Upgrade to Pro — share decks privately, control downloads, hide ads and more …

sake-game-gcp-5.pdf

9a7b669fdd4e6dfa349d05b49f61be28?s=47 Hiroyoshi HOUCHI
February 20, 2017
62

 sake-game-gcp-5.pdf

9a7b669fdd4e6dfa349d05b49f61be28?s=128

Hiroyoshi HOUCHI

February 20, 2017
Tweet

Transcript

  1. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Hiroyoshi HOUCHI System

    Development Dept. Open Platform Business Unit
 DeNA Co., Ltd. "OE"QQͰݟΔ("& Λ༻͍ͨαʔόϨε .JDSPTFSWJDFT ञͱήʔϜͱΠϯϑϥͱ($1 1
  2. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ 2

  3. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ ์஍޺Ղ ⁃

    @hixi_hyi ͱ͔ hixi ͱ͔ͷ HN ࢖ͬͯ·͢ ॴଐ౳ʑ ⁃ גࣜձࣾDeNA
 ΦʔϓϯϓϥοτϑΥʔϜࣄۀຊ෦γεςϜ։ൃ෦ ⁃ 4೥ؒϓϥοτϑΥʔϜ։ൃऀ 3
  4. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࠓ೔ͷ࿩͢಺༰ GAE Λ༻͍ͨαʔόϨε/Microservices

    AndApp ֓ཁ Why GAE ? Microservices on GAE (௨৴͋ͨΓͷ࿩) 4
  5. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp 5

  6. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ⁃ DeNA

    ͕ఏڙ͢Δ PC ޲͚ϓϥοτϑΥʔϜ - ̍ͭͷΞϓϦΛ֎Ͱ͸εϚϗɺՈͰ͸ PC Ͱ ⁃ ଓʑͱΞϓϦϦϦʔεΕͯ·͢ͷͰੋඇ͓ࢼ͍ͩ͘͠͞ - https://www.andapp.jp/ 6
  7. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ 7

    Portal  Web Cer,ficate Client User Token Connect Product Transac,on Dashboard No,fica,on Payment Accoun,ng CrashReport Applica,on Adver,sement Analy,cs Generic  Token Metadata Signer OPE Sta,c  Resource  Proxy Google  Front  End RESTful  API  on  Microservices  on  GAE
  8. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ API

    ͸͢΂ͯ RESTful Ͱͷ࣮૷ ͦΕͧΕͷ service ͕Ϧιʔεʹର͢Δૢ࡞Λ୲౰ Ϧιʔεʹର͢Δૢ࡞͸͢΂ͯɺ୲౰ͷ service ʹҠৡ e.g. Application API ͸ Application ৘ใΛ·ͱΊͯ؅ཧɻ
 PortalSite ͸ Application API ʹ RESTful API ͰΞΫηεɻ
 PortalSite ͸ͦͷσʔλΛ͍͍ײ͡ͷ UI ʹม׵ͯ͠ग़ྗ 8
  9. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲ ͢΂ͯͷσΟϕϩού(ΞϓϦέʔγϣϯ)ͷϦΫΤετ Λ͞͹͕͘ɺ

    Namespace API Λ࢖ͬͨϚϧνςφϯ γʔͰ͸ͳ͍ BaaS ͱ͸ҟͳΓɺϓϥοτϑΥʔϜͷϦιʔεͱ֤ΞϓϦͷϦιʔε͕ࠞ ࡏ͢ΔͨΊ ήʔϜͳͲͰ͸ RESTful API Ͱ͸ͳ͘ɺ୯७ͳ API / JSON-RPC API ͳͲͷ΄͏͕਌࿨ੑ͕ߴ͍(ͱࢥΘΕΔ) ϨΠςϯγ࡟ݮ΍·ͱ·ͬͨॲཧͳͲ͸ RESTful (ͷݪଇʹ৐ͬऔΔͱ)࣮ݱ ग़དྷͳ͍ɻ΋ͪΖΜ RESTful API ͷલஈʹ Cloud Endpoint ͷΑ͏ͳ΋ͷΛ ஔ͘ͷ͸͋Γɻ 9
  10. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲2 Basic Scaling

    (appengine ja night #35ͷ࣌ظ)
 → Automatic Scaling ʹҠߦத ͪͳΈʹ Basic Scaling ʹͯͨ͠ཧ༝͸Ϋϥ΢υͳΒͰ͸ͷʮ͓͕͍ۚ͘Β ͔͔Δ͔Θ͔Βͳ͍ʯ͕ා͔͔ͬͨΒɻ
 ͕ɺ͓ۚͷݟੵ΋Γ͕ग़དྷͨͷͰ Automatic ͷ΄͏͕ྑͦ͞͏ͩΑͶʔͱɻ ͪͳΈʹݟੵ΋ΓΑΓ΋҆͘ͳͬͨ΋ͷͷɺ
 Ұ൪ΠϯύΫτσΧ͔ͬͨͷ͸௨৴ྉͩͬͨɻ 10
  11. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why GAE ?

