Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What's new in "serverless" on Google Cloud Plat...

What's new in "serverless" on Google Cloud Platform — MicroXchg Berlin 2019

Plenty of novelties in the Serverless offering of Google Cloud Platform, whether you’re developing functions, apps or containers.

Let’s get started with the new modern runtimes for the venerable Google App Engine, sandboxed thanks to the open source gVisor container sandboxing technology. Cloud Functions is now GA with Node.js, but also offers new languages like Python to let you implement your functions. If you need more flexibility, you will also be able to run serverless containers: just dockerize your project and off you go!

But the crux of the show has to be the new open source project, Knative, a collaboration of Google with key vendors like Pivotal, IBM, Red Hat or SAP, which offers a set of portable building blocks on top of Kubernetes to build serverless platforms. Additionally, you will be able to try out Knative on Google Kubernetes Engine thanks to a dedicated add-on.

In this session, we’ll review all the new serverless-related features of Google Cloud Platform with concrete demos, so you can get started easily and rapidly.

Guillaume Laforge

April 02, 2019
Tweet

More Decks by Guillaume Laforge

Other Decks in Programming

Transcript

  1. @glaforge What’s new in Serverless on Google Cloud Platform Guillaume

    Laforge @glaforge Developer Advocate Google Cloud
  2. @glaforge Machine Learning Cloud ML Platform Vision API Video Intelligence

    API Speech API Translate API NLP API Compute Compute Engine App Engine Kubernetes Engine Container Registry Cloud Functions Networking Cloud Virtual Network Cloud Load Balancing Cloud CDN Cloud Interconnect Cloud DNS Storage & Databases Cloud Storage Cloud Bigtable Cloud Datastore Cloud SQL Cloud Spanner Big Data BigQuery Cloud Dataflow Cloud Dataproc Cloud Dataprep Cloud Datalab Cloud Pub/Sub Genomics Management Stackdriver Overview Monitoring Logging Error Reporting Debugger Deployment Manager Developer Cloud SDK Deployment Manager Cloud Source Repositories Cloud Endpoints Cloud Tools for Android Studio Cloud Tools for IntelliJ Google Plugin for Eclipse Cloud Test Lab Cloud Container Builder Identity & Security Cloud IAM Cloud IAP Cloud KMS Cloud Resource Manager Cloud Security Scanner Cloud Platform Security Overview Panorama
  3. @glaforge Serverless model(s) Operational model Fully managed security Pay only

    for usage No servers Event-driven Open Service-based Programming model
  4. @glaforge Serverless operational spectrum Managed by your cloud Container orchestration

    (k8s) Not serverless for programming or ops Container focused Infra managed by you Hosted FaaS/compute Easiest dev experience Code focused Limited runtime options Managed by your team Serverless anywhere Knative / GKE serverless addon On prem or multi-cloud Code or containers Custom hardware (GPU, TPU, IoT, etc) Offline You manage infra Serverless containers Custom languages & runtimes Infra still cloud-managed
  5. @glaforge Serverless “compute” on Cloud Platform App Engine Standard Highly

    scalable, serverless web applications. Deploy and scale Applications that react to Requests Cloud Functions Event-driven serverless compute platform. Deploy and scale Functions that react to Events
  6. @glaforge Demo: Sharing pictures Event-driven logic Data storage User facing

    Frontend Web + API Admin app Picture files Picture metadata & most frequent tags Vision API annotations: Labels, color, filtering Via Pub/sub Compute most popular tags pic-a-daily.appspot.com
  7. @glaforge New idiomatic App Engine runtimes ◦ Node.js 8 (10

    in beta) ◦ Python 3.7 ◦ PHP 7.2 (beta) ◦ Go 1.11 (beta) ◦ Java 8 (11 in alpha)
  8. @glaforge ◦ General Availability with SLA ◦ Go, Node &

    Python ▪ Java soon! ◦ Security & scaling controls ◦ Environment Variables Cloud Functions
  9. @glaforge Go 1.11, vendor & module friendly package hello import

    ( "fmt" "net/http" ) func HelloWorld(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello, World!") } $ gcloud beta functions deploy hello --entry-point HelloWorld --runtime go111 --trigger-http
  10. @glaforge Node 8 with async / await const PubSub =

    require('@google-cloud/pubsub'); exports.helloPubSub = async (data, context) => { let ps = new PubSub(); try { const topicName = context.resource.name; const topic = ps.topic(topicName); const data = await topic.getMetadata(); const metadata = data[0]; console.log(`Metadata: ${JSON.stringify(metadata)}`); } catch(err) { console.error(err); } };
  11. @glaforge Environment variables $ gcloud beta functions deploy fnNAme --set-env-vars

