Proprietary + Confidential Pic-a-Daily Serverless Workshop g.co/codelabs/serverless-workshop #gcpserverlessworkshop Guillaume Laforge — @glaforge Mete Atamel — @meteatamel

01 The Pic-a-Daily Serverless Workshop: What you’re going to build!

Proprietary + Confidential A photo-sharing application

A photo-sharing application

Final architecture diagram

Codelabs g.co/codelabs/serverless-workshop

02 The Serverless spectrum on Google Cloud Platform

Proprietary + Confidential Operational Model Programming Model No Infra Management Managed Security Pay only for usage Service-based Event-driven Stateless Serverless

Proprietary + Confidential Virtual Machine OS Application Runtime Application Virtual Hardware Dedicated Server OS Application Runtime Application Virtual Hardware Containers OS Application Runtime Application Virtual Hardware Functions Functions Functions Application Platform OS Application Runtime Application Virtual Hardware Functions Serverless OS Application Runtime Application Virtual Hardware Functions Infrastructure Container Platform Function Compute Engine Kubernetes Engine App Engine Cloud Functions On-Premises Serverless Zone Physical Hardware Cloud Run

Proprietary + Confidential Serverless functions Serverless web applications Serverless HTTP workloads Source code-based event driven functions Source code-based web apps and API backends HTTP containers fully managed HTTP containers on GKE cluster Cloud Functions App Engine Cloud Run Serverless compute options

03 Cloud Functions

Back end code functions that automatically run in response to a trigger event Microservices Cloud "glue" Node.js, Python, Go, Java Cloud Functions

Cloud Functions as cloud glue Access 20+ Google services from GCF Cloud Storage Cloud Pub/Sub HTTPS Firebase Cloud Scheduler Cloud Tasks

Good fit “Serverless” Using Pub/Sub and/or Cloud Storage Don't want to think about runtime env Data transformations (ETL) Cloud-based HTTP glue and webhooks Constraints Runtimes: Node.js, Python, Go, Java Function level granularity Must interact via events No custom domain name Concurrency level of 1 (more cold starts) Good fit? Constraints?

Codelabs Lab 1 — Store and analyse pictures Storing pictures in Cloud Storage, trigger a Cloud Functions instance Calling the Cloud Vision API for analysis Storing metadata in Cloud Firestore Lab 3 — Create a collage of pictures At a regular interval, with Cloud Scheduler Invoking a Cloud Run instance, to create a collage of recent pictures found in Cloud Firestore Storing collage in Cloud Storage Lab 2 — Create thumbnails Cloud Storage notifications sent to Pub/Sub Triggering a Cloud Run instance via Pub/Sub Creating a thumbnail with ImageMagick, and storing back into Cloud Storage Lab 4 — Create a web frontend Creating a web application with App Engine Listing pictures from Cloud Firestore Displaying pictures & collage from Cloud Storage g.co/codelabs/serverless-workshop

04 Cloud Run

Containers Any language Any library Any binary Ecosystem of base images .js .rb .go .py .sh … 0 1 0 1 0 0 1 1 1

Containers Flexibility Serverless Velocity

Cloud Run Fully managed, deploy your workloads and don’t see the cluster. Cloud Run on Anthos Deploy into Anthos, run serverless side-by-side with your existing workloads. Knative Everywhere Use the same APIs and tooling anywhere you run Kubernetes with Knative. Serverless containers with Knative & Cloud Run

Container to production in seconds Natively Serverless One experience, where you want it Cloud Run Bringing serverless to containers

HTTPS Endpoint Public • Website • API endpoint Private • Internal services • Async tasks • Mobile backend • Webhook

Container contract Listen on 0.0.0.0 on port $PORT (default 8080) HTTP server must start < 4 min (timeout → 504) Request time < 15 min (default → 5 min) Stateless (in-memory file system, doesn’t persist) Computation only within request (No background activity)

Container resources 1 vCPU per container instance (configurable to 2vCPU) 256 MiB of memory up to a max of 4 GiB (configurable) 80 concurrent requests per container (configurable 1-80) 1000 max containers by default (configurable 1-1000) Access to a Metadata Server Sandboxed by gVisor

