Upgrade to Pro — share decks privately, control downloads, hide ads and more …

sake-game-gcp-5.pdf

Avatar for Hiroyoshi HOUCHI Hiroyoshi HOUCHI
February 20, 2017
0
120

 sake-game-gcp-5.pdf

Avatar for Hiroyoshi HOUCHI

Hiroyoshi HOUCHI

February 20, 2017
Tweet

More Decks by Hiroyoshi HOUCHI

See All by Hiroyoshi HOUCHI
aws-dev-day-2020-f9-cdk-bestpractice
Avatar for Hiroyoshi HOUCHI hixi
0
320
CDK 利用者から見る CDK
Avatar for Hiroyoshi HOUCHI hixi
3
1.1k
ITS を支える
情報集約基盤
アーキテクチャ / ITS Tech Study #02
Avatar for Hiroyoshi HOUCHI hixi
1
820
SIerIoT vol.7
Avatar for Hiroyoshi HOUCHI hixi
1
580
AWS IoT を用いた DeNA オートモーティブアーキテクチャ / DeNA Techcon 2018 Houchi Hiroyoshi
Avatar for Hiroyoshi HOUCHI hixi
1
34k
appengine-ja-night-35.pdf
Avatar for Hiroyoshi HOUCHI hixi
0
120

Featured

See All Featured
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
1.9k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Visualization
Avatar for Eitan Lees eitanlees
146
16k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.6k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
1k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.9k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.5k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
37
2.8k

Transcript

  1. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Hiroyoshi HOUCHI System

    Development Dept. Open Platform Business Unit
 DeNA Co., Ltd. "OE"QQͰݟΔ("& Λ༻͍ͨαʔόϨε .JDSPTFSWJDFT ञͱήʔϜͱΠϯϑϥͱ($1 1

  2. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ 2

  3. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ ์஍޺Ղ ⁃

    @hixi_hyi ͱ͔ hixi ͱ͔ͷ HN ࢖ͬͯ·͢ ॴଐ౳ʑ ⁃ גࣜձࣾDeNA
 ΦʔϓϯϓϥοτϑΥʔϜࣄۀຊ෦γεςϜ։ൃ෦ ⁃ 4೥ؒϓϥοτϑΥʔϜ։ൃऀ 3

  4. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࠓ೔ͷ࿩͢಺༰ GAE Λ༻͍ͨαʔόϨε/Microservices

    AndApp ֓ཁ Why GAE ? Microservices on GAE (௨৴͋ͨΓͷ࿩) 4

  5. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp 5

  6. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ⁃ DeNA

    ͕ఏڙ͢Δ PC ޲͚ϓϥοτϑΥʔϜ - ̍ͭͷΞϓϦΛ֎Ͱ͸εϚϗɺՈͰ͸ PC Ͱ ⁃ ଓʑͱΞϓϦϦϦʔεΕͯ·͢ͷͰੋඇ͓ࢼ͍ͩ͘͠͞ - https://www.andapp.jp/ 6

  7. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ 7

    Portal  Web Cer,ficate Client User Token Connect Product Transac,on Dashboard No,fica,on Payment Accoun,ng CrashReport Applica,on Adver,sement Analy,cs Generic  Token Metadata Signer OPE Sta,c  Resource  Proxy Google  Front  End RESTful  API  on  Microservices  on  GAE

  8. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ API

    ͸͢΂ͯ RESTful Ͱͷ࣮૷ ͦΕͧΕͷ service ͕Ϧιʔεʹର͢Δૢ࡞Λ୲౰ Ϧιʔεʹର͢Δૢ࡞͸͢΂ͯɺ୲౰ͷ service ʹҠৡ e.g. Application API ͸ Application ৘ใΛ·ͱΊͯ؅ཧɻ
 PortalSite ͸ Application API ʹ RESTful API ͰΞΫηεɻ
 PortalSite ͸ͦͷσʔλΛ͍͍ײ͡ͷ UI ʹม׵ͯ͠ग़ྗ 8

  9. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲ ͢΂ͯͷσΟϕϩού(ΞϓϦέʔγϣϯ)ͷϦΫΤετ Λ͞͹͕͘ɺ

    Namespace API Λ࢖ͬͨϚϧνςφϯ γʔͰ͸ͳ͍ BaaS ͱ͸ҟͳΓɺϓϥοτϑΥʔϜͷϦιʔεͱ֤ΞϓϦͷϦιʔε͕ࠞ ࡏ͢ΔͨΊ ήʔϜͳͲͰ͸ RESTful API Ͱ͸ͳ͘ɺ୯७ͳ API / JSON-RPC API ͳͲͷ΄͏͕਌࿨ੑ͕ߴ͍(ͱࢥΘΕΔ) ϨΠςϯγ࡟ݮ΍·ͱ·ͬͨॲཧͳͲ͸ RESTful (ͷݪଇʹ৐ͬऔΔͱ)࣮ݱ ग़དྷͳ͍ɻ΋ͪΖΜ RESTful API ͷલஈʹ Cloud Endpoint ͷΑ͏ͳ΋ͷΛ ஔ͘ͷ͸͋Γɻ 9

