Challenges for Global Service from a Perspective of SRE 2nd season

Cookpad Inc.
Feb 27th, 2019
Takayuki Watanabe
Technology Department SRE Group
Challenges for Global Service 
from a Perspective of SRE
~ 2nd season ~

View Slide

About me
2
• Takayuki Watanabe
- Twitter: takanabe_w / GitHub: takanabe
• Site Reliability Engineer (a.k.a SRE)
- Focus on Cookpad Global Projects

View Slide

Today’s menu
3
• What is Cookpad Global ?
• Role of Site Reliability Engineers
• Paving Roads for Autonomous Teams
- Challenge 1: Organization Transformation for Greater Autonomy
- Challenge 2: Feasible Self-service for Autonomous Teams

View Slide

What is Cookpad Global ?
4

View Slide

What is Cookpad Global Service?
5
+BQBOFTF$PPLQBE"QQ (MPCBM$PPLQBE"QQT

View Slide

6
+BQBOFTF$PPLQBE"QQ (MPCBM$PPLQBE"QQT
JP Service ≠ Global Service

View Slide

Our users across the globe
7
4FSWJDFQSPWJEFE
DPVOUSJFT

View Slide

8
4FSWJDFQSPWJEFE
DPVOUSJFT
71 Countries
26 Languages

View Slide

9
4FSWJDFQSPWJEFE
DPVOUSJFT
94 Million Monthly Average Users

View Slide

# of Recipes for Global Service
10
# of Recipes

0WFSNJMMJPOSFDJQFT
NJMMJPOSFDJQFTTJODF


View Slide

Users and Developers across the globe
11
• Global Service and SRE ?
• Empower high perform technology organization
Global head quarter  
UK, Bristol
11

View Slide

12
UK, Bristol
12
100 People
25 Nationalities

View Slide

13
UK, Bristol
13
The best people join
from all over the world

View Slide

Role of Site Reliability Engineers
14

View Slide

15

View Slide

16
A user living beyond a log

View Slide

17

View Slide

18
Our Product Developers

View Slide

Missions for SREs in Cookpad
19
• Maximize user experiences in terms of:
• Service availability
• Performance
• Security
• etc…
• Build a great platform to support a growing product
• Product development optimized platform
• Software architects owning comprehensive knowledge for technology

View Slide

Missions for SREs in Cookpad
20
• Maximize user experiences in terms of:
• Service availability
• Performance
• Security
• etc…
• Build a great platform to support a growing product
• Product development optimized platform
• Software architects owning comprehensive knowledge for technology
Control service availability
based on various factors

View Slide

SRE technology scope in Cookpad
21
4FSWJDF
1MBUGPSNT
w 7.$POUBJOFS1MBUGPSNPO"84

View Slide

SRE technology scope in Cookpad
22
4FSWJDF
1MBUGPSNT
0CTFSWBCJMJUZ
&OHJOFFSJOH
.JTDJOIPVTF
5PPMJOH
3FMFBTF
&OHJOFFSJOH
3FTJMJFODF
&OHJOFFSJOH
w %JTUSJCVUFE5SBDJOH
w .FUSJDT.POJUPSJOH
w -PHHJOH4ZTUFN
w "MFSUT.BOBHFNFOU
w .-#BTFE"OPNBMZ%FUFDUJPO
w %BUB"OBMZTJT
w 5FBN)FBMUI7JTVBMJ[BUJPO
w "84$PTU0QUJNJ[BUJPO
w %FWFMPQFS'SJFOEMZ"VUI4ZTUFN
w FUD
w %FQMPZ1JQFMJOF
w $POUJOVPVT*OUFHSBUJPO
w $POUJOVPVT%FMJWFSZ
w %FQMPZ4USBUFHZ
w /8'BVMU*OKFDUJPO
w 4QPU*OTUBODF
w $JSDVJU#SFBLFS
w 5ISPUUMJOH
w 7.$POUBJOFS1MBUGPSNPO"84

View Slide

23
Challenges in 2018
Attacks from China
GDPR
Recipe data migration
EKS based staging
Recruitment in UK
Observability
Full containerization
23
Spot instances
Expense reduction
Toil analysis automation

