sake-game-gcp-5.pdf

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Hiroyoshi HOUCHI System
Development Dept. Open Platform Business Unit  DeNA Co., Ltd. "OE"QQͰݟΔ("& Λ༻͍ͨαʔόϨε .JDSPTFSWJDFT ञͱήʔϜͱΠϯϑϥͱ($1 1

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ ์஍޺Ղ ⁃
@hixi_hyi ͱ͔ hixi ͱ͔ͷ HN ࢖ͬͯ·͢ ॴଐ౳ʑ ⁃ גࣜձࣾDeNA  ΦʔϓϯϓϥοτϑΥʔϜࣄۀຊ෦γεςϜ։ൃ෦ ⁃ 4೥ؒϓϥοτϑΥʔϜ։ൃऀ 3

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࠓ೔ͷ࿩͢಺༰ GAE Λ༻͍ͨαʔόϨε/Microservices
AndApp ֓ཁ Why GAE ? Microservices on GAE (௨৴͋ͨΓͷ࿩) 4

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ⁃ DeNA
͕ఏڙ͢Δ PC ޲͚ϓϥοτϑΥʔϜ - ̍ͭͷΞϓϦΛ֎Ͱ͸εϚϗɺՈͰ͸ PC Ͱ ⁃ ଓʑͱΞϓϦϦϦʔεΕͯ·͢ͷͰੋඇ͓ࢼ͍ͩ͘͠͞ - https://www.andapp.jp/ 6

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ 7
Portal Web Cer,ﬁcate Client User Token Connect Product Transac,on Dashboard No,ﬁca,on Payment Accoun,ng CrashReport Applica,on Adver,sement Analy,cs Generic Token Metadata Signer OPE Sta,c Resource Proxy Google Front End RESTful API on Microservices on GAE

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ API
͸͢΂ͯ RESTful Ͱͷ࣮૷ ͦΕͧΕͷ service ͕Ϧιʔεʹର͢Δૢ࡞Λ୲౰ Ϧιʔεʹର͢Δૢ࡞͸͢΂ͯɺ୲౰ͷ service ʹҠৡ e.g. Application API ͸ Application ৘ใΛ·ͱΊͯ؅ཧɻ  PortalSite ͸ Application API ʹ RESTful API ͰΞΫηεɻ  PortalSite ͸ͦͷσʔλΛ͍͍ײ͡ͷ UI ʹม׵ͯ͠ग़ྗ 8

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲ ͢΂ͯͷσΟϕϩού(ΞϓϦέʔγϣϯ)ͷϦΫΤετ Λ͞͹͕͘ɺ
Namespace API Λ࢖ͬͨϚϧνςφϯ γʔͰ͸ͳ͍ BaaS ͱ͸ҟͳΓɺϓϥοτϑΥʔϜͷϦιʔεͱ֤ΞϓϦͷϦιʔε͕ࠞ ࡏ͢ΔͨΊ ήʔϜͳͲͰ͸ RESTful API Ͱ͸ͳ͘ɺ୯७ͳ API / JSON-RPC API ͳͲͷ΄͏͕਌࿨ੑ͕ߴ͍(ͱࢥΘΕΔ) ϨΠςϯγ࡟ݮ΍·ͱ·ͬͨॲཧͳͲ͸ RESTful (ͷݪଇʹ৐ͬऔΔͱ)࣮ݱ ग़དྷͳ͍ɻ΋ͪΖΜ RESTful API ͷલஈʹ Cloud Endpoint ͷΑ͏ͳ΋ͷΛ ஔ͘ͷ͸͋Γɻ 9

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲2 Basic Scaling
(appengine ja night #35ͷ࣌ظ)  → Automatic Scaling ʹҠߦத ͪͳΈʹ Basic Scaling ʹͯͨ͠ཧ༝͸Ϋϥ΢υͳΒͰ͸ͷʮ͓͕͍ۚ͘Β ͔͔Δ͔Θ͔Βͳ͍ʯ͕ා͔͔ͬͨΒɻ  ͕ɺ͓ۚͷݟੵ΋Γ͕ग़དྷͨͷͰ Automatic ͷ΄͏͕ྑͦ͞͏ͩΑͶʔͱɻ ͪͳΈʹݟੵ΋ΓΑΓ΋҆͘ͳͬͨ΋ͷͷɺ  Ұ൪ΠϯύΫτσΧ͔ͬͨͷ͸௨৴ྉͩͬͨɻ 10

