how we run graphql apis in production on our own
play

How we run GraphQL APIs in production on our (own) Kubernetes - PowerPoint PPT Presentation

Nov 27, 2022 •434 likes •898 views

How we run GraphQL APIs in production on our (own) Kubernetes cluster @ @ultrabug Gentoo Linux developer PSF contributing member CTO at Numberly Couldnt you have more buzz words in your talk title? Previous workflow and its limitations

  2. How we run GraphQL APIs in production on our (own) Kubernetes cluster @

  3. @ultrabug Gentoo Linux developer PSF contributing member CTO at Numberly

  4. Couldn’t you have more buzz words in your talk title?

  5. Previous workflow and its limitations

  6. Code repositories Configuration repositories Continuous Integration Code reviews

  7. Code repositories Configuration repositories Continuous Integration Code reviews YAML configuration file

  8. Code repositories Configuration repositories Continuous Integration Code reviews YAML configuration file

  9. Code repositories Configuration repositories Continuous Integration Code reviews YAML configuration file

  10. Code repositories Configuration repositories Continuous Integration Code reviews ansible YAML configuration file

  11. Code repositories SSL offloading Configuration repositories Continuous Integration Code reviews ansible YAML configuration file

  12. Code repositories SSL offloading Configuration repositories Continuous Integration Code reviews ansible YAML configuration file

  13. Why Kubernetes?

  14. ur own bare-metal Kubernetes cluster

  15. Methodology n o i t p o d g n a n e o r i t s i e l t r i o t a o t o r s t p e u t n p p l e e c u x m h s e e t u r d e n a c n t b o o a u d a e b r d i e e d r i t t t l c i s i s u e r o i W D D B F 1 2 3 4 5 3 4 5

  16. A bare-metal Kubernetes cluster? - Package it to deeply know what’s it’s made of and how it works - Automate installation, configuration, provisioning… everything!

  17. Developer-driven

  18. OpenID authentication Developer goes to internal kubeconfig URL ● Login using usual Google Suite account (openID) + free MFA (Yubikey) ● Download Kubeconfig ● Welcome to Kubernetes! ●

  19. Gitlab based authorization - Gitlab based RBAC + Pod Security Policy since day 1 - 1 namespace = 1 team - Open sourced gitlab2rbac: https://github.com/numberly/gitlab2rbac

  20. Cluster capabilities and choices - Gitlab registry for our Docker containers - Ensure only whitelisted images can be deployed - runAsNonRoot + strict Network Policies enforced - Ingress using nginx-ingress with fully automated LetsEncrypt certificate lifecycle - Multi-tenant cluster supporting all environments (production, staging, development) - Special “sandbox” namespace to test things: - No distributed persistent storage yet -

  21. A workflow-oriented documentation

  22. Foster and scale Kubernetes adoption We created an internal Kubernetes Certification To make sure that in every team someone can help with Kubernetes ● ● To help everyone identify who can support them when they need a Kubernetes expert To value the expertise of members of our teams ●

  23. T ke Away

  24. T ke Away Gitlab for RBAC and image registry + Kubernetes = gitlab2rbac ● Balance security vs freedom: not opposed all the time! ● Enforce security and QA rules from the start ● ○ TODO: work on admission controller to enforce whitelisted images only ● Ops concentrate on features that are immediately available to all devs TODO: automate F5 ingress SSL setup for public services ○ Practical and useful docs are key ● Spread expertise to foster and scale adoption ● ○ TODO: create more certification levels

  25. Our Kubernetized workflow

  26. Moved to k8s secrets Code repositories SSL offloading Configuration repositories Continuous Integration Code reviews ingress- Users roles = k8s RBAC Groups = k8s namespaces Docker image registry Needs Dockerfile YAML kubernetes deployment