View Slide

Paving Roads for Autonomous Teams
24

View Slide

Paving Roads for Autonomous Teams
25
• Challenge 1: Organization Transformation for Greater Autonomy
• Challenge 2: Feasible Self-service for Autonomous Teams

View Slide

Challenge 1
Organization Transformation for Greater Autonomy
26

View Slide

Organization Transformation for Greater Autonomy
27
• Tipping Points for Autonomous Teams
• Organization Transformation: Chapter and Squad
• Development style change for new team structure
• Necessity of shared responsibility for service availability
Challenge1: Organization Transformation for Greater Autonomy

View Slide

Tipping Points for Autonomous Teams
28
• Cookpad employees in UK
• 2016: 5 people
• 2017: 50 people
• 2018: 100 people
8FC
J04
"OESPJE
2"
43&
1.
.-
Team structure in 2016, 2017

View Slide

29
lines =
n(n − 1)
2

View Slide

30
lines =
n(n − 1)
2
Communication cost ↑

View Slide

Organization Transformation: Chapter and Squad
31
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
43&
Chapter
1. 1. 1.
Product Squad
.-
Cross-platform Squad
ɾɾɾ
8FC
J04
"OESPJE
2"
43&
1.
.-
After
Before

View Slide

32
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
43&
Chapter
1. 1. 1.
Product Squad
.-
ɾɾɾ
8FC
J04
"OESPJE
2"
43&
1.
.-
After
Before

View Slide

33
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
43&
Chapter
1. 1. 1.
Product Squad
.-
ɾɾɾ
8FC
J04
"OESPJE
2"
43&
1.
.-
After
Before

View Slide

1
34
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
8FC
J04
"OESPJE
2"
43&
Chapter
1. 1. 1.
Product Squad
.-
ɾɾɾ
8FC
J04
"OESPJE
2"
43&
1.
.-
After
Before
Conway's law …
http://www.melconway.com/Home/Conways_Law.html

View Slide

Development style change for new team structure
35
• Architecture of new feed
• New development styles
Challenge1: Organization Transformation for Greater Autonomy > Development style change for new team structure

View Slide

Architecture of new feed
36
Message broker
Main
API
Cache
Feed

API
DB
Complete feed json/html
Cache
DB
GET /user_id/feed
List of activity primary keys in order, paginated

View Slide

Architecture of new feed
37
Message broker
Main

API
Cache
Feed

API
DB
Complete feed json/html
Cache
DB
New components developed by a squad
GET /user_id/feed
List of activity primary keys in order, paginated

View Slide

New development styles (Partial release in production)
38
# WIP code for new notiﬁcation system
# https://github.com/cookpad/xxxxxx-squad/issues/yyyyyy
Rollout.add :notiﬁcation_center, owner: "xxxxxx-squad" do
# @developer_a, @developer_b, @developer_c, @developer_d, @developer_e
Current.user&.id&.in?([AAAAAA, BBBBBB, CCCCCC, DDDDDD, EEEEEE])
end
• Feature toggle (application level control)
• Prototype environment (platform level control)

View Slide

New development styles (Partial release in production)
39
# WIP code for new notiﬁcation system
# https://github.com/cookpad/xxxxxx-squad/issues/yyyyyy
Rollout.add :notiﬁcation_center, owner: "xxxxxx-squad" do
# @developer_a, @developer_b, @developer_c, @developer_d, @developer_e
Current.user&.id&.in?([AAAAAA, BBBBBB, CCCCCC, DDDDDD, EEEEEE])
end
• Feature toggle (application level control)
• Prototype environment (platform level control)
Only users know answers

View Slide

Feed was successful feature?
40
• Yes, feed was one of the most successful features in 2018
• New architecture
• New technology stack
• 100% release in production in short time

View Slide

41
Why feed was successful?
• A lot of trials, failures and improvements in short term
• Developers had power and responsibility for feature developments
• Feed was developed from scratch
• Developers could choose appropriate technology
• Introduce Streamy, Karafka (stream app frameworks)
• Test Kafka, RabbitMQ, SQS, Kinesis (message brokers)

