how we run graphql apis in production on our own
play

How we run GraphQL APIs in production on our (own) Kubernetes - PowerPoint PPT Presentation

Nov 27, 2022 •434 likes •898 views

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux developer PSF contributing member CTO at Numberly Couldnt you have more buzz words in your talk title? Previous workflow and its limitations

  2. How we run GraphQL APIs in production on our (own) Kubernetes cluster @

  3. @ultrabug Gentoo Linux developer PSF contributing member CTO at Numberly

  4. Couldn’t you have more buzz words in your talk title?

  5. Previous workflow and its limitations

  6. Code repositories Configuration repositories Continuous Integration Code reviews

  7. Code repositories Configuration repositories Continuous Integration Code reviews YAML configuration file

  8. Code repositories Configuration repositories Continuous Integration Code reviews YAML configuration file

  9. Code repositories Configuration repositories Continuous Integration Code reviews YAML configuration file

  10. Code repositories Configuration repositories Continuous Integration Code reviews ansible YAML configuration file

  11. Code repositories SSL offloading Configuration repositories Continuous Integration Code reviews ansible YAML configuration file

  12. Code repositories SSL offloading Configuration repositories Continuous Integration Code reviews ansible YAML configuration file

  13. Why Kubernetes?

  14. ur own bare-metal Kubernetes cluster

  15. Methodology n o i t p o d g n a n e o r i t s i e l t r i o t a o t o r s t p e u t n p p l e e c u x m h s e e t u r d e n a c n t b o o a u d a e b r d i e e d r i t t t l c i s i s u e r o i W D D B F 1 2 3 4 5 3 4 5

  16. A bare-metal Kubernetes cluster? - Package it to deeply know what’s it’s made of and how it works - Automate installation, configuration, provisioning… everything!

  17. Developer-driven

  18. OpenID authentication Developer goes to internal kubeconfig URL ● Login using usual Google Suite account (openID) + free MFA (Yubikey) ● Download Kubeconfig ● Welcome to Kubernetes! ●

  19. Gitlab based authorization - Gitlab based RBAC + Pod Security Policy since day 1 - 1 namespace = 1 team - Open sourced gitlab2rbac: https://github.com/numberly/gitlab2rbac

  20. Cluster capabilities and choices - Gitlab registry for our Docker containers - Ensure only whitelisted images can be deployed - runAsNonRoot + strict Network Policies enforced - Ingress using nginx-ingress with fully automated LetsEncrypt certificate lifecycle - Multi-tenant cluster supporting all environments (production, staging, development) - Special “sandbox” namespace to test things: - No distributed persistent storage yet -

  21. A workflow-oriented documentation

  22. Foster and scale Kubernetes adoption We created an internal Kubernetes Certification To make sure that in every team someone can help with Kubernetes ● ● To help everyone identify who can support them when they need a Kubernetes expert To value the expertise of members of our teams ●

  23. T ke Away

  24. T ke Away Gitlab for RBAC and image registry + Kubernetes = gitlab2rbac ● Balance security vs freedom: not opposed all the time! ● Enforce security and QA rules from the start ● ○ TODO: work on admission controller to enforce whitelisted images only ● Ops concentrate on features that are immediately available to all devs TODO: automate F5 ingress SSL setup for public services ○ Practical and useful docs are key ● Spread expertise to foster and scale adoption ● ○ TODO: create more certification levels

  25. Our Kubernetized workflow

  26. Moved to k8s secrets Code repositories SSL offloading Configuration repositories Continuous Integration Code reviews ingress- Users roles = k8s RBAC Groups = k8s namespaces Docker image registry Needs Dockerfile YAML kubernetes deployment

  27. Let’s build a GraphQL app on Kubernetes!

  28. Demo app: Trello REST API to GraphQL GraphQL REST

  29. Demo app: Trello REST API to GraphQL GraphQL + = ? REST

  31. Demo app: Trello REST API to GraphQL GraphQL + REST

  32. Tartiflette main features Python 3.6+ ● Schema First (SDL) ● Built on AsyncIO ● aiohttp integration ● Embedded GraphiQL development web interface ● Tastes even better than it smells (AKA developer friendly) ●

  33. Schema Definition Language

  34. 1 GraphQL request = x REST requests These edges will resolve in multiple REST API calls 1 GraphQL call = multiple REST calls

  35. resolved edge with full objects 1x 2x 'idBoards': [ '5d1f33e746ea0a8020560465' , '5d1f341e82d5a37d0efb97b1' ]

  36. Show me some code: aiohttp app definition Resolver functions Generic SDL

  37. Show me some code: GraphQL resolvers Root query resolver Edge resolver

  38. #shipit

  39. Dockerfile: multi-stage build Full python3.7 build image Slim python3.7 run image

  40. Build + Image tag = git branch + Upload to Gitlab registry Git branch workflow ● development staging ● ● master + git tag = production

