SERVICEFULL - GeekWire...management, Secret rotation, On-call schedule, Configuration management,...
Transcript of SERVICEFULL - GeekWire...management, Secret rotation, On-call schedule, Configuration management,...
SERVICEFULL Using Serverless to Build Servicefull Applications
Matt Weagle Director of Infrastructure
ShiftLeft, Inc.
TIME
Unknown Dependencies
Unplanned Work
Conflicting Priorities
Neglected Work
Time Thieves
Too Much WIP
10
Software Delivery Performance Metrics
deployfrequencylead/memean/metorestorechangefailpercentage
Deploy Frequency
Lead Time
Mean Time to Restore
Change/Fail Percentage
11
Characteristics of High Performing Teams
Loosely coupled systems
Experimentation & adjustment
WIP limits with shared visualization & feedback loops
Frequent deployments, short-lived branches
Security best handled by shifting left
12
Accelerate Forsgren, Humble, & Kim
“Software delivery performance predicts organizational performance and noncommercial performance.”
Microservices!
Service Boundaries
Even a small number of services requires an ongoing operational resource commitment that must scale sublinearly.
Minimum Expected Commitment
16
Concerns for a Single Service
ConcernsforaSingleService-SeanTreadway
Service name, Programming language(s), Programming paradigm(s), Architectural choices, Integration pattern(s), Transport protocols, Authentication, Authorization, Reporting, ETLs, Databases, Caching, Platform libraries, Service dependencies, CI pipeline dependencies, 3rd party library dependencies, 3rd party service dependencies, Security threat model, License audit, Compliance audit, Capacity plan, Provisioning plan, Cost reporting plan, Monitoring plan, Maintenance process, Backup and restore process, Secret management, Secret rotation, On-call schedule, Configuration management, Workflow management, Alerts, Log aggregation, Unhandled failure aggregation, Operations and incident response runbooks, API documentation, Source code repository, Humane service registry, Service discovery registry, Distributed tracing registry, Monitoring dashboard registry, Build artifact repository, CI pipeline(s): build, test, publish, Integration tests, Contract tests, Canary, Deploy, Post-deploy tests
FOCUS
18
Building Up
19
Cloud Materials
SERVICEFULL Serverless + Cloud Services
Serverless Development Tooling
https://gosparta.io/
CONFIG < CODE
X-Ray CloudWatch
Polly
SSM
Bucket
Website
Comprehend
Presigned S3 URL
Rekognition API Gateway
1
4
3
2
Architecture
Define Lambda Function func (gws *ServicefulService) s3GetPresignedURLLambda(ctx context.Context, apigRequest spartaEvents.APIGatewayRequest) (*presignedResponse, error) { objectPath := fmt.Sprintf("%s/%s",
gws.connections.S3KeyspaceUploads, lambdaContext.AwsRequestID)
putObjectInput := &s3.PutObjectInput{ Bucket: aws.String(s3Resource.ResourceRef), Key: aws.String(objectPath), } presignedReq, _ := s3svc.PutObjectRequest(putObjectInput) url, err := presignedReq.Presign(5 * time.Minute) if nil != err { return nil, err } return &presignedResponse{ PresignedURL: url, }, nil }
Define Lambda Options func (gws *ServicefulService) newS3PresignedPutItemLambda(api *sparta.API)
*sparta.LambdaAWSInfo { // Register lambdaFn := sparta.HandleAWSLambda("PresignedURLProvider", gws.s3GetPresignedURLLambda, sparta.IAMRoleDefinition{}) // IAM lambdaFn.RoleDefinition.Privileges = gws.bucketGetPutPrivileges() // X-Ray lambdaFn.Options.TracingConfig = &gocf.LambdaFunctionTracingConfig{ Mode: gocf.String("Active"), } // API Gateway apiMethod, apiMethodErr := apiGatewayResource.NewMethod("GET", http.StatusOK, http.StatusInternalServerError) … }
Define Lambda Triggers
// IAM Role privileges lambdaFn.RoleDefinition.Privileges =
gws.bucketGetPutPrivileges("polly:SynthesizeSpeech") // Event Triggers lambdaFn.Permissions = append(lambdaFn.Permissions, gws.s3NotificationPrefixBasedPermission(gws.connections.S3KeyPrefix))
Define Service
lambdaFunctions := service.New(connections, apiGateway) stackName := spartaCF.UserScopedStackName("SpartaGeekwire") sparta.MainEx(stackName, fmt.Sprintf("GeekWire service combines S3 with multiple AWS Services"), lambdaFunctions, apiGateway, s3Site, workflowHooks(connections, lambdaFunctions), false)
Provision go run main.go provision --s3Bucket MY_BUCKET
Inline ReactJS build
Deploy ~2 minutes
$ gocloc . ------------------------------------------------------------------------------- Language files blank comment code ------------------------------------------------------------------------------- HTML 2 5991 1707 58556 JSON 5 0 0 13196 JavaScript 9 320 557 813 Go 8 102 179 694 YAML 2 50 1 141 Markdown 15 23 0 66 Makefile 1 11 0 25 BASH 2 1 0 5 Sass 1 0 0 1 ------------------------------------------------------------------------------- TOTAL 45 6498 2444 73497 -------------------------------------------------------------------------------
h@ps://github.com/hha@o/gocloc
Statistics
Azure Machine Learning
Cosmos DB Cloud Functions
AWS Step Functions AWS Athena
Servicefull Landscape
Servicefull in Production
TAKEAWAYS
Loose coupling
Shifted operational responsibilities
Fine-grained access controls
More financial transparency
Incredibly rich landscape
Servicefull Merits
Come for the Resiliency
Stay for the Focus
Enjoy the View
36#WOCinTech
Build something Servicefull! Build something Awesome!
SERVICEFULL Using Serverless to Build Servicefull Applications
Matt Weagle Director of Infrastructure
ShiftLeft, Inc.
Get In Touch @mweagle �
https://www.linkedin.com/in/mweagle/ �
�Serverless Forum Slack, Gophers Slack
Matt Weagle
Discussion