Microservices on Fastly

Microservices on Fastly
೔ຊܦࡁ৽ฉࣾ ҆ా ཽ
'BTUMZ :BNBHPZB .FFUVQ

View Slide

ࣗݾ঺հ
҆ా ཽ (΍ͩ͢ Γΐ͏)
2015೥: NTTݚڀॴ ೖࣾ
- ίϯςφܕԾ૝Խٕज़ؔ࿈ͷݚڀΛ͢Δ༧ఆͩͬͨ
2016೥: ೔ຊܦࡁ৽ฉࣾ ೖࣾ
- ೔ܦిࢠ൛ϦχϡʔΞϧ൛ ։ൃϝϯόʔ
- ϑϩϯτΤϯυɾόοΫΤϯυɾAWSɾFastlyͷઃఆ౳ॾʑ୲౰

View Slide

೔ܦిࢠ൛
ຖ೔໿900ຊͷهࣄΛ഑৴
༗ྉձһ54ສਓҎ্ɾແྉձһ300ສਓҎ্
݄ؒ3ԯΞΫηε

View Slide

೔ܦిࢠ൛ ϦχϡʔΞϧ ϓϩδΣΫτ (Next Nikkei)
UI/UXվળ (PWAԽɾϨεϙϯγϒԽ)
಺੡Խ
FastlyɾMicroservicesΞʔΩςΫνϟͷར༻

View Slide

Microservicesͱ͸
Auth Service
DB Service
Ranking
Service
Search Service
web iOS App
γεςϜΛෳ਺ͷখ͞ͳαʔϏεͷू߹Ͱߏ੒͢ΔΞʔΩςΫνϟ
API

View Slide

Microservicesͱ͸
ServiceA
ServiceB
ServiceC
ServiceD
Service
Registry
֤αʔϏεͷ৘ใ؅ཧ΍ϔϧενΣοΫ
ϦΫΤετઌαʔϏεͷ৘ใऔಘ
ϦΫΤετͷૹ৴
αʔϏεؒΛܨ͙ͨΊʹɺService RegistryͳͲΛ༻͍Δ

View Slide

FastlyΛ࢖ͬͨMicroservices
ServiceB ServiceC
ɾFastlyͰService RegistryΛ୅༻
ɾશϦΫΤετ͕Fastlyܦ༝
ɾFastly͕ϦΫΤετΛϧʔςΟϯά
ServiceA ServiceC

View Slide

Ωϟογϡͷू໿
ServiceB
ServiceC
ServiceD
ɾΩϟογϡ͕'BTUMZʹू໿Ͱ͖Δ
Ωϟογϡ
ServiceA

View Slide

Ωϟογϡͷू໿
ServiceB
ServiceC
ServiceD
ෳ਺ͷαʔϏεɾϨΠϠʹ෼ࢄ͠ͳ͍
Ωϟογϡ
ServiceA

View Slide

Ωϟογϡͷू໿
ServiceB
ServiceC
ServiceD
QVSHF͢Δ͚ͩͰ*OWBMJEBUJPOՄೳ
Ωϟογϡ
ServiceA

View Slide

Ωϟογϡͷू໿
ServiceB
ServiceC
Ωϟογϡ
ServiceD
ServiceA
ো֐ൃੜ࣌ʹ೾ٴΛ๷͛Δ
ServiceB͕ࢮΜͰ΋ΩϟογϡΛ࢖ͬͯՔಇ

View Slide

Ωϟογϡͷू໿
ServiceB
ServiceC
Ωϟογϡ
ServiceD
ServiceA
ো֐ൃੜ࣌ʹ೾ٴΛ๷͛Δ
Next NikkeiͰ͸·ͩαʔϏε͝ͱʹΩϟογϡΛ΋ͬͯ
͠·͍ͬͯΔ࣮૷͕ଟʑ͋Δ͕…

View Slide

ϩΪϯάɾϞχλϦϯά
ServiceB
ServiceC
ServiceD
ɾϩΪϯά
શϦΫΤετͷϞχλϦϯάͰ͖Δ
Ωϟογϡ
ServiceA
ϩΪϯά