  10. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲2 Basic Scaling

    (appengine ja night #35ͷ࣌ظ)
 → Automatic Scaling ʹҠߦத ͪͳΈʹ Basic Scaling ʹͯͨ͠ཧ༝͸Ϋϥ΢υͳΒͰ͸ͷʮ͓͕͍ۚ͘Β ͔͔Δ͔Θ͔Βͳ͍ʯ͕ා͔͔ͬͨΒɻ
 ͕ɺ͓ۚͷݟੵ΋Γ͕ग़དྷͨͷͰ Automatic ͷ΄͏͕ྑͦ͞͏ͩΑͶʔͱɻ ͪͳΈʹݟੵ΋ΓΑΓ΋҆͘ͳͬͨ΋ͷͷɺ
 Ұ൪ΠϯύΫτσΧ͔ͬͨͷ͸௨৴ྉͩͬͨɻ 10

  11. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why GAE ?

    11

  12. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on ΦϯϓϨ

    ͷߏ੒ NOT Immutable infrastructure αʔόࣗମ͕ঢ়ଶΛอ࣋ αʔόʹରͯ͠ rsync (or pull) Ͱ্ॻ͖͢ΔϦϦʔεखஈ 1 αʔόʹରͯ͠ෳ਺ͷ service ͕Քಇ ো֐ൣғͷݶఆ͕Ͱ͖ͳ͘ͳΔ΋ɺίετ࡟ݮʹޮՌ͋Γ ༨৒Ϧιʔε αʔόࣗମͷௐୡࣗମʹίετ͕͔͔ΔͨΊɺαʔϏεఀࢭͤ͞ͳ͍ͨΊʹ কདྷΛؚΊͨ༨৒ͳϦιʔεΛ֬อ͍ͯ͠Δɻ
 ೔ϨϕϧͰݴͬͯ΋ɺϐʔΫͱϐʔΫҎ֎ͷ͕࣌ؒಉ͡අ༻͔͔Δ 12

  13. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. to GAE NOT

    Immutable infrastructure → immutable ʹ
 vesrion ຖʹ immutable ʹͰ͖ɺ੾Γ໭͠΍ݕূ͕༰қ 1 αʔόʹରͯ͠ෳ਺ͷ service ͕Քಇ → 1 αʔό 1 service ʹ
 ཧ૝ͱίετͷόϥϯε͕औΕΔ ༨৒Ϧιʔε → ༨৒Ϧιʔε(= ίετ)͕গͳ͘ͳΔ + Πϯϑϥ؅ཧ޻਺ͳ͠ 13

  14. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why don't use

    others IaaS (GKE / GAEFE) ΦʔέετϨʔγϣϯ͕૸ΔͨΊىಈ͕஗͍
 εύΠΫʹ଱͑Εͳ͔ͬͨΓɺৗʹ਺୆্ཱ͓ͪ͛ͯ͘ඞཁ͋Γ FaaS (Cloud Function) ·࣮ͩྫ΍੒ख़౓ʹ೉͋Γͩͬͨ (2016/05࣌఺)
 جຊతʹϦιʔεຖʹ service (component = repository) Λ෼͚͍ͨͷͰɺ FaaS Ͱ͸ཻ౓͕খ͗ͨ͢͞ 14

  15. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ 15

  16. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ ϓϩδΣΫτ؅ཧ

    όʔδϣϯ؅ཧ 16

  17. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ϓϩδΣΫτ؅ཧ ϓϩδΣΫτͷ෼͚ํ [։ൃ؀ڥɾຊ൪؀ڥ]

    x [σΟϕϩούʔ༻ɾຊ൪༻]
 = dev-sandbox / dev-production / live-sandbox / live-production
 ʹ෼͚ͯ؅ཧ ϓϩδΣΫτͷ؅ཧํ๏ google-mailing-list Λ༻͍ͯ deployer / viewer / analyst Λ؅ཧ
 ͦΕͧΕͷ੹೚ൣғΛ IAM ʹͯఆٛ 17

  18. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. όʔδϣϯ؅ཧ version Λ༻͍ͨݸਓ։ൃ؀ڥ

    (DB ڞ༗) dev ؀ڥͰͷ deploy Ͱ͸ࣗಈͰͦͷਓͷ໊લͰ deploy ͞ΕΔ
 ಛఆͷ QA ͳͲͷ༻్Ͱ࢖͏৔߹͸ɺ໌ࣔతʹͦͷ version Ͱ deploy ͢Δ version Λ༻͍ͨ Blue Green Deployment ຊ൪ deploy ࣌ʹ͸৽͍͠όʔδϣϯͰר͔Εͯɺͦ͜Ͱ֬ೝޙʹτϥϑΟο ΫΛ͋ͯΔ (ࠓͷτϥϑΟοΫͱ GAE/Go ͷ spinup తʹҰؾʹόπϯͱग़དྷ͍ͯΔ) 18