  27. Let’s build a GraphQL app on Kubernetes!

  28. Demo app: Trello REST API to GraphQL GraphQL REST

  29. Demo app: Trello REST API to GraphQL GraphQL + = ? REST

  31. Demo app: Trello REST API to GraphQL GraphQL + REST

  32. Tartiflette main features Python 3.6+ ● Schema First (SDL) ● Built on AsyncIO ● aiohttp integration ● Embedded GraphiQL development web interface ● Tastes even better than it smells (AKA developer friendly) ●

  33. Schema Definition Language

  34. 1 GraphQL request = x REST requests These edges will resolve in multiple REST API calls 1 GraphQL call = multiple REST calls

  35. resolved edge with full objects 1x 2x 'idBoards': [ '5d1f33e746ea0a8020560465' , '5d1f341e82d5a37d0efb97b1' ]

  36. Show me some code: aiohttp app definition Resolver functions Generic SDL

  37. Show me some code: GraphQL resolvers Root query resolver Edge resolver

  38. #shipit

  39. Dockerfile: multi-stage build Full python3.7 build image Slim python3.7 run image

  40. Build + Image tag = git branch + Upload to Gitlab registry Git branch workflow ● development staging ● ● master + git tag = production

  41. To Kubernetes! Security Automated Let’s Encrypt SSL

  42. Quick demo

  44. T ke Away

  45. T ke Away GraphQL removes friction by normalizing how data is addressed between teams ● Schema Definition Language lets you concentrate on the data, not the code ● Tartiflette is a modern, fast and efficient way of doing Python + GraphQL ● Workflow for environment deployment based on git branches ● ○ TODO: challenge environment multi-tenancy of the cluster later ● Kubernetes secrets + environment variables to store and access secrets TODO: generalize vault ○ Kubectl is powerful: give that power to developers! ● ○ TODO: allow some abstraction tools when adoption is higher if needed

  46. Thanks! @ultrabug https://github.com/ultrabug/ep2019

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GRAPHQL Josh Price @joshprice STEPPING STONES TO FP Language (Elixir) Strongly-Typed APIs

GRAPHQL Josh Price @joshprice STEPPING STONES TO FP Language (Elixir) Strongly-Typed APIs

The Future of the Realtime Web BETTER APIS WITH GRAPHQL Josh Price @joshprice STEPPING STONES TO FP Language (Elixir) Strongly-Typed APIs (GraphQL) GRAPHQL WAS HERE? http://whiteafrican.com/2008/05/12/crossing-the-mapping-chasm/ A

1.31k views • 96 slides
GraphQL in Python and Django Patrick Arminio @patrick91 Who am I Patrick Arminio Backend

GraphQL in Python and Django Patrick Arminio @patrick91 Who am I Patrick Arminio Backend

GraphQL in Python and Django Patrick Arminio @patrick91 Who am I Patrick Arminio Backend Engineer @ Verve Chairperson at Python Italia @patrick91 online GraphQL? WEB 1.0 WEB 2.0 REST APIs While REST APIs are good, they

1.55k views • 131 slides
Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin

Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin

Build Scalable APIs using GraphQL and Serverless @simona_cotin @simona_cotin @simona_cotin JS @simona_cotin @simona_cotin @simona_cotin @simona_cotin a data-fetching API powerful enough to describe all of Facebook -Lee Byron

756 views • 60 slides
Developing GraphQL APIs in Django using Graphene By Nisarg Shah Nisarg Shah Crazy Developer

Developing GraphQL APIs in Django using Graphene By Nisarg Shah Nisarg Shah Crazy Developer

Developing GraphQL APIs in Django using Graphene By Nisarg Shah Nisarg Shah Crazy Developer HELLO! Undergrad CS Student Software Developer at Tweetozy Co-creator of CoursesAround CONNECT WITH ME! iamnisarg.in nisarg1499 nisargshah14

929 views • 40 slides
Defjning Property Graph Schemas using the GraphQL Schema Defjnitjon Language Olaf Hartjg

Defjning Property Graph Schemas using the GraphQL Schema Defjnitjon Language Olaf Hartjg