View Slide

42
Rapid prototyping was successful

View Slide

43
On the other hand …

View Slide

Necessity of shared responsibility for service availability
44
Challenge1: Organization Transformation for Greater Autonomy > Necessity of shared responsibility for service availability

View Slide

Necessity of shared responsibility for service availability
45
Too many errors SREs cannot understand…

View Slide

46
%FWFMPQFST`IBQQJOFTT
43&T`IBQQJOFTT
OFXQSPEVDU
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
OFXQSPEVDU
Happiness Quadrant (release new feed)

View Slide

47
43&T`IBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
UPVHIFYQFSJFODFT
OFXQSPEVDU

View Slide

48
43&T`IBQQJOFTT
UPVHIFYQFSJFODFT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
OFXQSPEVDU

View Slide

49
43&T`IBQQJOFTT
UPVHIFYQFSJFODFT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
OFXQSPEVDU
Happiness Quadrants (Release new feed)

View Slide

50
43&T`IBQQJOFTT
UPVHIFYQFSJFODFT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
OFXQSPEVDU
Happiness Quadrants (Release new feed)
Not sustainable …

View Slide

51
Why this situation happen?
• No concepts of shared responsibility for service availability

View Slide

52
(WIP) Shared responsibility as Autonomous Teams
• Shared responsibility for organization sustainability
• Reach consensus of service availability for each feature
• Targets decided by product owners
• Higher quality in emergency notiﬁcations
• Alert handling by appropriate people
• Another organization transformation based on ideal tech & business architectures

View Slide

53
• Shared responsibility for organization sustainability
• Reach consensus of service availability for each feature
• Targets decided by product owners
• Higher quality in emergency notiﬁcations
• Alert handling by appropriate people
• Another organization transformation based on ideal tech & business architectures
Inverse Conway Maneuver …
(WIP) Shared responsibility as Autonomous Teams

View Slide

Challenge 2
Feasible Self-service for Autonomous Teams
54

View Slide

Feasible Self-service for Autonomous Teams
55
• Four Important Keys for Successful Autonomous Teams
• Feasible Self-service for Developers
• Our focused scope
• Full-containerization
• No ssh debugging
Challenge2: Feasible Self-service for Autonomous Teams

View Slide

Four Important Keys for Successful Autonomous Teams
56
• Discipline: Common rules in organization
- Technology stack, team structure
• Freedom: Ownership for individual developments
- Small team, technology selection, system design
• Responsibility: Commitments for whole software life cycle
- Design, implementation, test, deploy, service availability monitoring
• Optimization: Best practices for product developments
- Logging and monitoring system, Deploy pipeline

View Slide

57

View Slide

58

View Slide

59

View Slide

60
- Logging and monitoring system, deploy pipeline, feature toggle

View Slide

61
Organization strategy matter

View Slide

62
Organization strategy matter
Strong leaderships
across tech and business are essential

View Slide

63
SRE squad can contribute

View Slide

64
SRE squad can contribute
Optimized self-service mechanisms providing
company-wide best practices in SRE

View Slide

Feasible Self-service for Developers
65
• Low learning cost
• e.g: Are you sure that developers are happy to learn and maintain k8s yaml?
• Secure and painless operations in production
• e.g: Are experiences provided by SREs comfortable and secure for developers?

View Slide

Our focused scope
66
• Full-containerization
• No ssh debugging

View Slide

67
Full-containerization

View Slide

Pros of Applications on Container Platform
68
• Developers can control software version upgrade timing
• SREs don’t want to maintain legacy VM based service platform
• Application of in-house tools and company-wide best practices
• Auto Scaling
• Cost optimization (spot ﬂeets)
• Container apps deployment tool (hako)
• Centralized developer console (hako-console)
• Easy service mesh integration
• etc …
• Immutable infrastructure
• version controlled applications and infrastructures
• No conﬁguration drifts
Challenge2: Feasible Self-service for Autonomous Teams > Full-containerization

View Slide

Pros of Applications on Container Platform
69
• Developers can control software version upgrade timing
• SREs don’t want to maintain legacy VM based service platform
• Application of in-house tools and company-wide best practices
• Auto Scaling
• Cost optimization (spot ﬂeets)
• Container apps deployment tool (hako)
• Centralized developer console (hako-console)
• Easy service mesh integration
• etc …
• Immutable infrastructure
• version controlled applications and infrastructures
• No conﬁguration drifts