View Slide

ϩΪϯάɾϞχλϦϯά
Real Time Log Streaming
request url
status code
response size
taken time
cache HIT/MISS
...
αʔϏε

View Slide

ϩΪϯάɾϞχλϦϯά – kibanaͰՄࢹԽ
֤αʔϏε΁ͷΞΫηεྔ Τϥʔ਺
֤ϦΫΤετͷstatus code
֤αʔϏεͷฏۉϨεϙϯελΠϜ

View Slide

ϩΪϯάɾϞχλϦϯά - Ωϟογϡώοτ཰ՄࢹԽ
֤αʔϏεɾ֤ύεʹର͢ΔΩϟογϡώοτ཰ Ϣʔβछผ͝ͱͷΩϟογϡώοτ཰
(هࣄϖʔδ)
༗ྉձһ ແྉձһ
ඇձһ

View Slide

ϩΪϯάɾϞχλϦϯά – ಠࣗdashboards
֤αʔϏεͷΩϟογϡώοτ཰ͳͲΛνΣοΫ

View Slide

ೝՄ
ServiceB
ServiceC
ServiceD
ɾ'BTUMZ্ͰೝՄΛ࣮૷
֤αʔϏεʹ࣮૷͠ͳͯ͘ྑ͍
Ωϟογϡώοτ཰্͕Δ
Ωϟογϡ
ೝՄ
ServiceA
ϩΪϯά

View Slide

ೝՄͷඞཁͳίϯςϯπͷΩϟογϡ
هࣄϖʔδ
/article/123
Cookie:
Auth=a124b5...
OAuth2ೝূͰಘΒΕͨ
JWTτʔΫϯ
ϢʔβͷݖݶʹΑͬͯ
ίϯςϯπมΘΔ

View Slide

هࣄϖʔδ
/article/123
Cookie:
Auth=a124b5…
Cache-control:
no-cache, no-store
Cookie:
Auth=a124b5...
JWTτʔΫϯ

View Slide

هࣄϖʔδ
/article/123 ϦΫΤετϔομ
User-ID: 98765
User-Rank: paid
Ϩεϙϯεϔομ
Vary: User-Rank
Cookie:
Auth=a124b5...
ೝূΫοΩʔͷ
decodeɾvalidate
JWTτʔΫϯ

View Slide

هࣄϖʔδ
/article/123 ϦΫΤετϔομ
User-ID: 98765
User-Rank: paid
Ϩεϙϯεϔομ
Vary: User-Rank
Cookie:
Auth=a124b5...
ೝূΫοΩʔͷ
decodeɾvalidate
JWTτʔΫϯ
User-Rank͝ͱʹΩϟογϡ෼͚
ΔΑ͏CDNʹ໋ྩ

View Slide

ೝՄͷඞཁͳίϯςϯπͷΩϟογϡώοτ཰
Ϣʔβछผ͝ͱͷهࣄϖʔδΩϟογϡώοτ཰
ϩάΠϯϢʔβʹରͯ͠΋ΩϟογϡͰ͖ͯΔ
ඇձһ
༗ྉձһ ແྉձһ

View Slide

VCL ࣮૷ྫ

View Slide

ϧʔςΟϯά
Top
Article
API
Assets
/article/123
Path Based
Routing

View Slide

backends.vcl routing.vcl
ϧʔςΟϯά - VCL
backend article {
.host: "article.xx.jp";
.port: 443
.ssl: true
}
...
if (req.url ~ "/article/.+") {
req.backend = article;
}
...
vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

View Slide

[
{
"name": "article",
"path": "/article/.+",
"host": "article.xx.jp",
"ssl": true
}
…
]
services.json backends.vcl routing.vcl
શαʔϏεͷఆٛϑΝΠϧ
ͲΜͳαʔϏεɺϧʔτ͕͋Δ
͔ͻͱ໨ͰΘ͔Δ
ϧʔςΟϯά - VCLࣗಈੜ੒
backend article {
.host: "article.xx.jp";
.port: 443
.ssl: true
}
...
if (req.url ~ "/article/.+") {
req.backend = article;
}
...
vclͰαʔϏεΛఆٛ ϧʔςΟϯά༻ͷvcl