Pay per use CPU / Memory / Requests 100ms

Billable time Instance Billable Time Request 1 Start Request 1 End Request 2 Start Request 2 End Instance Time Billable Non-billable

Concurrency: up to 80 concurrent requests concurrency = 1 concurrency = 80

Pub/Sub triggered internal services Cloud Run Cloud Pub/Sub Queue Queue Queue

Storage triggered internal services Cloud Run Cloud Pub/Sub Queue Queue Queue Cloud Storage

Scheduled services Command Line Interface (CLI) User Interface (UI) Scheduler API Cloud Run Cloud Scheduler

Services part of async tasks Cloud Tasks user_registration user_levelcompleted user_inapppurchase user_statechange Daily activity metrics service User profile service Payment processing service Game state service

Proprietary + Confidential Good fit? Constraints? Good fit Stateless HTTP request-response workloads Scale: way up, down to zero, bursty Specific runtime requirements: language, dependencies, etc Constraints Must use containers Decide on build process (Cloud Build, etc)

Codelabs Lab 1 — Store and analyse pictures Storing pictures in Cloud Storage, trigger a Cloud Functions instance Calling the Cloud Vision API for analysis Storing metadata in Cloud Firestore Lab 3 — Create a collage of pictures At a regular interval, with Cloud Scheduler Invoking a Cloud Run instance, to create a collage of recent pictures found in Cloud Firestore Storing collage in Cloud Storage Lab 2 — Create thumbnails Cloud Storage notifications sent to Pub/Sub Triggering a Cloud Run instance via Pub/Sub Creating a thumbnail with ImageMagick, and storing back into Cloud Storage Lab 4 — Create a web frontend Creating a web application with App Engine Listing pictures from Cloud Firestore Displaying pictures & collage from Cloud Storage g.co/codelabs/serverless-workshop

Codelabs Lab 1 — Store and analyse pictures Storing pictures in Cloud Storage, trigger a Cloud Functions instance Calling the Cloud Vision API for analysis Storing metadata in Cloud Firestore Lab 3 — Create a collage of pictures At a regular interval, with Cloud Scheduler Invoking a Cloud Run instance, to create a collage of recent pictures found in Cloud Firestore Storing collage in Cloud Storage Lab 2 — Create thumbnails Cloud Storage notifications sent to Pub/Sub Triggering a Cloud Run instance via Pub/Sub Creating a thumbnail with ImageMagick, and storing back into Cloud Storage Lab 4 — Create a web frontend Creating a web application with App Engine Listing pictures from Cloud Firestore Displaying pictures & collage from Cloud Storage g.co/codelabs/serverless-workshop

05 App Engine

Dedicated Server Dedicated Server OS Application Runtime Application Virtual Hardware Functions Physical Hardware OS Application Runtime Application Hardware Functions Dedicated Server OS Application Runtime Application Hardware Functions Serverless OS Application Runtime Application Hardware Functions Function Cloud Functions On-Premises Virtual Machine OS Application Runtime Application Hardware Functions Infrastructure Compute Engine Containers OS Application Runtime Application Hardware Functions Container Kubernetes Engine Application Platform OS Application Runtime Application Hardware Functions Platform App Engine Highly customizable Highly managed

What is App Engine? Serverless, but for your whole web app and not just single functions. App Engine goal: let developers focus on code, GCP handle the rest Can scale very quickly Open-source, idiomatic experience Use any library, extension, binary, or framework Python, Java, Node.js, PHP, Ruby, Go

App Engine Standard (2nd gen) ● Open-source, idiomatic experience ● Use any extension, binary, or framework ● Supported Runtimes ○ Python 3.7 (3.8 in beta) ○ Java 11 ○ Node.js 10 (12 in beta) ○ PHP 7.3 ○ Go 1.12 App Engine Flexible ● Runs Docker containers ● Open source runtimes for Node.js, Ruby, Java, Python, Go, PHP, .NET ● Also, if it runs in a Docker container, you can run it ← nearly everything ⚠Not serverless!

