What's new in "Serverless" on Google Cloud Platform

Slide 1

Slide 1 text

@glaforge What’s new in Serverless on Google Cloud Platform @glaforge Developer Advocate Google Cloud

Slide 2

Slide 2 text

@glaforge Google Cloud Platform

Slide 3

Slide 3 text

@glaforge A big global network of data centers

Slide 4

Slide 4 text

@glaforge Machine Learning Cloud ML Platform Vision API Video Intelligence API Speech API Translate API NLP API Compute Compute Engine App Engine Kubernetes Engine Container Registry Cloud Functions Networking Cloud Virtual Network Cloud Load Balancing Cloud CDN Cloud Interconnect Cloud DNS Storage & Databases Cloud Storage Cloud Bigtable Cloud Datastore Cloud SQL Cloud Spanner Big Data BigQuery Cloud Dataflow Cloud Dataproc Cloud Dataprep Cloud Datalab Cloud Pub/Sub Genomics Management Stackdriver Overview Monitoring Logging Error Reporting Debugger Deployment Manager Developer Cloud SDK Deployment Manager Cloud Source Repositories Cloud Endpoints Cloud Tools for Android Studio Cloud Tools for IntelliJ Google Plugin for Eclipse Cloud Test Lab Cloud Container Builder Identity & Security Cloud IAM Cloud IAP Cloud KMS Cloud Resource Manager Cloud Security Scanner Cloud Platform Security Overview Panorama

Slide 5

Slide 5 text

@glaforge Not Google’s new serverless data center

Slide 6

Slide 6 text

@glaforge Serverless model(s) Operational model Fully managed security Pay only for usage No servers Event-driven Open Service-based Programming model

Slide 7

Slide 7 text

@glaforge The Serverless spectrum

Slide 8

Slide 8 text

@glaforge Serverless operational spectrum Managed by your cloud Container orchestration (k8s) Not serverless for programming or ops Container focused Infra managed by you Hosted FaaS/compute Easiest dev experience Code focused Limited runtime options Managed by your team Serverless anywhere Knative / GKE serverless addon On prem or multi-cloud Code or containers Custom hardware (GPU, TPU, IoT, etc) Offline You manage infra Serverless containers Custom languages & runtimes Infra still cloud-managed

Slide 9

Slide 9 text

@glaforge Serverless “compute” on Cloud Platform App Engine Standard Highly scalable, serverless web applications. Deploy and scale Applications that react to Requests Cloud Functions Event-driven serverless compute platform. Deploy and scale Functions that react to Events

Slide 10

Slide 10 text

@glaforge Demo: Sharing pictures

Slide 11

Slide 11 text

@glaforge Demo: Sharing pictures pic-a-daily.appspot.com

Slide 12

Slide 12 text

@glaforge Demo: Sharing pictures Event-driven logic Data storage User facing Frontend Web + API Admin app Picture files Picture metadata & most frequent tags Vision API annotations: Labels, color, filtering Via Pub/sub Compute most popular tags pic-a-daily.appspot.com

Slide 13

Slide 13 text

@glaforge So what did we launch?

Slide 14

Slide 14 text

@glaforge App Engine: 2nd generation runtimes New! Pay for what you use, scale to zero Open-source, idiomatic experience Use any module, extension, or framework New supported runtimes: ○ Node.js 8 ○ Python 3.7 ○ PHP 7.2 ○ Go 1.11 Existing runtime: ● Java 8

Slide 15

Slide 15 text

@glaforge New in Cloud Functions Generally Available (with SLA!) Python 3.7, Node 8 Tokyo, Belgium, Iowa Environment Variables New! Ubuntu 18.04 with many packages (ffmpeg, imagemagick, headless Chrome) Security Controls: VPC, IAM Scaling Controls Cloud SQL Direct Connect

Slide 16

Slide 16 text

Slide 17

Slide 17 text

@glaforge Serverless operational spectrum Managed by your cloud Container orchestration (k8s) Not serverless for programming or ops Container focused Infra managed by you Hosted FaaS/compute Easiest dev experience Code focused Limited runtime options Managed by your team Serverless containers Custom languages & runtimes Infra still cloud-managed Serverless anywhere Knative / GKE serverless addon On prem or multi-cloud Code or containers Custom hardware (GPU, TPU, IoT, etc) Offline You manage infra New!

Slide 18

Slide 18 text

@glaforge New idiomatic App Engine runtimes

Slide 19

Slide 19 text

@glaforge New Python 3.7 runtime

Slide 20

Slide 20 text

@glaforge New Go 1.11 runtime

Slide 21

Slide 21 text

@glaforge Cloud Functions GA w/ SLA, Node & Python, Security & Scaling controls, Env vars

Slide 22

Slide 22 text

@glaforge Go 1.11 alpha, vendor & module friendly — goo.gl/ceDfGk package hello import ( "fmt" "net/http" ) func HelloWorld(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello, World!") } $ gcloud beta functions deploy hello --entry-point HelloWorld --runtime go111 --trigger-http

Slide 23

Slide 23 text

@glaforge Node 8 with async / await const PubSub = require('@google-cloud/pubsub'); exports.helloPubSub = async (data, context) => { let ps = new PubSub(); try { const topicName = context.resource.name; const topic = ps.topic(topicName); const data = await topic.getMetadata(); const metadata = data[0]; console.log(`Metadata: ${JSON.stringify(metadata)}`); } catch(err) { console.error(err); } };