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why GAE ?
11

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on ΦϯϓϨ
ͷߏ੒ NOT Immutable infrastructure αʔόࣗମ͕ঢ়ଶΛอ࣋ αʔόʹରͯ͠ rsync (or pull) Ͱ্ॻ͖͢ΔϦϦʔεखஈ 1 αʔόʹରͯ͠ෳ਺ͷ service ͕Քಇ ো֐ൣғͷݶఆ͕Ͱ͖ͳ͘ͳΔ΋ɺίετ࡟ݮʹޮՌ͋Γ ༨৒Ϧιʔε αʔόࣗମͷௐୡࣗମʹίετ͕͔͔ΔͨΊɺαʔϏεఀࢭͤ͞ͳ͍ͨΊʹ কདྷΛؚΊͨ༨৒ͳϦιʔεΛ֬อ͍ͯ͠Δɻ  ೔ϨϕϧͰݴͬͯ΋ɺϐʔΫͱϐʔΫҎ֎ͷ͕࣌ؒಉ͡අ༻͔͔Δ 12

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. to GAE NOT
Immutable infrastructure → immutable ʹ  vesrion ຖʹ immutable ʹͰ͖ɺ੾Γ໭͠΍ݕূ͕༰қ 1 αʔόʹରͯ͠ෳ਺ͷ service ͕Քಇ → 1 αʔό 1 service ʹ  ཧ૝ͱίετͷόϥϯε͕औΕΔ ༨৒Ϧιʔε → ༨৒Ϧιʔε(= ίετ)͕গͳ͘ͳΔ + Πϯϑϥ؅ཧ޻਺ͳ͠ 13

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why don't use
others IaaS (GKE / GAEFE) ΦʔέετϨʔγϣϯ͕૸ΔͨΊىಈ͕஗͍  εύΠΫʹ଱͑Εͳ͔ͬͨΓɺৗʹ਺୆্ཱ͓ͪ͛ͯ͘ඞཁ͋Γ FaaS (Cloud Function) ·࣮ͩྫ΍੒ख़౓ʹ೉͋Γͩͬͨ (2016/05࣌఺)  جຊతʹϦιʔεຖʹ service (component = repository) Λ෼͚͍ͨͷͰɺ FaaS Ͱ͸ཻ౓͕খ͗ͨ͢͞ 14

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ ϓϩδΣΫτ؅ཧ
όʔδϣϯ؅ཧ 16

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ϓϩδΣΫτ؅ཧ ϓϩδΣΫτͷ෼͚ํ [։ൃ؀ڥɾຊ൪؀ڥ]
x [σΟϕϩούʔ༻ɾຊ൪༻]  = dev-sandbox / dev-production / live-sandbox / live-production  ʹ෼͚ͯ؅ཧ ϓϩδΣΫτͷ؅ཧํ๏ google-mailing-list Λ༻͍ͯ deployer / viewer / analyst Λ؅ཧ  ͦΕͧΕͷ੹೚ൣғΛ IAM ʹͯఆٛ 17

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. όʔδϣϯ؅ཧ version Λ༻͍ͨݸਓ։ൃ؀ڥ
(DB ڞ༗) dev ؀ڥͰͷ deploy Ͱ͸ࣗಈͰͦͷਓͷ໊લͰ deploy ͞ΕΔ  ಛఆͷ QA ͳͲͷ༻్Ͱ࢖͏৔߹͸ɺ໌ࣔతʹͦͷ version Ͱ deploy ͢Δ version Λ༻͍ͨ Blue Green Deployment ຊ൪ deploy ࣌ʹ͸৽͍͠όʔδϣϯͰר͔Εͯɺͦ͜Ͱ֬ೝޙʹτϥϑΟο ΫΛ͋ͯΔ (ࠓͷτϥϑΟοΫͱ GAE/Go ͷ spinup తʹҰؾʹόπϯͱग़དྷ͍ͯΔ) 18

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on GAE
19

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices ʹ͓͍ͯߟ͑Δ΂͖߲໨ Service
ͷ୯Ґ Ұఆͷࢦඪ͕ͳ͍ͱάμάμͳ΋ͷʹͳͬͯ͠·͏ AndApp Ͱ͸ RESTful API ͷఏڙ  → Ϧιʔε = Service ͷ୯Ґʹ͍ͯ͠Δ eg. User / Client / Notiﬁcation API ௨৴ͱೝূೝՄΛͲ͏ઃܭ͢Δ͔ 20

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ༷ʑͳ API ௨৴
21 σΟϕϩούʔͷαʔό͔Β ΤϯυϢʔβͷ୺຤͔Β ಉҰ Project Service ͔Β ผ Project Service ͔Β

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ΍ͬͪΌ͏͜ͱ ಺෦௨৴͚ͩಛघͳೝূํࣜΛ࢖͏ ड͚Δଆ͕৭ʑͳೝূํࣜʹରԠ͢Δඞཁ͋Γ
IP ੍ݶͷΈͷແೝূʹͪ͠Ό͏ Ͳ͜·Ͱ৴༻͢Δͷʁ໰୊ 22 Access Token ͷ Format ΛಉҰʹ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AccessToken ͷݕূ ී௨ʹ΍Δͱ͢΂ͯͷ
service ͕ೝূαʔόʹຖճϦΫ Τετ͢Δඞཁ͕ੜ͡Δɻ hop ਺͚ͩ࣌ؒ΍Ϧιʔε͕ ͔͔Δ AccessToken Λ͢΂ͯಉҰ Format ͷ΋ͷ + JWS(JWT) Λར༻͢Δ͜ͱͰ self veriﬁcation Մೳͱ͠ ͍ͯΔ 23