App Engine runtimes Standard 1st generation Standard 2nd generation Flexible Python 2.X, Java, PHP, Go Node.js 10, Python 3.7, Go 1.12, PHP 7.3, Java 11 Node.js, Ruby, Java, Python, Go, PHP, .NET & custom container images Sandboxed processes Runs on managed VMs GAE specific APIs + GCP APIs Use GCP APIs directly No binary modules / libraries any extension, binary, or framework open-source, idiomatic experience

Concurrency & scaling Traffic Traffic •Scale up/down •Scale-up may lead to "cold starts" •One vs. multiple concurrent requests •Traffic splitting across versions •CDN static asset serving

Why choose... App Engine The right abstraction: use a web framework that supports routes and HTTP methods Web traffic requires minimal latency Custom domains Java, Python, Node.js, Go, PHP, Ruby

Good fit HTTP/S request-response Stateless serving applications Scaling to high traffic CDN static asset serving Constraints Standard (1st gen) ● Runtimes for Python, Java, PHP, Go, Node.js Standard (2nd gen) ● Can use use binary extensions ● Python, Node.js, Java, Go, Ruby, PHP Flexible runtimes ● Inherit Docker constraints ● Not best for very low traffic sites (no scale to 0) ● Slow deploy times Good fit? Constraints?

Codelabs Lab 1 — Store and analyse pictures Storing pictures in Cloud Storage, trigger a Cloud Functions instance Calling the Cloud Vision API for analysis Storing metadata in Cloud Firestore Lab 3 — Run containers on schedule At a regular interval, with Cloud Scheduler Invoking a Cloud Run instance, to create a collage of recent pictures found in Cloud Firestore Storing collage in Cloud Storage Lab 2 — Create thumbnails Cloud Storage notifications sent to Pub/Sub Triggering a Cloud Run instance via Pub/Sub Creating a thumbnail with ImageMagick, and storing back into Cloud Storage Lab 4 — Create a web frontend Creating a web application with App Engine Listing pictures from Cloud Firestore Displaying pictures & collage from Cloud Storage g.co/codelabs/serverless-workshop

06 Eventarc Trigger Cloud Run services with events from Google Cloud

Proprietary + Confidential A new way of getting events to managed Cloud Run services Private alpha since early 2020 as Events for Cloud Run Public GA as Eventarc in Jan 2021 Eventarc

Eventarc - Vision

Eventarc - Current State

Proprietary + Confidential Create a trigger for new object creation in Cloud Storage → Cloud Run gcloud eventarc triggers create trigger-auditlog \ --destination-run-service=${SERVICE_NAME} \ --destination-run-region=${REGION} --event-filters="type=google.cloud.audit.log.v1.written" \ --event-filters="serviceName=storage.googleapis.com" \ --event-filters="methodName=storage.objects.create" \ --event-filters=${PROJECT_NO}[email protected] gcloud - AuditLog

Proprietary + Confidential Create a trigger for Pub/Sub messages → Cloud Run gcloud eventarc triggers create trigger-pubsub \ --destination-run-service=${SERVICE_NAME} \ --destination-run-region=${REGION} --event-filters="type=google.cloud.pubsub.topic.v1.messagePublished" --transport-topic=projects/${PROJECT_ID}/topics/${TOPIC_ID} gcloud - Pub/Sub

Proprietary + Confidential Cloud Console - Trigger section of Cloud Run

POST / HTTP/1.1 Content-Type: application/json; charset=utf-8 Content-Length: 33 ce-specversion: 1.0 ce-type: google.cloud.pubsub.topic.publish ce-time: 2020-09-05T03:56:24Z ce-id: 1234-1234-1234 ce-source: mycontext/subcontext custom-attr: 42 { "message": "Hello Cloud Next!" } CloudEvents cloudevents.io "Data" "Context"

Cloud Run Service CloudEvent SDK HTTP request → CloudEvent in your language cloudevents.io Google Events Library Type library for CloudEvent#data Event parsing libraries HTTP POST to Cloud Run URL HTTP body is a CloudEvent with event data ("binary" CloudEvent V1) (optional) (optional) github.com/googleapis/google-cloudevents

Proprietary + Confidential const { HTTP } = require("cloudevents"); const {toLogEntryData} = require('@google/events/cloud/audit/v1/LogEntryData') app.post('/', async (req, res) => { // Read CloudEvent using CloudEvents SDK const cloudEvent = HTTP.toEvent({ headers: req.headers, body: req.body }); // Read AuditLog using Google.Events library for Node.js const logEntryData = toLogEntryData(cloudEvent.data); // Extract bucket and objectName const tokens = logEntryData.protoPayload.resourceName.split('/'); const bucket = tokens[3]; const objectName = tokens[5];