Defjning Property Graph Schemas using the GraphQL Schema Defjnitjon Language Olaf Hartjg @olafiartjg What is GraphQL? State-of-the art approach to create Web APIs to retrieve data for Web and mobile applications Alternative to the

470 views • 14 slides
Caching GraphQL: Approaches to automate caching data for GraphQL Tanmai Gopal | @tanmaigo

Caching GraphQL: Approaches to automate caching data for GraphQL Tanmai Gopal | @tanmaigo

Caching GraphQL: Approaches to automate caching data for GraphQL Tanmai Gopal | @tanmaigo Hasura GraphQL engine Instant realtime GraphQL on Postgres Connect to services & get a unified GraphQL API HASURA Runs as a docker container in

512 views • 19 slides
Serverless GraphQL Howdy! Im Jared Short Director of Innovation @ @shortjared GraphQL A

Serverless GraphQL Howdy! Im Jared Short Director of Innovation @ @shortjared GraphQL A

Serverless GraphQL Howdy! Im Jared Short Director of Innovation @ @shortjared GraphQL A query language for your API, and a runtime for executing the queries Why GraphQL One endpoint for your API Can provide an easy to understand

359 views • 35 slides
A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa!

A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa!

A realtime GraphQL backend as a compiler in Haskell http://bit.ly/graphql-haskell Heippa! Tanmai Gopal @tanmaigo http://bit.ly/graphql-haskell Contents 1. The compiler approach 2. Compiler pipeline a. Parse b. GraphQL AST c.

467 views • 21 slides
GraphQL with Python frameworks GraphQL with Python frameworks Create next-generation API with

GraphQL with Python frameworks GraphQL with Python frameworks Create next-generation API with

27.09.2018 reveal.js GraphQL with Python frameworks GraphQL with Python frameworks Create next-generation API with ease Bartosz Kazua http://0.0.0.0:8080/?print-pdf 1/56 27.09.2018 reveal.js About About mua mua Frontend/Backend/Mobile

573 views • 56 slides
GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric

GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric

GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric Tanter Millennium Institute Foundational Research on Data Certified Programs and Proofs New Orleans, USA January 2020 GraphQL Clases de ctedra

640 views • 52 slides
Beyond REST: Courseras Journey to GraphQL Bryan Kane @bryanskane bryan-coursera

Beyond REST: Courseras Journey to GraphQL Bryan Kane @bryanskane bryan-coursera

Beyond REST: Courseras Journey to GraphQL Bryan Kane @bryanskane bryan-coursera Chapter One Site speed issues Chapter Two Intro to GraphQL Chapter Three Migrating to GraphQL Chapter Four Learnings and retrospective 4

1.1k views • 77 slides
HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA

HOW TO AUTH: SECURE A GRAPHQL API WITH CONFIDENCE MANDI WISE | GRAPHQL SUMMIT 2020 AGENDA Authentication Authorization Federation GRAPHQL SUMMIT 2020 AUTH AUTHENTICATION AUTHORIZATION YOU ARE WHO YOU SAY YOU ARE YOU CAN DO WHAT YOU WANT

347 views • 23 slides
APIs 2015 Exploration and Production Winter Standards Meeting Emerging Technologies Branch

APIs 2015 Exploration and Production Winter Standards Meeting Emerging Technologies Branch

APIs 2015 Exploration and Production Winter Standards Meeting Emerging Technologies Branch Systems Reliability Section Evaluations 27 JAN 2015 BSEE: Mission To promote safety, protect the environment, and conserve resources offshore

218 views • 17 slides
Client-Server Communication with GraphQL Web Engineering , Guest lecture, 188.951 2VU SS20 Erik

Client-Server Communication with GraphQL Web Engineering , Guest lecture, 188.951 2VU SS20 Erik

Client-Server Communication with GraphQL Web Engineering , Guest lecture, 188.951 2VU SS20 Erik Wittern | erikwittern@gmail.com | @erikwittern | wittern.net May 18 th 2020 Learning goals What actually is GraphQL, and how came it about?

