Advertisement
Check these out next
Serverless patterns
Feb. 25, 2021•0 likes•766 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
This talk is a quick journey into the reasoning and beauty of serverless approach to architecture. Let's go through the platform (vendor-based, container-based, function vs service vs job) and function (functionlith/lambdalith, fat function, single purpose function, step function, routing function, circuit breaker function etc.) patterns that serverless community has come up so far with and some more. It's going to be fun!
Andrey AdamovichFollow
Software Delivery Expert at Aestas ITAdvertisement
Advertisement
Advertisement
Recommended
Serverless patternsAndrey Adamovich
Yamlware and the state machineAndrey Adamovich
Infrastructure as code 101Andrey Adamovich
SQL Azure in deepKyrylo Bezpalyi
Arc305 how netflix leverages multiple regions to increase availability an i...Ruslan Meshenberg
Cassandra serving netflix @ scaleVinay Kumar Chella
Serverless patterns
- 01
- 02
- 10-12 March 2021 03
- Let's start! 04
- What is serverless? 05
- Look ma, no servers! 06
- Serverless I do not want to care about the servers! “ 07
- Serverless may also mean Containerless/Dockerless Orchestratorless/Kubernetesless • • 08
- Serverless is not... Serverless != Costless Serverless != FaaS Serverless != Operationless • • • 09
- Serverless = Servicefull 10
- Compute models L1: Hardware machines L2: Virtual machines and hypervisors L3: Containers and orchestrators L4: Functions and services • • • • 11
- Serverless is... a spectrum (not a boolean) an operational construct a billing model (pay as you go) an architecture style (split your monolith) • • • • 12
- Idea to production 13
- Note Every organization that I worked with in the last 3 years runs at least one function-as-a-service in production in the cloud. “ 14
- FaaS 15
- Just code def handler_name(event, context): # implement logic return some_value 01. 02. 03. 16
- Just code? 17
- Built-in features Event system Logging and auditing Rate limits Auto-scaling Security controls Multiple versions Simplified deployment • • • • • • • 18
- Bought-in services Database-as-a-service Storage-as-a-service Messaging-as-a-service Function-as-a-service • • • • 19
- FaaS elements Function store Gateway (ingress, routing, certificates) Security Event bus GitOps experience • • • • • 20
- Patterns 21
- Strangler pattern You can always optimize and migrate slowly! 22
- Strangler pattern 23
- Platform 24
- Pattern: Cloud platform AWS GCP Azure IBM Cloud • • • • 25
- Pattern: Multi-vendor integration Cloudflare (Workers), Mailgun, MongoDB Atlas Airtable, AWS Lambda, Slack Amplitude, Aglolia, Akamai IFTTT, Google Sheets, Zeit (Vercel) Glitch, Firebase • • • • • 26
- Pattern: Hosted platform Custom built (Docker or Kubernetes-based) Kubeless OpenFaaS OpenWhisk • • • • 27
- Event 28
- Pattern: event-as-a-service 29
- Pattern: event-as-a-service HTTP call (browser call, web hook) Database event (DynamoDB, Firebase) Storage event (S3, GS) Queue/topic message (SQS, PubSub) Scheduled event (AWS Scheduled tasks, Google Scheduler) E-mail (Mailgun) • • • • • • 30
- Deployment 31
- Source: Lambda Trilogy 32
- Pattern: Single-purpose function 33
- Single-purpose function Small function that does one thing, does it only and does it well! 34
- Lambdalith (functionlith) 35
- Lambdalith Function implements several features, most likely responds to various endpoints. It may be a fully-blown web server. 36
- Function vs Service 37
- Function vs Service F: Fast to start, invoked on demand, uses limited resources, is not guarateed to preserve state. S: Always there (at least one instance), may have some long-living internal cache, background proceses, usually takes longer to start. 38
- Function vs Container 39
- AWS Fargate 40
- Google CloudRun 41
- On-prem/custom OpenFaaS Kubeless KNative • • • 42
- Pattern: Fat function 43
- Pattern: Fat function One code base, many (deployed) functions. 44