View Slide

Development Lead Time
70

View Slide

71
%FW
43&

View Slide

72
72

View Slide

73
73
Gaps between Devs & SREs …

View Slide

Happiness Quadrant (Software Upgrade without container)
74
43&T`IBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
6OQSPEVDUJWFUBTLT /FXTPGUXBSFWFSTJPO

View Slide

75
43&T`IBQQJOFTT
#MPDLFEUJNFFYQFSJFODF
/FXTPGUXBSFWFSTJPO
/FXTPGUXBSFWFSTJPO
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
6OQSPEVDUJWFUBTLT

View Slide

76
43&T`IBQQJOFTT
5PUBMIBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ

View Slide

77
43&T`IBQQJOFTT
5PUBMIBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
(SFBUNFDIBOJTNNJHIUQVUUIF
WFDUPSPOUPUIFTURVBESBOUʜ

View Slide

Happiness quadrant (Software Upgrade without container)
78
43&T`IBQQJOFTT
5PUBMIBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
(SFBUNFDIBOJTNNJHIUQVUUIF
WFDUPSPOUPUIFTURVBESBOUʜ
Run all stateless applications
on container clusters

View Slide

Progress of Full-containerization in Global
79

View Slide

Progress of Full-containerization in Global
80
17/18 apps are running on containers
(94 % is completed)

View Slide

81
81
%FW

View Slide

82
82
5IFEBUF3VCZXBTSFMFBTFE %FDUI

%FWFMPQFSTDBODPOUSPM3VCZWFSTJPOTXJUIPVU43&T`TVQQPSUT
%FW

View Slide

83
43&T`IBQQJOFTT
USBJOJOHDPTU
MFBSOJOHDPTU
/FXTPGUXBSFWFSTJPO
/FXTPGUXBSFWFSTJPOPQFSBUJPOBMDPTUSFEVDUJPO
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
Happiness Quadrant (Software Upgrade with container)

View Slide

84
43&T`IBQQJOFTT
5PUBMIBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ

View Slide

85
43&T`IBQQJOFTT
5PUBMIBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
Win - Win

View Slide

86
43&T`IBQQJOFTT
5PUBMIBQQJOFTT
IBQQZ
IBQQZ
VOIBQQZ
VOIBQQZ
Plus, SREs can focus on container platform
(more best practices can be introduced)

View Slide

Challenge2: Feasible Self-service for Autonomous Teams > No ssh debugging
SSH
SSH
87
No ssh debugging

View Slide

Cons of Applications on Container Platform
88
• Additional Complexities for Developers
• Lack of tools cause chaos

View Slide

89
• Lack of tools create chaos
SFGIUUQTTQFBLFSEFDLDPNUBLBOBCFDIBMMFOHFTGPSHMPCBMTFSWJDFGSPNBQFSTQFDUJWFPGTSF TMJEF

View Slide

90
• Lack of tools create chaos
SFGIUUQTTQFBLFSEFDLDPNUBLBOBCFDIBMMFOHFTGPSHMPCBMTFSWJDFGSPNBQFSTQFDUJWFPGTSF TMJEF
Already Enough ?

View Slide

91

View Slide

92
• Lack of tools cause chaos
• No ssh debugging systems for Global team
• Granular and chronological order metrics dashboard
• Container optimized New Relic agent deployment
• Short-term log collection
• Safe rails console for container

View Slide

93
$POUBJOFST
4IPSUUFSN
5%#
-POHUFSN
5%#
*OqVY%#
1SPNFUIFVT
%FWFMPQFS
EPXOTBNQMJOH
FYQPSUNFUSJDT
(SBGBOB
5JNFTFSJFT%BUBCBTF
6TFS*OUFSGBDF
Granular and chronological metrics dashboard

View Slide

94
Granular and chronological metrics dashboard
• Before
• We cannot dig errors caused by spike resource saturations
• After
• We can recognize errors caused by spike resource saturations
• We can judge that errors should be ﬁxed soon or not