View Slide

μΠφϛοΫϧʔςΟϯά
Top
Article
API
Routing-Override: API-> API-dev
ϦΫΤετϔομ
API-dev
ϦΫΤετϔομͰϧʔςΟϯάΛ
ಈతʹมߋ
Ұ෦ͷαʔϏεΛ։ൃதͷ΋ͷʹ
ࠩ͠ସ͑ΒΕΔ

View Slide

ো֐ͷ೾ٴΛ๷͙
if (beresp.http.Cache-Control !~ "(stale-if-error|immutable|private)") {
set beresp.stale_if_error = 86400s;
}
ϦΫΤετʹࣦഊͯ͠΋ɺࢦఆ͞Εͨظؒ͸ΩϟογϡΛར༻͢Δ
Next NikkeiͰ͸ɺstale-if-errorΛࣗಈͰ෇༩
αʔϏε͕ࢮΜͰ΋ɺΩϟογϡ͕͋Ε͹͠͹Β͘͸ίϯςϯπΛฦͤΔ
stale-if-error

View Slide

Fastly্ͰͷೝՄ - VCL
ೝূΫοΩʔ(JWTܗࣜ):
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4
gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
ɾΫοΩʔऔಘ: req.http.Cookie:Auth
ɾJWTτʔΫϯ෼ղ: regsub(req.http.Cookie.Auth, " (^[^.]+).[^.]+.[^.]+$ ", "$1")
ɾBase64σίʔυ: digest.base64_decode
ɾJWTγάωνϟݕূ: digest.hmac_sha256_base64()
ɾreq.http.Nikkei-Auth-UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");

View Slide

Fastly্ͰͷೝՄ – VCL
if (req.http.Cookie:Auth !~ "(^[^¥.]+)¥.([^¥.]+)¥.([^¥.]+)$") {
set req.http.Auth-Valid = "false";
}
set var.base64Header = re.group.1;
set var.base64Payload = re.group.2;
set var.signature = digest.base64url_decode(re.group.3);
set var.validSignature = digest.base64_decode(digest.hmac_sha256_base64(var.jwtSecret, var.base64Header "."
var.base64Payload));
set var.payload = digest.base64_decode(var.base64Payload);
set var.expires = regsub(var.payload, {"^.*?"exp"¥s*:¥s*(¥d+).*?$"}, "¥1");
# γάωνϟͷਖ਼౰ੑͱ༗ޮظݶͷ֬ೝ
if (var.signature != var.validSignature || time.is_after(now, std.integer2time(std.atoi(var.expires)))) {
set req.http.Auth-Valid = "false";
}
# payload͔Βݖݶ৘ใͳͲΛநग़
req.http. UserID = regsub(var.payload, {"^.*?"uid"¥s*:¥s*"(¥w+)".*?$"}, "¥1");

View Slide

ϩΪϯάɾϞχλϦϯά - VCL
sub vcl_log {
log {"syslog "} req.service_id {" fastly-log :: "}
{" timestamp_us:"} time.start.usec
{" host:"} regsuball(req.http.X-Forwarded-Host, {" "}, "")
{" upstream_host:"} regsuball(req.http.Host, {" "}, "")
{" remote_addr:"} client.ip
{" method:"} req.request
{" fastly_x_cache:"} req.http.X-Cache
{" fastly_x_cache_hits:"} req.http.X-Cache-Hits
{" user_id:"} req.http.User-ID
{" user_rank:"} req.http.User-Rank;
…
}
LTSVܗࣜͰͷϩάग़ྗྫ

View Slide

FastlyΛ࢖ͬͨMicroservices ·ͱΊ
✔ Service Registry͕ෆཁ
✔ Cache͕Fastlyʹू໿͞ΕInvalidation؆୯
✔ ো֐ൃੜ࣌ʹ೾ٴΛ๷͛Δ
✔ ؆୯ͳϞχλϦϯά΍ೝՄ΋࣮ݱͰ͖Δ
✔ μΠφϛοΫϧʔςΟϯάͰ։ൃָ͕ʹͳΔ

View Slide

͋Γ͕ͱ͏͍͟͝·ͨ͠

View Slide

Microservices on Fastly

Microservices on Fastly

Ryo yasuda

More Decks by Ryo yasuda

Featured

Transcript