- Pattern: Routing function 45
- Pattern: Routing function Function is calling other functions (through event bus or through direct calls). 46
- Pattern: Routing function 47
- Pattern: Gateway Routing logic is delegated to a higher level service e.g. API Gateway or Event Bridge. 48
- Pattern: Step-functions 49
- Pattern: Configuration discovery 50
- Pattern: Configuration discovery C1: Baked into a function C2: Configuration manager (AWS SSM Parameter store/Secret Manager, Secrethub.io, ConfigMap) C3: Bucket (AWS S3, Google Cloud Storage) C4: DNS • • • • 51
- Pattern: Optimizing cold-start Optimizing cold-start times. 52
- Anti-pattern: Over-optimizing cold-start Over-optimizing cold-start times. 53
- Complex patterns/use cases 54
- Pattern: circuit breaker 55
- Pattern: backend API 56
- Pattern: ETL 57
- Use case: video processing 58
- Testing 59
- Pattern: simulated function environment AWS SAM Local Google Functions Framework • • 60
- Pattern: mocked cloud services Use code organization techniques to abstract/stub/mock your dependencies inside function logic. 61
- Pattern: log stream Standard output is your friend, take care of it. 62
- Pattern: tracing id FaaS environments contain extra context (like request id) that can be passed to logs or next invokations. 63
- AWS Lambda context 64
- Pattern: callback chat channel 65
- Pattern: callback chat channel Important business logic events can be sent to chat (debugging) channel. 66
- Example: callback channel 67
- Database 68
- Pattern: database-as-a-service D0: Custom server(s) with database software D1: Custom container(s) with database and persistent (Kubernetes, Helm, Kubedb) D2: Database server as a service (AWS RDS, MongoDB Atlas) D3: Scalable database as a service (AWS DynamoDB, Azure Cosmos, Google Firebase) • • • • 69
- Pattern: database-in-a-function Dataset is small enough (upto 100MBs) It is mostly read-only It changes infrequently (re-deploy) It does not affect cold start too much (upto 30 seconds) • • • • 70
- dev.tube 71
- Peak time 72
- Architecture Node.js/Typescript/Express/Vue.js GCP/Firebase GitHub • • • 73
- Architecture 74
- Price optimization Data is inside a function! HA database attached to public internet traffic is expensive! Load balancer is expensive! f1.micro with nginx was cheaper. Indexer runs once a day with some heuristics to not over-use YouTube API quota. • • • 75
- Security 76
- Security issues What if my hardware is vulnerable? (Meltdown and Spectre) What if my hypervisor is vulernable? What if my operating system is vulernable? (Heartbleed) What if my container engine is vulnerable? (CVE-2019-5736) What if my application is vulnerable? • • • • • 77
- Risk: injection attacks Replay attack? SQL injection? XSS? Input must be validated. 78
- Pattern: request signing Function expects that all incoming requests are signed (e.g. HMAC) to check that message content didn't change in transit. 79
- Risk: denial-of-payment Someone called your function so many times, you have to sell your house! 80
- Pattern: rate limiting API Gateway Limited concurrency • • 81
- Anti-pattern: recursive function call 82
- Risk: public function No authentication? Seriously? 83
- Pattern: security token Function expects known security token to be passed as a proof of trusted invoker. 84
- Pattern: platform authentication Function can only be invoked by authenticated user (AWS Cognito, Google IAM user). 85
- Conclusion It is servicefull! It is code! It is a mix of Dev and Ops! • • • 86
- Thank you! 87
- 10-12 March 2021 88
- 89
- Links I https://serverless.com/ https://cdkpatterns.com/ https://aws.amazon.com/blogs/architecture/updates-to-serverless- architectural-patterns-and-best-practices/ • • • 90
- Links II https://www.jeremydaly.com/serverless-microservice-patterns-for-aws/ https://www.youtube.com/watch?v=tHD3i06Z6gU https://www.youtube.com/watch?v=vuWiB3vNiHc https://www.simform.com/serverless-examples-aws-lambda-use- cases/ • • • • 91
Advertisement