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. JWS (JSON Web
Signature) ॺ໊෇͖ͷ JWT (JSON Λ Base64 ͨ͠΋ͷʹॺ໊͕͍ͭͯΔ) ର৅伴/ඇରশ伴Λ༻͍ͯॺ໊΍ݕূΛ͢Δ͜ͱ͕Ͱ͖Δ ޠኮͱͯ͠ҎԼͷ΋ͷΛೖΕ͍ͯΔ (JWT/JWKͷجຊ৘ใؚΉ) ൃߦऀ (JWT/ iss)  ར༻ऀ (JWT/ aud)  ୭ͷݖݶͱͯ͠ (JWT / sub)  伴ͷURL (JWK / jku)  伴 id (JWK / kid)  ೝՄ৘ใ (ಠࣗ) →ݕূ+ޠኮղऍ+ೝՄ৘ใʹΑͬͯΞΫηεݖݶͷ༗ແΛ஌ΕΔ 24

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏
Token / Cer,ficate API No,fica,on API OPE Token / Cer,ficate API Asser,on Grant Asser,on Grant ݕূ伴ͷऔಘ  (jku / kid) ݕূ伴ͷऔಘ (jku / kid) Access Token Access Token

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ৭ʑ͍ͬͯΔ͚Ͳ ͢΂ͯͷ௨৴ؒʹ͍ͭͯҎԼͷΑ͏ͳݖݶ؅ཧ͢Δ͜ͱ ͰݕূΛ؆୯ʹ͍ͯ͠Δ
ಉҰFormatͷ Self veriﬁcation Մೳͳ  Access Token Λ࢖͏ ๻ͷதͰ͸ɺService ͷ෼͚ํͱ௨৴ํ๏Λ͔ͬ͠Γఆٛ͞ Ε͍ͯΕ͹ Microservices Խ͸؆୯ʹग़དྷΔͱࢥ͍ͬͯ Δ 30

sake-game-gcp-5.pdf

sake-game-gcp-5.pdf

Hiroyoshi HOUCHI

More Decks by Hiroyoshi HOUCHI

Featured

Transcript

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Hiroyoshi HOUCHI System

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ 2

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࣗݾ঺հ ์஍޺Ղ ⁃

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ࠓ೔ͷ࿩͢಺༰ GAE Λ༻͍ͨαʔόϨε/Microservices

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp 5

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ⁃ DeNA

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ 7

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AndApp ͷΞʔΩςΫνϟશମ૾ API

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲ ͢΂ͯͷσΟϕϩού(ΞϓϦέʔγϣϯ)ͷϦΫΤετ Λ͞͹͕͘ɺ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ิ଍ࣄ߲2 Basic Scaling

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why GAE ?

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on ΦϯϓϨ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. to GAE NOT

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Why don't use

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ 15

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. GAE ར༻ํ๏ ϓϩδΣΫτ؅ཧ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ϓϩδΣΫτ؅ཧ ϓϩδΣΫτͷ෼͚ํ [։ൃ؀ڥɾຊ൪؀ڥ]

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. όʔδϣϯ؅ཧ version Λ༻͍ͨݸਓ։ൃ؀ڥ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices on GAE

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. Microservices ʹ͓͍ͯߟ͑Δ΂͖߲໨ Service

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ༷ʑͳ API ௨৴

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ΍ͬͪΌ͏͜ͱ ಺෦௨৴͚ͩಛघͳೝূํࣜΛ࢖͏ ड͚Δଆ͕৭ʑͳೝূํࣜʹରԠ͢Δඞཁ͋Γ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. AccessToken ͷݕূ ී௨ʹ΍Δͱ͢΂ͯͷ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. JWS (JSON Web

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ֎෦͔Βͷ AccessToken ͷऔಘํ๏

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ֎෦͔Βͷ AccessToken ͷݕূํ๏

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷऔಘํ๏

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ಺෦͔Βͷ AccessToken ͷݕূํ๏

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ৭ʑ͍ͬͯΔ͚Ͳ ͢΂ͯͷ௨৴ؒʹ͍ͭͯҎԼͷΑ͏ͳݖݶ؅ཧ͢Δ͜ͱ ͰݕূΛ؆୯ʹ͍ͯ͠Δ

Copyright (C) DeNA Co.,Ltd. All Rights Reserved. ·ͱΊ ؆୯ͳ GCP