Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Microservices on Fastly
Search
Ryo yasuda
October 17, 2017
22k
42
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Microservices on Fastly
Ryo yasuda
October 17, 2017
More Decks by Ryo yasuda
See All by Ryo yasuda
GKE+Istio+GitOpsで作る日経電子版の次世代マイクロサービス基盤
ryysd
3
2.2k
Microservices on Fastly v1.1
ryysd
2
1.2k
日経電子版へのPWA導入事例
ryysd
1
390
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
698
190k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
Building an army of robots
kneath
306
46k
Scaling GitHub
holman
464
140k
How to Talk to Developers About Accessibility
jct
2
280
Balancing Empowerment & Direction
lara
6
1.2k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
11k
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
123
22k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
30 Presentation Tips
portentint
PRO
1
340
Why Our Code Smells
bkeepers
PRO
340
58k
Transcript
Microservices on Fastly ຊܦࡁ৽ฉࣾ ҆ా ཽ 'BTUMZ :BNBHPZB .FFUVQ
ࣗݾհ ҆ా ཽ (ͩ͢ Γΐ͏) 2015: NTTݚڀॴ ೖࣾ - ίϯςφܕԾԽٕज़ؔ࿈ͷݚڀΛ͢Δ༧ఆͩͬͨ
2016: ຊܦࡁ৽ฉࣾ ೖࣾ - ܦిࢠ൛ϦχϡʔΞϧ൛ ։ൃϝϯόʔ - ϑϩϯτΤϯυɾόοΫΤϯυɾAWSɾFastlyͷઃఆॾʑ୲
ܦిࢠ൛ ຖ900ຊͷهࣄΛ৴ ༗ྉձһ54ສਓҎ্ɾແྉձһ300ສਓҎ্ ݄ؒ3ԯΞΫηε
ܦిࢠ൛ ϦχϡʔΞϧ ϓϩδΣΫτ (Next Nikkei) UI/UXվળ (PWAԽɾϨεϙϯγϒԽ) Խ FastlyɾMicroservicesΞʔΩςΫνϟͷར༻
Microservicesͱ Auth Service DB Service Ranking Service Search Service web
iOS App γεςϜΛෳͷখ͞ͳαʔϏεͷू߹Ͱߏ͢ΔΞʔΩςΫνϟ API
Microservicesͱ ServiceA ServiceB ServiceC ServiceD Service Registry ֤αʔϏεͷใཧϔϧενΣοΫ ϦΫΤετઌαʔϏεͷใऔಘ ϦΫΤετͷૹ৴
αʔϏεؒΛܨ͙ͨΊʹɺService RegistryͳͲΛ༻͍Δ
FastlyΛͬͨMicroservices ServiceB ServiceC ɾFastlyͰService RegistryΛ༻ ɾશϦΫΤετ͕Fastlyܦ༝ ɾFastly͕ϦΫΤετΛϧʔςΟϯά ServiceA ServiceC
Ωϟογϡͷू ServiceB ServiceC ServiceD ɾΩϟογϡ͕'BTUMZʹूͰ͖Δ Ωϟογϡ ServiceA
Ωϟογϡͷू ServiceB ServiceC ServiceD ɾΩϟογϡ͕'BTUMZʹूͰ͖Δ ෳͷαʔϏεɾϨΠϠʹࢄ͠ͳ͍ Ωϟογϡ ServiceA
Ωϟογϡͷू ServiceB ServiceC ServiceD ɾΩϟογϡ͕'BTUMZʹूͰ͖Δ ෳͷαʔϏεɾϨΠϠʹࢄ͠ͳ͍ QVSHF͢Δ͚ͩͰ*OWBMJEBUJPOՄೳ Ωϟογϡ ServiceA
Ωϟογϡͷू ServiceB ServiceC Ωϟογϡ ServiceD ServiceA ɾΩϟογϡ͕'BTUMZʹूͰ͖Δ ෳͷαʔϏεɾϨΠϠʹࢄ͠ͳ͍ QVSHF͢Δ͚ͩͰ*OWBMJEBUJPOՄೳ োൃੜ࣌ʹٴΛ͛Δ
ServiceB͕ࢮΜͰΩϟογϡΛͬͯՔಇ
Ωϟογϡͷू ServiceB ServiceC Ωϟογϡ ServiceD ServiceA ɾΩϟογϡ͕'BTUMZʹूͰ͖Δ ෳͷαʔϏεɾϨΠϠʹࢄ͠ͳ͍ QVSHF͢Δ͚ͩͰ*OWBMJEBUJPOՄೳ োൃੜ࣌ʹٴΛ͛Δ
Next NikkeiͰ·ͩαʔϏε͝ͱʹΩϟογϡΛͬͯ ͠·͍ͬͯΔ࣮͕ଟʑ͋Δ͕…
ϩΪϯάɾϞχλϦϯά ServiceB ServiceC ServiceD ɾϩΪϯά શϦΫΤετͷϞχλϦϯάͰ͖Δ Ωϟογϡ ServiceA ϩΪϯά
ϩΪϯάɾϞχλϦϯά Real Time Log Streaming request url status code response
size taken time cache HIT/MISS ... αʔϏε
ϩΪϯάɾϞχλϦϯά – kibanaͰՄࢹԽ ֤αʔϏεͷΞΫηεྔ Τϥʔ ֤ϦΫΤετͷstatus code ֤αʔϏεͷฏۉϨεϙϯελΠϜ
ϩΪϯάɾϞχλϦϯά - ΩϟογϡώοτՄࢹԽ ֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ Ϣʔβछผ͝ͱͷΩϟογϡώοτ (هࣄϖʔδ) ༗ྉձһ ແྉձһ ඇձһ
ϩΪϯάɾϞχλϦϯά – ಠࣗdashboards ֤αʔϏεͷΩϟογϡώοτͳͲΛνΣοΫ
ೝՄ ServiceB ServiceC ServiceD ɾ'BTUMZ্ͰೝՄΛ࣮ ֤αʔϏεʹ࣮͠ͳͯ͘ྑ͍ Ωϟογϡώοτ্͕Δ Ωϟογϡ ೝՄ ServiceA
ϩΪϯά
ೝՄͷඞཁͳίϯςϯπͷΩϟογϡ هࣄϖʔδ /article/123 Cookie: Auth=a124b5... OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ ϢʔβͷݖݶʹΑͬͯ ίϯςϯπมΘΔ
ೝՄͷඞཁͳίϯςϯπͷΩϟογϡ هࣄϖʔδ /article/123 Cookie: Auth=a124b5… Cache-control: no-cache, no-store Cookie: Auth=a124b5...
OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
ೝՄͷඞཁͳίϯςϯπͷΩϟογϡ هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank: paid Ϩεϙϯεϔομ Vary:
User-Rank Cookie: Auth=a124b5... ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ
ೝՄͷඞཁͳίϯςϯπͷΩϟογϡ هࣄϖʔδ /article/123 ϦΫΤετϔομ User-ID: 98765 User-Rank: paid Ϩεϙϯεϔομ Vary:
User-Rank Cookie: Auth=a124b5... ೝূΫοΩʔͷ decodeɾvalidate OAuth2ೝূͰಘΒΕͨ JWTτʔΫϯ User-Rank͝ͱʹΩϟογϡ͚ ΔΑ͏CDNʹ໋ྩ
ೝՄͷඞཁͳίϯςϯπͷΩϟογϡώοτ Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ ϩάΠϯϢʔβʹରͯ͠ΩϟογϡͰ͖ͯΔ ඇձһ ༗ྉձһ ແྉձһ
VCL ࣮ྫ
ϧʔςΟϯά Top Article API Assets /article/123 Path Based Routing
backends.vcl routing.vcl ϧʔςΟϯά - VCL backend article { .host: "article.xx.jp";
.port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
[ { "name": "article", "path": "/article/.+", "host": "article.xx.jp", "ssl": true
} … ] services.json backends.vcl routing.vcl શαʔϏεͷఆٛϑΝΠϧ ͲΜͳαʔϏεɺϧʔτ͕͋Δ ͔ͻͱͰΘ͔Δ ϧʔςΟϯά - VCLࣗಈੜ backend article { .host: "article.xx.jp"; .port: 443 .ssl: true } ... if (req.url ~ "/article/.+") { req.backend = article; } ... vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl
μΠφϛοΫϧʔςΟϯά Top Article API Routing-Override: API-> API-dev ϦΫΤετϔομ API-dev ϦΫΤετϔομͰϧʔςΟϯάΛ
ಈతʹมߋ Ұ෦ͷαʔϏεΛ։ൃதͷͷʹ ࠩ͠ସ͑ΒΕΔ
োͷٴΛ͙ if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") { set beresp.stale_if_error = 86400s;
} ϦΫΤετʹࣦഊͯ͠ɺࢦఆ͞ΕͨظؒΩϟογϡΛར༻͢Δ Next NikkeiͰɺstale-if-errorΛࣗಈͰ༩ αʔϏε͕ࢮΜͰɺΩϟογϡ͕͋Ε͠Β͘ίϯςϯπΛฦͤΔ stale-if-error
Fastly্ͰͷೝՄ - VCL ೝূΫοΩʔ(JWTܗࣜ): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4 gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ ɾΫοΩʔऔಘ: req.http.Cookie:Auth ɾJWTτʔΫϯղ: regsub(req.http.Cookie.Auth,
" (^[^.]+).[^.]+.[^.]+$ ", "$1") ɾBase64σίʔυ: digest.base64_decode ɾJWTγάωνϟݕূ: digest.hmac_sha256_base64() ɾreq.http.Nikkei-Auth-UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");
Fastly্ͰͷೝՄ – VCL if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") { set req.http.Auth-Valid
= "false"; } set var.base64Header = re.group.1; set var.base64Payload = re.group.2; set var.signature = digest.base64url_decode(re.group.3); set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "." var.base64Payload)); set var.payload = digest.base64_decode(var.base64Payload); set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1"); # γάωνϟͷਖ਼ੑͱ༗ޮظݶͷ֬ೝ if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) { set req.http.Auth-Valid = "false"; } # payload͔ΒݖݶใͳͲΛநग़ req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");
ϩΪϯάɾϞχλϦϯά - VCL sub vcl_log { log {"syslog "} req.service_id
{" fastly-log :: "} {" timestamp_us:"} time.start.usec {" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "") {" upstream_host:"} regsuball(req.http.Host, {" "}, "") {" remote_addr:"} client.ip {" method:"} req.request {" fastly_x_cache:"} req.http.X-Cache {" fastly_x_cache_hits:"} req.http.X-Cache-Hits {" user_id:"} req.http.User-ID {" user_rank:"} req.http.User-Rank; … } LTSVܗࣜͰͷϩάग़ྗྫ
FastlyΛͬͨMicroservices ·ͱΊ ✔ Service Registry͕ෆཁ ✔ Cache͕Fastlyʹू͞ΕInvalidation؆୯ ✔ োൃੜ࣌ʹٴΛ͛Δ ✔
؆୯ͳϞχλϦϯάೝՄ࣮ݱͰ͖Δ ✔ μΠφϛοΫϧʔςΟϯάͰ։ൃָ͕ʹͳΔ
͋Γ͕ͱ͏͍͟͝·ͨ͠