Proprietary + Confidential using CloudNative.CloudEvents; using Google.Events; using Google.Events.Protobuf.Cloud.PubSub.V1; public async Task Read(HttpContext context) { // Read CloudEvent using CloudEvents SDK var cloudEvent = await context.Request.ReadCloudEventAsync(); // Read Pub/Sub message using Google.Events library for .NET var messagePublishedData = CloudEventConverters.ConvertCloudEventData(cloudEvent); // Extract the Pub/Sub message var pubSubMessage = messagePublishedData.Message;

Codelabs Lab 5 — Cleanup after image deletion Cloud Storage delete notifications sent to Eventarc via Audit Logs Triggering a Cloud Run instance via Eventarc Cloud Run service deletes image thumbnails and metadata Lab 6 — Orchestration with Workflows Creating a workflow of our “business process” Reworking the services for an orchestrated architecture Triggering a Workflows from a Cloud Function g.co/codelabs/serverless-workshop

07 Workflows From a loosely-coupled event-driven choreography, towards an orchestrated architecture

Choreography: Pros and Cons Pros ➕ Services are loosely coupled, ➕ Services can be changed independently ➕ Services can be scaled independently ➕ No single point of failure ➕ Events are useful to extend the system beyond the current domain Cons ➖ Difficult to monitor the whole system ➖ Errors / retries / timeouts are problematic ➖ The business flow is not captured explicitly ➖ Who ensures the whole transaction is successful?

Orchestration: Pros and Cons Pros ➕ Business flow captured centrally and source controlled ➕ Each step can be monitored ➕ Errors / retries / timeouts are centralized ➕ Use simple REST, no need for events ➕ Services are still independent Cons ➖ A new orchestrator service to worry about ➖ Orchestrator could be a single point of failure ➖ Reliance on REST means more tight-coupling

Serverless Compute External API’s Google API’s etc... Workflows - orchestrate & integrate SaaS API’s Private API’s Other Clouds

- processPayment: params: [paymentDetails] call: http.post args: url: https://payment-processor.run.app/... body: input: ${paymentDetails} result: processResult - shipItems: call: http.post args: url: https://.../cloudfunctions.net/ship body: input: ${processResult.body} result: shipResult - notifyUser: call: http.post ... Payment Processor Cloud Run Authorize & charge CC Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items YAML or JSON syntax

Payment Processor Cloud Run Authorize & charge CC Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items Payment Processor Cloud Run Authorize & charge CC Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items WAIT Payment Processor Cloud Run Authorize & charge CC Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items shipmentDetails userDetails Step Sequencing Serverless Pause Variable passing JSON Parsing Steps

Payment Processor Cloud Run Authorize & charge CC Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items MAX: 5 times BACKOFF Payment Processor Cloud Run Authorize & charge CC Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items Pager Cloud Run Escalate to support SUCCESS ERROR Configurable retries Configurable exception handling Errors and retries

Notifier Cloud Run Notify user Shipper Cloud Functions Prepare & ship items Pager Cloud Run Escalate to support SUCCESS ERROR Out of Stock? No Request from the supplier Yes Read inventory Inventory DB Update inventory Inventory DB Supplier API Conditionals and 3rd party calls

Subworkflows to encapsulate common reusable flows Connectors ßeta to connect to other Google Cloud services & APIs Other useful features

# Deploy a workflow gcloud workflows deploy my-workflow --source=workflow.yaml # Execute a workflow gcloud workflows execute my-workflow # See the result gcloud workflows executions describe --workflow my-workflow Deploy, execute, manage workflows

No content

An orchestration of microservices

Codelabs Lab 5 — Cleanup after image deletion Cloud Storage delete notifications sent to Eventarc via Audit Logs Triggering a Cloud Run instance via Eventarc Cloud Run service deletes image thumbnails and metadata Lab 6 — Orchestration with Workflows Creating a workflow of our “business process” Reworking the services for an orchestrated architecture Triggering a Workflows from a Cloud Function g.co/codelabs/serverless-workshop

Proprietary + Confidential Guillaume Laforge — @glaforge Mete Atamel — @meteatamel