: stand up “green,” run checks, flip traffic; instant rollback.
- Canary: route small % to new version; promote on SLOs.
- A/B: header/user‑segment based routing via gateway/mesh.
8) Observability
- Logs: structured JSON + correlation IDs; ship to ELK/OpenSearch.
- Metrics: RED/Golden signals; Prometheus + Grafana; SLOs & alerts.
- Tracing: OpenTelemetry, trace context propagated across services.
- Health checks: liveness/readiness/startup for safe rollouts/autoscaling.
9) Resilience & policy
- Timeouts/retries/circuit breakers: client libraries or mesh policies.
- Autoscaling: HPA on CPU/RPS/custom metrics; Pod disruption budgets.
- Security: mTLS, network policies, image policies (admission controllers), least‑privilege IAM.
10) Continuous Delivery (CD)
- Pipelines: GitHub Actions/GitLab CI/Argo Workflows.
- GitOps: Argo CD/Flux watches a Git repo (Helm/Kustomize) and syncs declaratively.
- Promotion flow: dev → staging (full e2e, load tests) → prod with manual/auto gates.
11) Runbooks & rollback
- Automated rollback on SLO breach/canary fail.
- Runbooks: clear steps for incidents, feature freeze/rollback, data backfills.
Minimal examples
Dockerfile (multi‑stage Java)
FROM maven:3.9-eclipse-temurin-21 AS build
WORKDIR /app
COPY pom.xml ./
COPY src ./src
RUN mvn -q -DskipTests package
FROM eclipse-temurin:21-jre
WORKDIR /app
COPY --from=build /app/target/app.jar /app/app.jar
ENTRYPOINT ["java","-jar","/app/app.jar"]
Kubernetes Deployment + Service
apiVersion: apps/v1
kind: Deployment
metadata: { name: orders }
spec:
replicas: 3
selector: { matchLabels: { app: orders } }
template:
metadata: { labels: { app: orders } }
spec:
containers:
- name: orders
image: registry.example.com/orders:1.4.2
ports: [{ containerPort: 8080 }]
env:
- name: DB_URL
valueFrom: { secretKeyRef: { name: orders-secrets, key: dbUrl } }
readinessProbe: { httpGet: { path: /ready, port: 8080 }, initialDelaySeconds: 5 }
livenessProbe: { httpGet: { path: /live, port: 8080 }, initialDelaySeconds: 15 }
---
apiVersion: v1
kind: Service
metadata: { name: orders }
spec:
selector: { app: orders }
ports: [{ port: 80, targetPort: 8080 }]
Helm/GitOps tip: keep per‑env values in values-dev.yaml, values-prod.yaml; Argo CD tracks the chart and promotes via PRs.
Checklist (print‑worthy)
- Container images are immutable & signed
- Config/secrets externalized & rotated
- Health checks, metrics, logs, traces wired
- Rolling/Blue‑Green/Canary defined + auto‑rollback
- DB migrations expand‑contract
- Timeouts/retries/circuit breakers set
- GitOps + IaC for reproducibility