Learning Serverless Design, Develop, and Deploy with Confidence (Jason Katzer) (Z-Library)

📄 File Format: PDF

💾 File Size: 10.6 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

Jason Katzer Learning Serverless Design, Develop, and Deploy with Confidence

📄 Page 2

(This page has no text content)

📄 Page 3

Praise for Learning Serverless “In this book, Jason covers every important aspect of serverless architecture. Simply put, if you’re working on or planning to work on serverless—this is the book for you!” —Erez Berkner, CEO at Lumigo “Serverless adoption is growing significantly. Jason Katzer’s book offers an important overview of what developers need to learn, and what challenges they’ll have to overcome, to become productive with serverless.” —Vadym Kazulkin, Head of Technology Strategy at ip.labs “Capital One leverages serverless architecture throughout our organization. Knowing when, when not, and how to manage serverless at scale is a must-have tool for any technology leader in the modern world.” —Jason Valentino, Senior Director and Head of Engineering, Capital One Shopping

📄 Page 4

(This page has no text content)

📄 Page 5

Jason Katzer Learning Serverless Design, Develop, and Deploy with Confidence Boston Farnham Sebastopol TokyoBeijing

📄 Page 6

978-1-492-05701-7 [LSI] Learning Serverless by Jason Katzer Copyright © 2021 Versa Labs LLC. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editor: Jennifer Pollock Development Editor: Sarah Grey Tech Editor: Right Touch Editing Production Editor: Deborah Baker Copyeditor: Sonia Saruba Proofreader: Piper Editorial, LLC Indexer: nSight, Inc. Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Kate Dullea November 2020: First Edition Revision History for the First Edition 2020-10-28: First Edition See http://oreilly.com/catalog/errata.csp?isbn=9781492057017 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning Serverless, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the author, and do not represent the publisher’s views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.

📄 Page 7

Table of Contents Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Introduction to Serverless. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part I. The Path to Production 1. Distributed Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 What Is a Distributed System? 1 Why Do We Want a Distributed System? 3 The Harsh Realities of Distributed Systems 3 The Physical World 4 Missing Messages 4 Unreliable Clocks 5 Cascading Failures 6 Unexpected Ordering 7 Idempotency 7 What Am I Responsible For? 8 What Do You Need to Consider When Designing a Distributed System? 8 Loose Coupling (or Decoupling) 9 Fault Tolerance 9 Generating Unique (Primary) Keys 10 Planning for Idempotency 10 Two-Phase Changes 11 Further Reading 11 Conclusion 12 v

📄 Page 8

2. Microservices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Why Do You Want to Use Microservices? 14 Improved Developer Velocity 14 Increased Developer Freedom 15 Issues with Microservices 16 Increased Complexity 16 Proper DevOps Practices and Resources Needed 17 Challenges with Local Development and Testing 17 How Do You Use Microservices Effectively? 18 Consistent Interfaces 18 Loosely Coupled 19 How Micro Is a Microservice? 20 Choosing Between Monoliths and Microservices 21 When Should You Use a Monolith? 21 When Do You Want to Use Microservices? 24 Conclusion 24 3. Serverless Architecture and Patterns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 The Role of an Architect 26 What Do You Need to Know to Be an Architect? 27 Making Decisions 27 What Kinds of Decisions? 28 Documenting Your Decisions 28 How Do We Make Decisions? 29 When Do We Make Decisions? 30 Cloud Provider Components 31 Streams 31 Queues 31 Buckets 32 Compute 33 Datastores 33 Identity Service 34 API Gateways 34 GraphQL 35 Networking 35 State Machines 35 Logging 36 Monitoring and Alerting 36 Events from Your Cloud Provider 37 Periodic Invocations 37 Patterns 38 Example 1: Serverless Monolith 38 vi | Table of Contents

📄 Page 9

Example 2: Incoming Webhook 39 Example 3: Using Your Cloud Provider for User Authentication 40 Example 4: Generic Background Task Pattern 41 Example 5: Streaming Extract, Transform, Load 41 Example 6: Create Your Own Polling Integration 41 Example 7: Processing Files and Images 42 Example 8: Migration Service Pattern 43 Example 9: Fanning Out 43 Conclusion 44 4. Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Interfaces: Some Assembly Required 46 The Message 46 The Protocol 46 The Contract 46 Serverless Interfaces 47 Automatic Retries and Dead Letter Queues 47 Finite Versus Infinite Scale 48 Designing Your Interfaces 48 Messages/Payloads 49 Sessions and Users/Auth 50 Avoid Unbounded Requests 50 Interface Versus Implementation 51 Lines with Logic 52 Designing the Unhappy Path 52 Validating Input 53 Failures 53 Strategies for Integrating with Other Services 55 Time-Outs 55 Retries 56 Exponential Backoff 57 Webhooks 57 Evaluating External Services 58 Rate Limits 58 Conclusion 59 Part II. The Tools 5. The Serverless Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Why Use the Serverless Framework? 64 When the Serverless Framework Isn’t for You 65 Table of Contents | vii