Slide 24

Slide 24 text

@glaforge Environment variables $ gcloud beta functions deploy fnNAme --set-env-vars FOO=bar $ gcloud beta functions deploy fnNAme --env-vars-file .env.yaml --update-env-vars FOO=baz --remove-env-vars FOO --clear-env-vars

Slide 25

Slide 25 text

@glaforge Function scaling control Limit scaling on a per-function basis Prevents DoSing resources with different scalability $ gcloud functions deploy --max-instances=100

Slide 26

Slide 26 text

@glaforge Security controls Control access to function invocation using IAM ● Developers ● Other functions or GCP services ● End-users using Google Sign-In Set IAM policies on individual functions Private by default

Slide 27

Slide 27 text

@glaforge Security controls $ gcloud functions add-iam-policy-binding fnOne \ --member='allUsers' \ --role='roles/cloudfunctions.invoker' $ gcloud functions add-iam-policy-binding fnTwo \ --member='fnOne@projectid.iam.gserviceaccount.com' \ --role='roles/cloudfunctions.invoker'

Slide 28

Slide 28 text

@glaforge Per function identities By default, all functions share the same identity Identity can be set on a per-function basis to provide least privilege access

Slide 29

Slide 29 text

@glaforge Per function identities $ gcloud iam service-accounts create fnOne $ gcloud iam service-accounts add-iam-policy-binding \ fnOne@projectid.gserviceaccount.com \ --member='serviceAccount:fnOne@projectid.gserviceaccount.com' \ --role='roles/cloudfunctions.invoker' $ gcloud functions deploy fnOne \ --service-account fnOne@projectid.gserviceaccount.com

Slide 30

Slide 30 text

@glaforge Per function identities $ gcloud iam service-accounts create fnTwo $ gcloud iam service-accounts add-iam-policy-binding \ fnTwo@projectid.gserviceaccount.com \ --member='serviceAccount:fnTwo@projectid.gserviceaccount.com' \ --role='roles/cloudsql.client' $ gcloud functions deploy fnTwo \ --service-account fnTwo@projectid.gserviceaccount.com

Slide 31

Slide 31 text

@glaforge Icing on the planet cake

Slide 32

Slide 32 text

@glaforge Cloud Tasks ● Manage distributed task queues ● Decouple and scale microservices ● Manage resource consumption ● Handle releases gracefully Sign up: http://bit.ly/tasks-signup New!

Slide 33

Slide 33 text

@glaforge Cloud Scheduler ● Enterprise grade cron job scheduler ● Schedule batch, big data jobs, cloud infra ops... ○ Invoke Cloud Functions over HTTPS or Pub/Sub ○ Invoke App Engine on a relative url handler ● Manage all your jobs from one place Sign up: http://bit.ly/sched-signup New!

Slide 34

Slide 34 text

@glaforge Serverless Containers

Slide 35

Slide 35 text

@glaforge Everything at Google runs in containers: Gmail, Web Search, Maps, ... MapReduce, batch, ... GFS, Colossus, ... Even GCE itself: VMs in containers Google launches 4 billion containers per week.

Slide 36

Slide 36 text

@glaforge New: serverless containers on GCF (EAP) Serverless containers on Cloud Functions Provide arbitrary container images and run them "serverlessly" ● Takes a pre-built Docker image ● Use arbitrary system libraries ● Use arbitrary language runtime ● Same serverless execution environment ○ Stateless, event-driven, auto-scaling ○ No servers ○ Pay only while code runs

Slide 37

Slide 37 text

@glaforge Serverless containers Fully managed BYO workloads Pay for use & stateless New: serverless containers on GCF (EAP) Sign up: g.co/serverlesscontainers

Slide 38

Slide 38 text

@glaforge New: serverless containers on GCF (EAP) $ gcloud functions deploy --image gcr.io/...

Slide 39

Slide 39 text

@glaforge Knative GKE serverless add-on

Slide 40

Slide 40 text

@glaforge Knative — Serverless building blocks on Kubernetes Kubernetes-based building blocks for serverless workloads Build Serving Events

Slide 41

Slide 41 text

@glaforge Knative partners

Slide 42

Slide 42 text

@glaforge Knative isn't... ● An open source FaaS developer-facing product ● A product, It's primitives ● The right solution for everyone ○ The audience is more the ops building & running their own serverless platform for the developers

Slide 43

Slide 43 text

@glaforge GKE serverless add-on — Knative on GKE GKE serverless add-on Request early access today at g.co/serverlessaddon

Slide 44

Slide 44 text

@glaforge $ gcloud serverless deploy --image gcr.io/... --cluster my-cluster Google Kubernetes Engine + Knative

Slide 45

Slide 45 text

@glaforge Q & A cloud.google.com/serverless Knative github.com/knative GKE serverless add-on (sign-up) g.co/serverlessaddon Containers on Cloud Functions (sign-up) g.co/serverlesscontainers

Slide 46

Slide 46 text

@glaforge Thank you! cloud.google.com/serverless Knative github.com/knative GKE serverless add-on (sign-up) g.co/serverlessaddon Containers on Cloud Functions (sign-up) g.co/serverlesscontainers