View Slide

Container optimized New Relic agent deployment
95
$POUBJOFS
TIBSFENFNPSZ BHFOUTUBSUqBH

IUUQBQQ@OFX@SFMJDTUBSU
"11 SBDLOFX@SFMJDTUBSUFS
IBLPQBSUJBSFMJD 
FYFDDPOTVMMPDL


View Slide

Container optimized New Relic agent deployment
96
• Before
• ECS cannot deploy a New Relic agent to a speciﬁc container ( We want to save )
• Agents are gone when containers are killed accidentally
• After
• ECS can deploy a New Relic agent to a container
• Distributed locking via `consul lock` sidecar
• Rack middleware that provides an endpoint to start the New Relic agent
• Agents are launched in a container when agent start ﬂag exists on shared memory

View Slide

Short-term log collection
97
$POUBJOFST
4IPSUUFSN
MPHTFBSDI
-POHUFSN
MPHTFBSDI
4 "UIFOB

&MBTUJDTFBSDI
FYQPSUMPHT
IBLPDPOTPMF
-PHTFBSDI
6TFS*OUFSGBDF
,JCBOB
%FWFMPQFS
FYQPSUMPHT

View Slide

Short-term log collection
98
• Before
• Developers have to wait for few minutes to search logs
• After
• Developers can check logs nearly real-time

View Slide

Safe rails console for container
99
$POUBJOFST &YQPSUBVEJUMPHT
USBQEPPSDPOTPMF
6TFS*OUFSGBDF
4MBDL
USBQEPPSBHFOU
"11 *OUFSBDUJWFDPNNVOJDBUJPO 
WJB8FC4PDLFU
%FWFMPQFS
.BOBHFBDDFTT
QSJWJMFHFT
"[VSF"%
USBQEPPSQSPYZ
#JOFYFD
*OUFSBDUJWFDPNNVOJDBUJPO 
WJB8FC4PDLFU
EBUBPOMZDPOUBJOFS


View Slide

Safe rails console for container
100
• Before
• Developers ssh to servers and run `rails -c` (Sometimes `rails -c -s`)
• Developers can run write queries in production ( historical technical debt )
• After
• Developers can use REPL via web browser with safe options selected by SREs
• Developers can only run read queries on designated database instance

View Slide

Safe rails console for container (before)
101
takayuki-watanabe@ssh-accepatable-host-xxx:~$ date
Thu Apr 19 10:53:28 UTC 2018
takayuki-watanabe@ssh-accepatable-host-xxx:~$ htop
PID USER PRI NI VIRT RES SHR S CPU% MEM% TIME+ Command
[snip]
31817 cookpad 20 0 794M 129M 188 R 93.7 1.7 1923h ruby bin/rails console production -s
8773 cookpad 20 0 734M 165M 152 R 91.7 2.2 1800h ruby bin/rails console production -s
8107 cookpad 20 0 959M 734M 14228 R 83.7 9.8 40h01:04 ruby bin/rails c production
[snip]


View Slide

Safe rails console for container (after)
102

View Slide

Safe rails console for container (after)
103
Feasible Self-service make product
development reliable and autonomous !!

View Slide

Recap
104
• What is Cookpad Global ?
• Role of Site Reliability Engineers
• Paving Roads for Autonomous Teams
- Challenge 1: Organization Transformation for Greater Autonomy
- Challenge 2: Feasible Self-service for Autonomous Teams

View Slide

105
Thank you !!
([email protected])

View Slide

Challenges for Global Service from a Perspective of SRE 2nd season

Challenges for Global Service from a Perspective of SRE 2nd season

Takayuki WATANABE (渡辺喬之)

More Decks by Takayuki WATANABE (渡辺喬之)

Other Decks in Technology

Featured

Transcript

Challenges for Global Service from a Perspective of SRE 2nd season

Challenges for Global Service from a Perspective of SRE 2nd season

Takayuki WATANABE (渡辺 喬之)

More Decks by Takayuki WATANABE (渡辺 喬之)

Other Decks in Technology

Featured

Transcript

Takayuki WATANABE (渡辺喬之)

More Decks by Takayuki WATANABE (渡辺喬之)