    FOO=bar $ gcloud beta functions deploy fnNAme --env-vars-file .env.yaml --update-env-vars FOO=baz --remove-env-vars FOO --clear-env-vars
  12. @glaforge Function scaling control Limit scaling on a per-function basis

    Prevents DoSing resources with different scalability $ gcloud functions deploy --max-instances=100
  13. @glaforge Security controls Control access to function invocation using IAM

    • Developers • Other functions or GCP services • End-users using Google Sign-In Set IAM policies on individual functions Private by default
  14. @glaforge Security controls $ gcloud functions add-iam-policy-binding fnOne \ --member='allUsers'

    \ --role='roles/cloudfunctions.invoker' $ gcloud functions add-iam-policy-binding fnTwo \ --member='[email protected]' \ --role='roles/cloudfunctions.invoker'
  15. @glaforge Per function identities By default, all functions share the

    same identity Identity can be set on a per-function basis to provide least privilege access
  16. @glaforge Per function identities $ gcloud iam service-accounts create fnOne

    $ gcloud iam service-accounts add-iam-policy-binding \ [email protected] \ --member='serviceAccount:[email protected]' \ --role='roles/cloudfunctions.invoker' $ gcloud functions deploy fnOne \ --service-account [email protected]
  17. @glaforge Per function identities $ gcloud iam service-accounts create fnTwo

    $ gcloud iam service-accounts add-iam-policy-binding \ [email protected] \ --member='serviceAccount:[email protected]' \ --role='roles/cloudsql.client' $ gcloud functions deploy fnTwo \ --service-account [email protected]
  18. @glaforge Cloud Tasks • Manage distributed task queues • Decouple

    and scale microservices • Manage resource consumption • Handle releases gracefully Sign up: http://bit.ly/tasks-signup New!
  19. @glaforge Cloud Scheduler • Enterprise grade cron job scheduler •

    Schedule batch, big data jobs, cloud infra ops... ◦ Invoke Cloud Functions over HTTPS or Pub/Sub ◦ Invoke App Engine on a relative url handler • Manage all your jobs from one place Sign up: http://bit.ly/sched-signup New!
  20. @glaforge Everything at Google runs in containers: Gmail, Web Search,

    Maps, ... MapReduce, batch, ... GFS, Colossus, ... Even GCE itself: VMs in containers Google launches 4 billion containers per week.
  21. @glaforge Serverless operational spectrum Managed by your cloud Container orchestration

    (k8s) Not serverless for programming or ops Container focused Infra managed by you Hosted FaaS/compute Easiest dev experience Code focused Limited runtime options Managed by your team Serverless anywhere Knative / GKE serverless addon On prem or multi-cloud Code or containers Custom hardware (GPU, TPU, IoT, etc) Offline You manage infra Serverless containers Custom languages & runtimes Infra still cloud-managed New!
  22. @glaforge New: serverless containers on GCF (EAP) Serverless containers on

    Cloud Functions Provide arbitrary container images and run them "serverlessly" • Takes a pre-built Docker image • Use arbitrary system libraries • Use arbitrary language runtime • Same serverless execution environment ◦ Stateless, event-driven, auto-scaling ◦ No servers ◦ Pay only while code runs
  23. @glaforge Serverless containers Fully managed BYO workloads Pay for use

    & stateless New: serverless containers on GCF (EAP) Sign up: g.co/serverlesscontainers
  24. @glaforge Serverless operational spectrum Managed by your cloud Container orchestration

    (k8s) Not serverless for programming or ops Container focused Infra managed by you Hosted FaaS/compute Easiest dev experience Code focused Limited runtime options Managed by your team Serverless containers Custom languages & runtimes Infra still cloud-managed Serverless anywhere Knative / GKE serverless addon On prem or multi-cloud Code or containers Custom hardware (GPU, TPU, IoT, etc) Offline You manage infra New!
  25. @glaforge Knative isn't... • An open source FaaS developer-facing product

    • A product, It's primitives • The right solution for everyone ◦ The audience is more the ops building & running their own serverless platform for the developers
  26. @glaforge GKE serverless add-on — Knative on GKE GKE serverless

    add-on Request early access today at g.co/serverlessaddon
  27. @glaforge Q & A cloud.google.com/serverless App Engine Java 11 alpha

    goo.gl/b8N7L2 Knative github.com/knative GKE serverless add-on (sign-up) g.co/serverlessaddon Containers on Cloud Functions (sign-up) g.co/serverlesscontainers
  28. @glaforge Thank you! cloud.google.com/serverless App Engine Java 11 alpha goo.gl/b8N7L2

    Knative github.com/knative GKE serverless add-on (sign-up) g.co/serverlessaddon Containers on Cloud Functions (sign-up) g.co/serverlesscontainers