  41. To Kubernetes! Security Automated Let’s Encrypt SSL

  42. Quick demo

  44. T ke Away

  45. T ke Away GraphQL removes friction by normalizing how data is addressed between teams ● Schema Definition Language lets you concentrate on the data, not the code ● Tartiflette is a modern, fast and efficient way of doing Python + GraphQL ● Workflow for environment deployment based on git branches ● ○ TODO: challenge environment multi-tenancy of the cluster later ● Kubernetes secrets + environment variables to store and access secrets TODO: generalize vault ○ Kubectl is powerful: give that power to developers! ● ○ TODO: allow some abstraction tools when adoption is higher if needed

  46. Thanks! @ultrabug https://github.com/ultrabug/ep2019

Recommend

GRAPHQL Josh Price @joshprice STEPPING STONES TO FP Language (Elixir) Strongly-Typed APIs

GRAPHQL Josh Price @joshprice STEPPING STONES TO FP Language (Elixir) Strongly-Typed APIs

The Future of the Realtime Web BETTER APIS WITH GRAPHQL Josh Price @joshprice STEPPING STONES TO FP Language (Elixir) Strongly-Typed APIs (GraphQL) GRAPHQL WAS HERE? http://whiteafrican.com/2008/05/12/crossing-the-mapping-chasm/ A

1.31k views • 96 slides
GraphQL in Python and Django Patrick Arminio @patrick91 Who am I Patrick Arminio Backend

GraphQL in Python and Django Patrick Arminio @patrick91 Who am I Patrick Arminio Backend

GraphQL in Python and Django Patrick Arminio @patrick91 Who am I Patrick Arminio Backend Engineer @ Verve Chairperson at Python Italia @patrick91 online GraphQL? WEB 1.0 WEB 2.0 REST APIs While REST APIs are good, they

1.55k views • 131 slides
Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin

Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin

Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin JS @simona_cotin @simona_cotin @simona_cotin @simona_cotin a data-fetching API powerful enough to describe all of Facebook -Lee Byron

756 views • 60 slides
Developing GraphQL APIs in Django using Graphene By Nisarg Shah Nisarg Shah Crazy Developer

Developing GraphQL APIs in Django using Graphene By Nisarg Shah Nisarg Shah Crazy Developer

Developing GraphQL APIs in Django using Graphene By Nisarg Shah Nisarg Shah Crazy Developer HELLO! Undergrad CS Student Software Developer at Tweetozy Co-creator of CoursesAround CONNECT WITH ME! iamnisarg.in nisarg1499 nisargshah14

929 views • 40 slides
Defjning Property Graph Schemas using the GraphQL Schema Defjnitjon Language Olaf Hartjg

Defjning Property Graph Schemas using the GraphQL Schema Defjnitjon Language Olaf Hartjg

Defjning Property Graph Schemas using the GraphQL Schema Defjnitjon Language Olaf Hartjg @olafiartjg What is GraphQL? State-of-the art approach to create Web APIs to retrieve data for Web and mobile applications Alternative to the

470 views • 14 slides
Caching GraphQL: Approaches to automate caching data for GraphQL Tanmai Gopal | @tanmaigo

Caching GraphQL: Approaches to automate caching data for GraphQL Tanmai Gopal | @tanmaigo

Caching GraphQL: Approaches to automate caching data for GraphQL Tanmai Gopal | @tanmaigo Hasura GraphQL engine Instant realtime GraphQL on Postgres Connect to services & get a unified GraphQL API HASURA Runs as a docker container in

512 views • 19 slides
Serverless GraphQL Howdy! Im Jared Short Director of Innovation @ @shortjared GraphQL A

Serverless GraphQL Howdy! Im Jared Short Director of Innovation @ @shortjared GraphQL A

Serverless GraphQL Howdy! Im Jared Short Director of Innovation @ @shortjared GraphQL A query language for your API, and a runtime for executing the queries Why GraphQL One endpoint for your API Can provide an easy to understand

359 views • 35 slides
A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa!

A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa!

A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa! Tanmai Gopal @tanmaigo http://bit.ly/graphql-haskell Contents 1. The compiler approach 2. Compiler pipeline a. Parse b. GraphQL AST c.

467 views • 21 slides
GraphQL with Python frameworks GraphQL with Python frameworks Create next-generation API with

GraphQL with Python frameworks GraphQL with Python frameworks Create next-generation API with

27.09.2018 reveal.js GraphQL with Python frameworks GraphQL with Python frameworks Create next-generation API with ease Bartosz Kazua http://0.0.0.0:8080/?print-pdf 1/56 27.09.2018 reveal.js About About mua mua Frontend/Backend/Mobile

573 views • 56 slides
GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric

GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric

GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric Tanter Millennium Institute Foundational Research on Data Certified Programs and Proofs New Orleans, USA January 2020 GraphQL Clases de ctedra

640 views • 52 slides
Beyond REST: Courseras Journey to GraphQL Bryan Kane @bryanskane bryan-coursera

Beyond REST: Courseras Journey to GraphQL Bryan Kane @bryanskane bryan-coursera

Beyond REST: Courseras Journey to GraphQL Bryan Kane @bryanskane bryan-coursera Chapter One Site speed issues Chapter Two Intro to GraphQL Chapter Three Migrating to GraphQL Chapter Four Learnings and retrospective 4

