Deploy a Containerized Video Application Using GraphQL and NoSQL

Consider a video-on-demand streaming application. It streams various shows customers across the globe watch. Shows can have a number of seasons, and a season can have multiple episodes. You need a modern, persistent metadata store to keep track of this customer activity.

In general, customers are interested in tracking things like the episodes they watch, the watch time per episode, the total number of seasons watched, and so on. Customers also want streaming applications to start streaming from where they left off watching - after all, who wants to start from the beginning again?

This architecture walks you through a video-on-demand streaming application composed of several microservices using various Oracle Cloud Infrastructure services. In this architecture, the focus is on an activity tracking microservice. The backend of the streaming application collects data to generate reports such as the most popular shows and average watch time per show.



Architecture

This application uses a three-tier architecture, representing the brains of the application. The features of these services enable you to build a serverless production application that is highly available, scalable, and secure. Applications can use thousands of servers, however, by leveraging the serverless paradigm, you do not have to manage a single one.

Recently, REST has become the standard for designing web APIs. The REST architectural style allows for running on stateless servers, and offers structured access to resources. However, REST APIs have shown to be inflexible when keeping up with the rapidly changing requirements of the clients that access them, such as, increased mobile usage, low-powered devices, and sloppy networks.

For those applications, we looked for a solution that minimized data transferred over the network and allowed users to query data easily by directly using an API.

GraphQL is an open-source data query and manipulation language for APIs you can code in many different languages. GraphQL provides a complete and easy to understand description of the data in your API, while providing runtime capabilities to fulfill queries with existing data. Although GraphQL is often confused with being a database technology, GraphQL isn't tied to any specific database or storage engine, but instead is backed by your existing data.

Modern application developers have many choices when faced with deciding when and how to persist a piece of data. In recent years, NoSQL databases have become increasingly popular, and are now seen as one of the necessary tools every application developer must have at their disposal. While 'tried and true' relational databases are great at solving classic application problems like data normalization, strict consistency, and arbitrarily complex queries to access that data, NoSQL databases take a different approach.

Running containerized applications can require considerable overhead from instantiating virtual machines, installing components to run container images (and all the dependencies to support them including software and operating system updates), and monitoring applications to ensure they are running optimally, are available, and are uncompromised.

As a developer, you can connect to the Oracle NoSQL Database Cloud Service and work with NoSQL tables using the NoSQL SDKs available in many languages. Oracle Cloud Infrastructure Container Instances is a fully managed service and suitable for containerized workloads that do not require a container orchestration platform like Kubernetes for the deployment of the GraphQL application. Use Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications.

Oracle Cloud Infrastructure API Gateway enables you to publish APIs with private endpoints that are accessible from within your network, which you can expose with public IP addresses if you want them to accept internet traffic. The endpoints support API validation, request and response transformation, CORS, authentication/authorization, and request limiting.

This all provides a serverless experience that lets customers focus on adding value to their applications instead of deploying and managing infrastructure.

Here are some of the benefits of using Oracle NoSQL Database Cloud Service:

  • Data Modeling: Oracle NoSQL Database Cloud Service supports both schema-based and schema-less (JSON) modeling. It offers an intuitive way to develop GraphQL-based applications. The GraphQL schema is designed using nested data structures, matching what developers will use when doing NoSQL Data Modeling. A native choice.
  • Faster Development Lifecycle: Developers write their applications. Oracle performs database management, storage management, high availability, and scalability, to help developers concentrate on delivering high-performance applications. Developers deploy and manage tables, or table hierarchies, not clusters or databases for their GraphQL microservices.
  • Identity Access and Management: Oracle NoSQL Database Cloud Service uses the Oracle Cloud Infrastructure Identity and Access Management to provide secure access to Oracle Cloud. Oracle Cloud Infrastructure Identity and Access Management enables you to create dynamic groups and give permission to inspect, read, use, or manage Oracle NoSQL Database Cloud Service tables.
  • Data Safety in Redundancy: The Oracle NoSQL Database Cloud Service stores data across multiple availability domains (ADs), or fault domains (FDs) in single AD regions. If an AD or FD becomes unavailable, user data is still accessible from another AD or FD. Requests to a region endpoint are not specific to AD/FD, so AD/FD unavailability is transparent.
  • High Performance and Predictability: Oracle NoSQL Database Cloud Service takes advantage of the latest component technologies in the Oracle Cloud Infrastructure by providing high performance at scale. Developers know that their applications return data with predictable latencies, even as their throughput and storage requirements increase.
  • Fully Managed with Zero Administration: Developers do not need to administer data servers, or the underlying infrastructure and security. Oracle maintains the hardware and software which allows developers to focus on building applications.
  • On-Demand Throughput and Storage Provisioning: Oracle NoSQL Database Cloud Service scales to meet application throughput performance requirements with low and predictable latency. As workloads increase with periodic business fluctuations, applications can increase their provisioned throughput to maintain a consistent user experience. As workloads decrease, the same applications can reduce their provisioned throughput, resulting in lower operating expenses. With on-demand capacity, you don't need to provision the read or write capacities for each table. You only pay for the read and write units that are actually consumed.

The following diagram illustrates this reference architecture.



containerized-video-app-graphql-nosql-architecture.zip

The architecture has the following components:

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within the Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in the Oracle Cloud within your tenancy.

    A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domain

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle NoSQL Database Cloud Service. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • API Gateway

    Oracle API Gateway enables you to publish APIs with private endpoints that are accessible from within your network, and which you can expose to the public internet if required. The endpoints support API validation, request and response transformation, CORS, authentication and authorization, and request limiting.

  • Identity and Access Management (IAM)

    Oracle Cloud Infrastructure Identity and Access Management (IAM) is the access control plane for Oracle Cloud Infrastructure (OCI) and Oracle Cloud Applications. The IAM API and the user interface enable you to manage identity domains and the resources within the identity domain. Each OCI IAM identity domain represents a standalone identity and access management solution or a different user population.

  • Policies

    An Oracle Cloud Infrastructure Identity and Access Management policy specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy.

  • NoSQL Database

    Oracle NoSQL Database Cloud Service makes it easy for developers to build applications using document, columnar and key-value database models, delivering predictable single digit millisecond response times with data replication for high availability. The service offers ACID transactions, serverless scaling, comprehensive security, and low pay-per-use pricing for both on-demand and provisioned capacity modes, including 100% compatibility with on-premises Oracle NoSQL Database.

  • Container Instances

    Oracle Cloud Infrastructure Container Instances is a serverless compute service that enables you to instantly run containers without managing any servers.

  • Container Engine for Kubernetes

    Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.

Recommendations

Use the following recommendations as a starting point. Your requirements might differ from the architecture described here.
  • API Gateway

    The API Gateway can be used to provide an initial level of screening and usage controls such as:

    • Service authentication and authorization
    • Service controls such as rate limiting
    • Capture of service use analytics

    The API Gateway (not the firewall, or load balancer) should perform solution-aware routing so any endpoints not being satisfied by the GraphQL capabilities can be directed to the correct location. Consideration should be given to reasonable rate limits, based on both the maximum performance capability supported by the backend solutions, as well as peak entitlement of any one service user.

Considerations

Consider the following when deploying this reference architecture.

  • Security

    You should address application-level security at the API Gateway. You can address fine-grained GraphQL specific security (for example, attribute level access) by utilizing GraphQL directives such as @auth.

Deploy

To deploy this architecture, follow the instructions for activity tracking app deployment in this Live Lab:

Acknowledgments

Authors:

  • Dario Vega
  • Michael Brey