📄 Page 10

AWS Is the Only First-Class Citizen 66 AWS CloudFormation Is Not Perfect 66 Relying on Strangers for Your Infrastructure 66 What to Know Before You Start 67 YAML 68 Node.js 69 Cloud Resources and Permissions 69 Infrastructure Templates 71 Production Secrets 71 .gitignore 71 The Components of a serverless.yml File 72 Provider 72 Environment 74 Functions 74 Resources 75 Package 75 Plug-Ins 76 Custom 77 Namespacing for Sanity and Security 77 Using the serverless Command 78 Installing Serverless 78 Setting Up Serverless with Credentials 79 Pulling in Templates Using serverless install 79 Inspecting the Package of Our Sample Project (What’s Inside) 80 Deployment 80 Invoking the Function, and Viewing Logs 81 Rollbacks 81 Destroying the Service 81 Deployment Packages 82 Real-World serverless.yml 82 Setting Environment Variables 83 Modify Permissions 83 Conclusion 84 6. Monitoring, Observability, and Alerting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 What Is Monitoring? 85 Why Do We Need Monitoring? 86 How Does Monitoring Relate to Serverless? 86 The On-Ramp to Automation 87 What Are My Options? 87 Hosted SaaS Offerings 88 Self-Hosted and Open Source 88 viii | Table of Contents

📄 Page 11

Components of Monitoring 89 Metrics 89 Charts/Graphs 93 Dashboards 94 Alerts/Alarms 95 A Selection of Advanced Practices 96 Heartbeats 96 Smoke Testing and/or Canaries 97 The Most Important Metric in the World 98 Avoiding Vendor Lock-In 99 Cleaning Up Metrics and Alerts over Time 100 Conclusion 100 7. Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 What Does It Mean to Log? 102 Why Log? 103 When to Rely on Logs Instead of Metrics 104 What Should You Log? 104 What Shouldn’t You Log? 106 How Does Logging Work? 107 Ensuring Your Logs Scale 108 Structured Logging 109 More Effective Debugging with Logs 109 Searching Logs 110 Exception Logging (Sentry) 110 Collecting Other Logs 111 Compliance 111 Distributed Tracing 112 Encrypting Logs for Privacy and Compliance 112 Encrypt Only the Values of Sensitive Fields 113 Encrypt the Entire Log Statement 113 Conclusion 114 8. Changes, Automation, and Deployment Pipelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Dealing with Change 116 The Role of Automation 116 What Do We Automate? 117 Getting Your Code Ready for Production 118 Infrastructure as Code 119 Database Changes (Migrations) 120 Configuration Management 121 What Is a Pipeline? 122 Table of Contents | ix

📄 Page 12

Decisions to Make Regarding Your Pipeline 123 Canaries and Blue/Green Deployments 123 Pipeline Permissions 124 Why Do You Need a Pipeline? 125 Key Phases of a Deployment Pipeline 125 Step 1. Enforce Standards 126 Step 2. Build and Package 126 Step 3. Test 127 Step 4. Publish the Artifact 127 Step 5. Deploy to the Target Environment 128 Step 6. Validate Deployment 128 Step 7. Roll Back if Necessary (and Possible) 128 Handling Pipeline Failures 129 Conclusion 130 Part III. Concepts 9. Security, Permissions, and Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Everyone Is Responsible, but You Are Especially Responsible 134 Prepare to Be Hacked 135 Understanding Your Threats and Your Attackers 136 Design for Security 137 Limit, Track, and Review All Secrets and Access 139 Be Ready to Roll 140 Defense in Depth 141 Limit Blast Radius 142 Trust but Verify 142 Validate All User Input and Double-Check Those Settings 145 Monitoring Your System for Anomalies 146 Test Your Security 146 Select Dependencies Carefully and Keep Your Software Up to Date 147 Prioritize Privacy for Your Data and Your Customers’ Data 149 Don’t Mess with Production 149 Keep Your Machine Secure 151 Keep Learning 151 Conclusion 151 10. Quality, Testing, and Staging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 The Role of Code Quality 154 Code Style 155 Linting 156 x | Table of Contents

📄 Page 13

Testing 157 What to Test and What Not to Test 158 Types of Testing 158 Code Coverage 163 Power Up Your Testing 164 Staging 164 Conclusion 168 11. Planning for Failure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Introduction: Understand It, Even if You Don’t Manage It 169 Identify Risks 170 Exercise: Finding Your Failure Points 171 Be Prepared 172 Making a Runbook 173 Planning for Outages 174 On-Call/Escalation Plan 175 Monitor Your Cloud Provider 175 Know Your (Service) Limits 176 Conclusion 176 12. Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Deciding among Vendors 178 Community 179 Gather the Advice of Others 179 What to Do When You Get Stuck 180 Taking the Next Step in Your Career 180 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Table of Contents | xi

📄 Page 14

(This page has no text content)

📄 Page 15

This book is dedicated to my loving parents.