  19. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on GAE

    19

  20. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices ʹ͓͍ͯߟ͑Δ΂͖߲໨ Service

    ͷ୯Ґ Ұఆͷࢦඪ͕ͳ͍ͱάμάμͳ΋ͷʹͳͬͯ͠·͏ AndApp Ͱ͸ RESTful API ͷఏڙ
 → Ϧιʔε = Service ͷ୯Ґʹ͍ͯ͠Δ eg. User / Client / Notification API ௨৴ͱೝূೝՄΛͲ͏ઃܭ͢Δ͔ 20

  21. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ༷ʑͳ API ௨৴

    21 σΟϕϩούʔͷαʔό͔Β ΤϯυϢʔβͷ୺຤͔Β ಉҰ  Project  Service  ͔Β ผ  Project  Service  ͔Β

  22. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ΍ͬͪΌ͏͜ͱ ಺෦௨৴͚ͩಛघͳೝূํࣜΛ࢖͏ ड͚Δଆ͕৭ʑͳೝূํࣜʹରԠ͢Δඞཁ͋Γ

    IP ੍ݶͷΈͷແೝূʹͪ͠Ό͏ Ͳ͜·Ͱ৴༻͢Δͷʁ໰୊ 22 Access  Token  ͷ  Format  ΛಉҰʹ

  23. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AccessToken ͷݕূ ී௨ʹ΍Δͱ͢΂ͯͷ

    service ͕ೝূαʔόʹຖճϦΫ Τετ͢Δඞཁ͕ੜ͡Δɻ hop ਺͚ͩ࣌ؒ΍Ϧιʔε͕ ͔͔Δ AccessToken Λ͢΂ͯಉҰ Format ͷ΋ͷ + JWS(JWT) Λར༻͢Δ͜ͱͰ self verification Մೳͱ͠ ͍ͯΔ 23

  24. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. JWS (JSON Web

    Signature) ॺ໊෇͖ͷ JWT (JSON Λ Base64 ͨ͠΋ͷʹॺ໊͕͍ͭͯΔ) ର৅伴/ඇରশ伴Λ༻͍ͯॺ໊΍ݕূΛ͢Δ͜ͱ͕Ͱ͖Δ ޠኮͱͯ͠ҎԼͷ΋ͷΛೖΕ͍ͯΔ (JWT/JWKͷجຊ৘ใؚΉ) ൃߦऀ (JWT/ iss)
 ར༻ऀ (JWT/ aud)
 ୭ͷݖݶͱͯ͠ (JWT / sub)
 伴ͷURL (JWK / jku)
 伴 id (JWK / kid)
 ೝՄ৘ใ (ಠࣗ) →ݕূ+ޠኮղऍ+ೝՄ৘ใʹΑͬͯΞΫηεݖݶͷ༗ແΛ஌ΕΔ 24

  25. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ֎෦͔Βͷ AccessToken ͷऔಘํ๏

    25 Client  Creden,als  Grant Token  /  Cer,ficate  API Implicit  Code  Grant Access  Token Access  Token

  26. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ֎෦͔Βͷ AccessToken ͷݕূํ๏

    26 Access  Token Token  /  Cer,ficate  API Access  Token User  API ݕূ伴ͷऔಘ
 (jku  /  kid) Ωϟογϡ

  27. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏

     Metadata  API No,fica,on  API ॺ໊伴ͷऔಘ OPE Metadata  API ॺ໊伴ͷऔಘ

  28. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏

     Token  /  Cer,ficate  API No,fica,on  API OPE Token  /  Cer,ficate  API Asser,on  Grant Asser,on  Grant ݕূ伴ͷऔಘ
 (jku  /  kid) ݕূ伴ͷऔಘ  (jku  /  kid) Access  Token Access  Token

  29. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷݕূํ๏

    (Ҏ߱֎෦ͱҰॹ)  Token  /  Cer,ficate  API No,fica,on  API OPE Token  /  Cer,ficate  API User  API Access  Token Access  Token

  30. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ৭ʑ͍ͬͯΔ͚Ͳ ͢΂ͯͷ௨৴ؒʹ͍ͭͯҎԼͷΑ͏ͳݖݶ؅ཧ͢Δ͜ͱ ͰݕূΛ؆୯ʹ͍ͯ͠Δ

    ಉҰFormatͷ Self verification Մೳͳ
 Access Token Λ࢖͏ ๻ͷதͰ͸ɺService ͷ෼͚ํͱ௨৴ํ๏Λ͔ͬ͠Γఆٛ͞ Ε͍ͯΕ͹ Microservices Խ͸؆୯ʹग़དྷΔͱࢥ͍ͬͯ Δ 30

  31. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ·ͱΊ ؆୯ͳ GCP

    ͷ࢖ΘΕํͷ࿩ Microservices ΛͲ͏࣮ݱ͍ͯ͠Δͷ͔
 (ೝূೝՄ͋ͨΓ) 31