1.1k views • 77 slides
HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA Authentication Authorization Federation GRAPHQL SUMMIT 2020 AUTH AUTHENTICATION AUTHORIZATION YOU ARE WHO YOU SAY YOU ARE YOU CAN DO WHAT YOU WANT

347 views • 23 slides
APIs 2015 Exploration and Production Winter Standards Meeting Emerging Technologies Branch

APIs 2015 Exploration and Production Winter Standards Meeting Emerging Technologies Branch

APIs 2015 Exploration and Production Winter Standards Meeting Emerging Technologies Branch Systems Reliability Section Evaluations 27 JAN 2015 BSEE: Mission To promote safety, protect the environment, and conserve resources offshore

218 views • 17 slides
Client-Server Communication with GraphQL Web Engineering , Guest lecture, 188.951 2VU SS20 Erik

Client-Server Communication with GraphQL Web Engineering , Guest lecture, 188.951 2VU SS20 Erik

Client-Server Communication with GraphQL Web Engineering , Guest lecture, 188.951 2VU SS20 Erik Wittern | erikwittern@gmail.com | @erikwittern | wittern.net May 18 th 2020 Learning goals What actually is GraphQL, and how came it about?

584 views • 26 slides
Semi-Automa+cally Modeling Web APIs to Create Linked APIs

Semi-Automa+cally Modeling Web APIs to Create Linked APIs

Semi-Automa+cally Modeling Web APIs to Create Linked APIs Mohsen Taheriyan, Craig A. Knoblock, Pedro Szekely, and Jose Luis Ambite USC Information

321 views • 28 slides
AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used

AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used

AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used by our faculty, our corporate mobile app users, corporate systems and students, the adoption rate is growing healthy at a steady rate. We are moving

452 views • 17 slides
APIs: Overdue or Overhyped? The Promise of APIs to Drive Interoperability Todays Speakers 2

APIs: Overdue or Overhyped? The Promise of APIs to Drive Interoperability Todays Speakers 2

1 APIs: Overdue or Overhyped? The Promise of APIs to Drive Interoperability Todays Speakers 2 Micky Tripathi Ryan Howells Kristen Valdes President & CEO Principal Founder & CEO Massachusetts eHealth Collaborative Leavitt

276 views • 8 slides
The current state of banking APIs Open APIs are high priority for financial institutions What are

The current state of banking APIs Open APIs are high priority for financial institutions What are

The current state of banking APIs Open APIs are high priority for financial institutions What are banks doing about it? How important are Open APIs to banks? 2 http://www.briansolis.com/2016/12/top-10-retail-banking-trends-predictions-2017/

449 views • 20 slides
STOR 390: APIs Marshall Markham Overview Intro to APIs Concept Steps to URI API Usage

STOR 390: APIs Marshall Markham Overview Intro to APIs Concept Steps to URI API Usage

STOR 390: APIs Marshall Markham Overview Intro to APIs Concept Steps to URI API Usage Google Maps Exercise What is an API API stands for Application Programming Interface Any body of code meant to be used by outside

476 views • 15 slides
www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read,

POSIX I/O High Performance Computing Extensions Brent Welch (Speaker) Panasas www.pdl.cmu.edu/posix/ December 14, 2005 APIs for HPC IO POSIX IO APIs (open, close, read, write, stat) have semantics that can make it hard to achieve high

674 views • 24 slides
Web APIs Web APIs Programming for Statistical Programming for Statistical Science Science

Web APIs Web APIs Programming for Statistical Programming for Statistical Science Science

Web APIs Web APIs Programming for Statistical Programming for Statistical Science Science Shawn Santo Shawn Santo 1 / 24 1 / 24 Supplementary materials Full video lecture available in Zoom Cloud Recordings Additional resources HTTP

609 views • 24 slides
API SHAPAVAL RAMAN 03.05.2017 What is the difference between traditional graphics APIs and new

API SHAPAVAL RAMAN 03.05.2017 What is the difference between traditional graphics APIs and new

API SHAPAVAL RAMAN 03.05.2017 What is the difference between traditional graphics APIs and new low-level APIs? High-level APIs like OpenGL are quite easy to use, because the developer declares what they want to do and how they want to do

634 views • 36 slides
Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs

Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs

Network impact of Web access to device APIs W3C Workshop on Security for Access to Device APIs from the Web December 10-11, 2008 Mat Ford http://www.isoc.org Background ISOC is focused on continued operation of the global Internet

512 views • 12 slides
or: Why Alg lgebraic May Be Better Than Pre/Post Intro Focus on abstract APIs, rather than

or: Why Alg lgebraic May Be Better Than Pre/Post Intro Focus on abstract APIs, rather than

Specification of of Generic APIs Is, or: Why Alg lgebraic May Be Better Than Pre/Post Intro Focus on abstract APIs, rather than dealing directly with concrete data structures. Semantics are more easily specied by relating the

654 views • 7 slides

More recommend