📄 Page 16

(This page has no text content)

📄 Page 17

Preface This book will not make you an expert, but it will be an important step of your jour‐ ney—it will put you in the top half of developers. The purpose of this book is to help you understand what’s important, and what you need to learn and improve on in order to level up in your career or ship your next big personal project. About This Book This book is about arming you with the knowledge you need to represent serverless as an important new technology. There are plenty of doubters out there. And there are plenty of zealots. This book is not from any of those, or for any of those. This book is for people who want to write serious software and gain the respect of peers and colleagues by doing it predictably. I didn’t choose to defend serverless. I just chose to ship great software in a way that minimizes maintenance as much as possible. This book will not tell you how to make your use case serverless. Nor should it. This book will tell you how serverless can help you ship amazing software while saving a bunch of time. It will be real and honest with you about where the serverless world stands. If, on the other hand, you already know everything, it will (I hope) reinforce your worldview in a way that you can share with people who “don’t get it.” The goal of this book is to serve as a guide for building maintainable and scalable services through the lens of serverless computing. First, we’ll align ourselves on what it means to build a production system. Then, we’ll discuss knowledge specific to the current world of serverless compute, and the way that you or your team have decided to run your serverless workloads. The underlying ideas and philosophies in the first part of the book are meant to be as timeless as a technical tome can be: plan your software for all edge cases and the real xv

📄 Page 18

world. Use creative thinking and prioritization to spend the appropriate amount of time solving issues that are less likely to occur. I have been fortunate enough to spend time teaching programming. I have taught students of all ages, and even ones who were learning English at the same time as learning programming. Hopefully, these lessons will be shaped by that experience so a 12-year-old would be able to pick up this book and build something amazing. The same goes for someone who is 88. So bear with me as I talk about some concepts in this book that you may already be familiar with. I promise to keep the technical knowledge in this book high, while keeping the barrier to understanding it as low as possible. How This Book Is Organized After numerous conversations with engineers getting started in their careers, review‐ ing hundreds of online tutorials, and talking to users of serverless technologies at conferences, I had a revelation. Most of the information produced and consumed about programming is focused around building systems, but not around operating them. Most of the questions I was being asked after giving a talk on serverless were DevOps questions from those who chose serverless to avoid DevOps in the first place. Serverless may abstract away servers, but it does not abstract away DevOps. You will have to make tough decisions when designing, building, and operating your systems. But if done properly, based on the advice of this book and using serverless when applicable, you can meaningfully minimize frustration and time spent, while maxi‐ mizing your confidence in your systems. To achieve that mission, you may need to round out your knowledge of system design as it applies to building an internet application. You have the innate ability to design your systems so they achieve the desired functionality intentionally instead of acci‐ dentally. This will be done in Part I. In Part II, you’ll walk you through the tools at your disposal to achieve your wildest serverless dreams. You are then ready to build. But before you do, you should read Part III if you intend to launch your creation into any form of production. xvi | Preface

📄 Page 19

Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, email addresses, filenames, and file extensions. Constant width Used for program listings, as well as within paragraphs to refer to program ele‐ ments such as variable or function names, databases, data types, environment variables, statements, and keywords. Constant width italic Shows text that should be replaced with user-supplied values or by values deter‐ mined by context. This element signifies a tip or suggestion. This element signifies a general note. This element indicates a warning or caution. Preface | xvii

📄 Page 20

O’Reilly Online Learning For more than 40 years, O’Reilly Media has provided technol‐ ogy and business training, knowledge, and insight to help companies succeed. Our unique network of experts and innovators share their knowledge and expertise through books, articles, and our online learning platform. O’Reilly’s online learning platform gives you on-demand access to live training courses, in-depth learning paths, interactive coding environments, and a vast collection of text and video from O’Reilly and 200+ other publishers. For more information, visit http://oreilly.com. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 800-998-9938 (in the United States or Canada) 707-829-0515 (international or local) 707-829-0104 (fax) We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at https://oreil.ly/Learning_Serverless. Email bookquestions@oreilly.com to comment or ask technical questions about this book. For news and information about our books and courses, visit http://oreilly.com. Find us on Facebook: http://facebook.com/oreilly Follow us on Twitter: http://twitter.com/oreillymedia Watch us on YouTube: http://www.youtube.com/oreillymedia Acknowledgments First and foremost, I want to thank everyone with whom I have ever had a conversa‐ tion about technology. No single book can contain all the wisdom on developing cloud native applications and workloads. But with the intent of broadening your scope of what that entails, is not achieved by only one person. This book may contain my interpretations, explanations, and attempts at pith, but most revelations offered xviii | Preface