    11
  12. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on ΦϯϓϨ

    ͷߏ੒ NOT Immutable infrastructure αʔόࣗମ͕ঢ়ଶΛอ࣋ αʔόʹରͯ͠ rsync (or pull) Ͱ্ॻ͖͢ΔϦϦʔεखஈ 1 αʔόʹରͯ͠ෳ਺ͷ service ͕Քಇ ো֐ൣғͷݶఆ͕Ͱ͖ͳ͘ͳΔ΋ɺίετ࡟ݮʹޮՌ͋Γ ༨৒Ϧιʔε αʔόࣗମͷௐୡࣗମʹίετ͕͔͔ΔͨΊɺαʔϏεఀࢭͤ͞ͳ͍ͨΊʹ কདྷΛؚΊͨ༨৒ͳϦιʔεΛ֬อ͍ͯ͠Δɻ
 ೔ϨϕϧͰݴͬͯ΋ɺϐʔΫͱϐʔΫҎ֎ͷ͕࣌ؒಉ͡අ༻͔͔Δ 12
  13. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. to GAE NOT

    Immutable infrastructure → immutable ʹ
 vesrion ຖʹ immutable ʹͰ͖ɺ੾Γ໭͠΍ݕূ͕༰қ 1 αʔόʹରͯ͠ෳ਺ͷ service ͕Քಇ → 1 αʔό 1 service ʹ
 ཧ૝ͱίετͷόϥϯε͕औΕΔ ༨৒Ϧιʔε → ༨৒Ϧιʔε(= ίετ)͕গͳ͘ͳΔ + Πϯϑϥ؅ཧ޻਺ͳ͠ 13
  14. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why don't use

    others IaaS (GKE / GAEFE) ΦʔέετϨʔγϣϯ͕૸ΔͨΊىಈ͕஗͍
 εύΠΫʹ଱͑Εͳ͔ͬͨΓɺৗʹ਺୆্ཱ͓ͪ͛ͯ͘ඞཁ͋Γ FaaS (Cloud Function) ·࣮ͩྫ΍੒ख़౓ʹ೉͋Γͩͬͨ (2016/05࣌఺)
 جຊతʹϦιʔεຖʹ service (component = repository) Λ෼͚͍ͨͷͰɺ FaaS Ͱ͸ཻ౓͕খ͗ͨ͢͞ 14
  15. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ 15

  16. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ ϓϩδΣΫτ؅ཧ

    όʔδϣϯ؅ཧ 16
  17. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ϓϩδΣΫτ؅ཧ ϓϩδΣΫτͷ෼͚ํ [։ൃ؀ڥɾຊ൪؀ڥ]

    x [σΟϕϩούʔ༻ɾຊ൪༻]
 = dev-sandbox / dev-production / live-sandbox / live-production
 ʹ෼͚ͯ؅ཧ ϓϩδΣΫτͷ؅ཧํ๏ google-mailing-list Λ༻͍ͯ deployer / viewer / analyst Λ؅ཧ
 ͦΕͧΕͷ੹೚ൣғΛ IAM ʹͯఆٛ 17
  18. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. όʔδϣϯ؅ཧ version Λ༻͍ͨݸਓ։ൃ؀ڥ

    (DB ڞ༗) dev ؀ڥͰͷ deploy Ͱ͸ࣗಈͰͦͷਓͷ໊લͰ deploy ͞ΕΔ
 ಛఆͷ QA ͳͲͷ༻్Ͱ࢖͏৔߹͸ɺ໌ࣔతʹͦͷ version Ͱ deploy ͢Δ version Λ༻͍ͨ Blue Green Deployment ຊ൪ deploy ࣌ʹ͸৽͍͠όʔδϣϯͰר͔Εͯɺͦ͜Ͱ֬ೝޙʹτϥϑΟο ΫΛ͋ͯΔ (ࠓͷτϥϑΟοΫͱ GAE/Go ͷ spinup తʹҰؾʹόπϯͱग़དྷ͍ͯΔ) 18
  19. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on GAE

    19
  20. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices ʹ͓͍ͯߟ͑Δ΂͖߲໨ Service

