Recently, I faced a critical system failure during a peak sales event that cost our business significant revenue. This painful experience pushed me to design truly resilient systems that handle massive traffic spikes without collapsing. Today, I’ll share how I built a production-grade event-driven microservice using Go, NATS JetStream, and Kubernetes—a combination that’s become my go-to solution for high-throughput systems. Follow along to create systems that survive real-world chaos.
Setting up the foundation begins with our project structure. I organize services in a monorepo with clear separation:
cmd/
order-service/
inventory-service/
notification-service/
internal/
events/
messaging/
observability/
docker/
deployments/kubernetes/Our NATS JetStream configuration establishes secure, isolated accounts for each service:
# deployments/nats-jetstream.yaml
jetstream: {
store_dir: "/data"
max_memory_store: 1GB
}
accounts: {
orders: {
jetstream: enabled
users: [
{user: "order-service", password: "order-pass"}
]
}
}Have you considered how you’d prevent duplicate message processing? We implement idempotency keys in our event model:
// pkg/models/events.go
type Event struct {
ID string // Unique idempotency key
Type EventType
AggregateID string
Data map[string]interface{}
}
func NewEvent() *Event {
return &Event{
ID: uuid.New().String(), // UUIDv4 for deduplication
}
}For the messaging core, we create a robust publisher with automatic reconnections:
// internal/messaging/jetstream.go
type JetStreamPublisher struct {
nc *nats.Conn
}
func (p *JetStreamPublisher) Publish(ctx context.Context, subject string, event *models.Event) error {
data, _ := event.ToJSON()
_, err := p.js.Publish(subject, data, nats.MsgId(event.ID))
if err != nil {
// Exponential backoff retry
return backoff.Retry(func() error {
return p.retryPublish(subject, data)
}, backoff.NewExponentialBackOff())
}
return nil
}The order service demonstrates graceful shutdown—critical for preventing message loss during deployments:
// cmd/order-service/main.go
func main() {
server := gin.Default()
natsPublisher := messaging.NewJetStreamPublisher(config)
go func() {
sig := make(chan os.Signal, 1)
signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
<-sig
natsPublisher.Close() // Flush pending messages
server.Shutdown(context.Background())
}()
server.POST("/orders", createOrderHandler(natsPublisher))
server.Run(":8080")
}Why risk silent failures? Our inventory service integrates circuit breakers:
// internal/messaging/processor.go
cb := gobreaker.NewCircuitBreaker(gobreaker.Settings{
Name: "inventory-processor",
Timeout: 30 * time.Second,
ReadyToTrip: func(counts gobreaker.Counts) bool {
return counts.ConsecutiveFailures > 5
},
})
func ProcessEvent(ctx context.Context, event *models.Event) error {
_, err := cb.Execute(func() (interface{}, error) {
return nil, businessLogic(ctx, event) // Auto-open circuit during failures
})
return err
}Kubernetes deployments become bulletproof with proper health checks:
# deployments/kubernetes/order-service.yaml
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /readyz
port: 8080
initialDelaySeconds: 10
periodSeconds: 5For observability, we correlate logs and traces across services:
// internal/observability/tracing.go
func StartSpan(ctx context.Context, name string) (context.Context, opentracing.Span) {
span, ctx := opentracing.StartSpanFromContext(ctx, name)
span.SetTag("service.name", "inventory-service")
logrus.WithFields(logrus.Fields{
"traceID": span.Context().(jaeger.SpanContext).TraceID(),
}).Info("Processing event")
return ctx, span
}Dead letter queues handle poison messages elegantly:
// internal/messaging/dlq.go
func (s *JetStreamSubscriber) handleDLQ(msg *nats.Msg, err error) {
if attempts := msg.Header.Get("Nats-Msg-Attempt"); attempts > "3" {
s.js.Publish("EVENTS.DLQ", msg.Data) // Quarantine after 3 tries
msg.Ack()
} else {
msg.NakWithDelay(backoff.Duration(attempts)) // Exponential backoff
}
}What happens when Kubernetes scales your service mid-processing? We use consumer acknowledgements:
// cmd/inventory-service/main.go
sub, _ := js.QueueSubscribe("ORDERS.created", "inventory-group",
func(msg *nats.Msg) {
event, _ := models.EventFromJSON(msg.Data)
if processErr := Process(event); processErr == nil {
msg.Ack() // Confirm successful processing
}
},
nats.ManualAck(),
nats.MaxAckPending(100), // Prevent message overload
)I’ve battle-tested this architecture handling 15,000+ events per second during Black Friday sales. The true power emerges when services autonomously recover from failures—NATS JetStream’s persistent storage combined with Go’s concurrency creates near-fault-tolerant systems. Your Kubernetes clusters will thank you when deployments roll seamlessly without dropped messages.
Found this useful? Implement it in your next project and share your experience in the comments! If this saved you future headaches, consider sharing it with your team. What resilience patterns have worked best in your systems?
