Deep Dive: CNCF Serverless WG/ CloudEvents
Agenda • CloudEvents demo • Deployment pipeline • CloudEvents best practices
Demo Vlad Ionescu, Independent
Ownzones 75 cloud e 75 c engineers wi with 100+ years s of accumulated exp xperience AB ABOUT Cl Cloud-ba base sed d vide deo suppl supply cha hain n so solut utions ns OW OWNZO ZONES pr provide ded d with h di disr srup uptive “pa pay-as as-yo you-go go” model Co Component-ba base sed vid video-wo workflow system OWNZONES OW PA PARTNERS
Ownzones PR PRODUCTS TS DI DIGITAL SUPPLY CHAIN SOLUTION OW OWNZO ZONES CONNECT CO Ge Get fu full ll control l of f your dig igit ital al supply ly chain ain. § Me Media logisti tics § Wo Workflow automation § St Studio in the cloud
Ownzones PR PRODUCTS TS REACH AND RE D MONETIZATION OWNZO OW ZONES DISCOVER DIS Cu Customizable, sc scalable turnkey y wh white label OT OTT platform. § Ri Rich CMS MS § Bu Built-in in customiz mizatio ion tools ls § “Click-to “C to-de depl ploy” rapi pid d appl pplication n de depl ployment system
Ownzones PR PRODUCTS TS AI-PO AI POWERED DIGITA TAL SUPPL PPLY CHAIN SOLUTI TION OW OWNZO ZONES FRAME D FR DNA Improve Imp e an and au automa mate e your supply ly chain ain. § AI-ba AI base sed d tool withi hin n Conne nnect § Reduction in manual work Re § Massive cost Ma t savings
Ownzones • Startup • Focus on reliability
Deployment pipeline • Observable • Compliant • Fast • Scalable
Deployment pipeline Feature speci fi c SQS Feature speci fi c SQS GitHub events SNS Feature speci fi c SQS
Deployment pipeline Feature speci fi c SQS Feature speci fi c SQS CircleCI events SNS Feature speci fi c SQS
Deployment pipeline CircleCI events SNS GitHub events SNS AWS Lambda AWS Lambda AWS Lambda AutoDeploy AWS Lambda DynamoDB Stream Amazon Elastic Container SNS DynamoDB Service for Kubernetes
Deployment pipeline - DynamoDB CircleCI events SNS GitHub events SNS AWS Lambda AWS Lambda AWS Lambda AutoDeploy AWS Lambda DynamoDB Stream Amazon Elastic Container SNS DynamoDB Service for Kubernetes
Deployment pipeline - DynamoDB CircleCI events SNS GitHub events SNS AWS Lambda AWS Lambda AWS Lambda AutoDeploy AWS Lambda DynamoDB Stream Amazon Elastic Container SNS DynamoDB Service for Kubernetes
Deployment pipeline - DynamoDB CircleCI events SNS GitHub events SNS AWS Lambda AWS Lambda AWS Lambda AutoDeploy AWS Lambda DynamoDB Stream Amazon Elastic Container SNS DynamoDB Service for Kubernetes
Deployment pipeline - DynamoDB CircleCI events SNS GitHub events SNS AWS Lambda AWS Lambda AWS Lambda AutoDeploy AWS Lambda DynamoDB Stream Amazon Elastic Container SNS DynamoDB Service for Kubernetes
Deployment pipeline Amazon API Gateway CircleCI events AWS Lambda GitHub events SNS SNS Automation CircleCI Automation GitHub SQS SQS AWS Lambda AWS Lambda AutoDeploy AWS Lambda DynamoDB Stream AWS Lambda Amazon Elastic Container SNS DynamoDB Service for Kubernetes
Event design
Event design
Event design
Event design
Event design
Demo time? • Special thanks: • Ileana Andreea Preda • Queue for demo
Demo
CloudEvents experience • Simplified design process • Encoding/ decoding are taken care of • SDKs • Sane defaults • Does not restrict data in any way!
CloudEvents experience CloudEvents They’re here, they’re boring, use them!
CloudEvents experience But…
Architectural considerations Clemens Vasters, Microsoft
CloudEvents is Eventing • Carry facts: “Something happened” • Publish/subscribe distribution P I • Subscribe at source or distributor P I • Some publish/subscribe principles: Inter- Inter- Pub- medi- medi- ce ce • Publishers don’t know/care who will lisher ary ary subscribe or is currently subscribed P I ce ce ce • Subscribers might tap into single- sourced or consolidated event streams Sub- Sub- Sub- scriber scriber scriber • Event flow is unidirectional • network or disk • one or more routing intermediaries • radio broadcast • …
Eventing vs. Messaging • Events and messages are both mailing envelopes for data, decorated by metadata – but they are different. • Events carry facts. They report things that have happened. • State transitions, observed conditions, objects having been created, … • Messages carry intents. The sender expects something to happen. • Command execution, job handling, workflow progress, … • Events are published as an information option for interested subscribers. Audience size may be zero or many. • Messages are directed to handlers. There may be delivery and handling status feedback, replies, conversations, or complex control flows like Workflows and Sagas. Audience size is often one handler per message.
Attributes CloudEvents does not define • “to” • There’s no “to” attribute because events aren’t aimed at and routed to a specific consumer. Subscribers get to decide which events they pick. • “reply-to” • There’s no “reply-to” attribute because events aren’t job assignments that ought to require a reply and because a subscriber can’t be expected to be capable of reaching any given reply destination • “topic” / “queue” • CloudEvents defines the origin context as “source”, but does not include the name of any specific intermediary construct in the event metadata because events might travel through multiple intermediary hops
Things that are harder than they appear Signatures Symmetric: Who holds the signing keys? Asymmetric: Who distributes the verification keys? Whose directory/directories/vaults is the subscriber trusting? Which subscribers does a directory/vault grant access? How/when does who rotate signing keys? How do subscribers know? How to keep track of key history (archived events, events in logs)? End-to-End Encryption Same as above but with encryption keys Encrypting/signing multicast datagrams doesn’t allow for peer-to-peer session keys, which means that “master” keys must be rotated far more frequently than when those are only used for session-key exchange Hardest: Agree on ONE WAY OF DOING ALL THIS: APIs, Algos, Hints, Versioning
Recommend
More recommend