    ͷ୯Ґ Ұఆͷࢦඪ͕ͳ͍ͱάμάμͳ΋ͷʹͳͬͯ͠·͏ AndApp Ͱ͸ RESTful API ͷఏڙ
 → Ϧιʔε = Service ͷ୯Ґʹ͍ͯ͠Δ eg. User / Client / Notification API ௨৴ͱೝূೝՄΛͲ͏ઃܭ͢Δ͔ 20
  21. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ༷ʑͳ API ௨৴

    21 σΟϕϩούʔͷαʔό͔Β ΤϯυϢʔβͷ୺຤͔Β ಉҰ  Project  Service  ͔Β ผ  Project  Service  ͔Β
  22. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ΍ͬͪΌ͏͜ͱ ಺෦௨৴͚ͩಛघͳೝূํࣜΛ࢖͏ ड͚Δଆ͕৭ʑͳೝূํࣜʹରԠ͢Δඞཁ͋Γ

    IP ੍ݶͷΈͷແೝূʹͪ͠Ό͏ Ͳ͜·Ͱ৴༻͢Δͷʁ໰୊ 22 Access  Token  ͷ  Format  ΛಉҰʹ
  23. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AccessToken ͷݕূ ී௨ʹ΍Δͱ͢΂ͯͷ

    service ͕ೝূαʔόʹຖճϦΫ Τετ͢Δඞཁ͕ੜ͡Δɻ hop ਺͚ͩ࣌ؒ΍Ϧιʔε͕ ͔͔Δ AccessToken Λ͢΂ͯಉҰ Format ͷ΋ͷ + JWS(JWT) Λར༻͢Δ͜ͱͰ self verification Մೳͱ͠ ͍ͯΔ 23
  24. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. JWS (JSON Web

    Signature) ॺ໊෇͖ͷ JWT (JSON Λ Base64 ͨ͠΋ͷʹॺ໊͕͍ͭͯΔ) ର৅伴/ඇରশ伴Λ༻͍ͯॺ໊΍ݕূΛ͢Δ͜ͱ͕Ͱ͖Δ ޠኮͱͯ͠ҎԼͷ΋ͷΛೖΕ͍ͯΔ (JWT/JWKͷجຊ৘ใؚΉ) ൃߦऀ (JWT/ iss)
 ར༻ऀ (JWT/ aud)
 ୭ͷݖݶͱͯ͠ (JWT / sub)
 伴ͷURL (JWK / jku)
 伴 id (JWK / kid)
 ೝՄ৘ใ (ಠࣗ) →ݕূ+ޠኮղऍ+ೝՄ৘ใʹΑͬͯΞΫηεݖݶͷ༗ແΛ஌ΕΔ 24
  25. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ֎෦͔Βͷ AccessToken ͷऔಘํ๏

    25 Client  Creden,als  Grant Token  /  Cer,ficate  API Implicit  Code  Grant Access  Token Access  Token
  26. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ֎෦͔Βͷ AccessToken ͷݕূํ๏

    26 Access  Token Token  /  Cer,ficate  API Access  Token User  API ݕূ伴ͷऔಘ
 (jku  /  kid) Ωϟογϡ
  27. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏

     Metadata  API No,fica,on  API ॺ໊伴ͷऔಘ OPE Metadata  API ॺ໊伴ͷऔಘ
  28. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏

     Token  /  Cer,ficate  API No,fica,on  API OPE Token  /  Cer,ficate  API Asser,on  Grant Asser,on  Grant ݕূ伴ͷऔಘ
 (jku  /  kid) ݕূ伴ͷऔಘ  (jku  /  kid) Access  Token Access  Token
  29. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷݕূํ๏

    (Ҏ߱֎෦ͱҰॹ)  Token  /  Cer,ficate  API No,fica,on  API OPE Token  /  Cer,ficate  API User  API Access  Token Access  Token
  30. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ৭ʑ͍ͬͯΔ͚Ͳ ͢΂ͯͷ௨৴ؒʹ͍ͭͯҎԼͷΑ͏ͳݖݶ؅ཧ͢Δ͜ͱ ͰݕূΛ؆୯ʹ͍ͯ͠Δ

    ಉҰFormatͷ Self verification Մೳͳ
 Access Token Λ࢖͏ ๻ͷதͰ͸ɺService ͷ෼͚ํͱ௨৴ํ๏Λ͔ͬ͠Γఆٛ͞ Ε͍ͯΕ͹ Microservices Խ͸؆୯ʹग़དྷΔͱࢥ͍ͬͯ Δ 30
  31. Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ·ͱΊ ؆୯ͳ GCP

    ͷ࢖ΘΕํͷ࿩ Microservices ΛͲ͏࣮ݱ͍ͯ͠Δͷ͔
 (ೝূೝՄ͋ͨΓ) 31