584 views • 26 slides
Semi-Automa+cally Modeling Web APIs to Create Linked APIs

Semi-Automa+cally Modeling Web APIs to Create Linked APIs

Semi-Automa+cally Modeling Web APIs to Create Linked APIs Mohsen Taheriyan, Craig A. Knoblock, Pedro Szekely, and Jose Luis Ambite USC Information

321 views • 28 slides
AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used

AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used

AM-2 NIE API Gateway in NIE Who uses the APIs now and how is the adoption rate? The APIs are used by our faculty, our corporate mobile app users, corporate systems and students, the adoption rate is growing healthy at a steady rate. We are moving

452 views • 17 slides
Warehouse Operations Pallet Rack Replenish Block Stacking (20 lanes) Forward Picking Reserve

Warehouse Operations Pallet Rack Replenish Block Stacking (20 lanes) Forward Picking Reserve

Warehouse Operations Pallet Rack Replenish Block Stacking (20 lanes) Forward Picking Reserve A-Frame Horizontal Storage Order Bin Shelving and Dispenser Carousel Picking Storage Drawers Order Picking (2 pods) Double-Deep Pallet

238 views • 20 slides
Will My Patch Make It? And How Fast? Yujuan Jiang, Bram Adams (MCIS, Polytechnique Montral)

Will My Patch Make It? And How Fast? Yujuan Jiang, Bram Adams (MCIS, Polytechnique Montral)

Will My Patch Make It? And How Fast? Yujuan Jiang, Bram Adams (MCIS, Polytechnique Montral) Daniel M. German (University of Victoria ) 1 Monday, 3 June, 13 I do hold out hope that Google does come around and works to fix their codebase to

1.05k views • 57 slides
Simulation-time data analysis and I/O acceleration at extreme scale with GLEAN Venkatram

Simulation-time data analysis and I/O acceleration at extreme scale with GLEAN Venkatram

Simulation-time data analysis and I/O acceleration at extreme scale with GLEAN Venkatram Vishwanath, Mark Hereld and Michael E. Papka Argonne Na<onal Laboratory venkatv@mcs.anl.gov

243 views • 12 slides
gUSE Data Staging kos Hajnal, Istvn Mrton, Peter Kacsuk

gUSE Data Staging kos Hajnal, Istvn Mrton, Peter Kacsuk

gUSE Data Staging kos Hajnal, Istvn Mrton, Peter Kacsuk The workflow The workflow to illustrate data exchange between jobs potenFally -

202 views • 6 slides
How we un-scattered our DNS setup and unlocked new automation options Dan Ldtke Technical

How we un-scattered our DNS setup and unlocked new automation options Dan Ldtke Technical

How we un-scattered our DNS setup and unlocked new automation options Dan Ldtke Technical Lead SRE @ eGym GmbH Make the gym work for everyone! Digital strength machines "Fitness Cloud" Unify training data

448 views • 32 slides
7th Street Bridge CAG Meeting July 30, 2014 1 Agenda for Todays CAG 10:00-12:00

7th Street Bridge CAG Meeting July 30, 2014 1 Agenda for Todays CAG 10:00-12:00

7th Street Bridge CAG Meeting July 30, 2014 1 Agenda for Todays CAG 10:00-12:00 Housekeeping and introductions Judith Buethe Welcome and project update - David Leamon, PE/Hans Strandgaard, PE Revised project alternatives

698 views • 57 slides
Plan for today Team Assignments Another OpeningAnother show Checkpoint Deliveries

Plan for today Team Assignments Another OpeningAnother show Checkpoint Deliveries

Plan for today Team Assignments Another OpeningAnother show Checkpoint Deliveries Team Assignments Announcement Announcement Local student SIGGRAPH chapter Casey Reas, creator of processing will be at RIT All

232 views • 8 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 14

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 14

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 14 CS6 Practical System Skills Fall 2019 Leonhard Spiegelberg lspiegel@cs.brown.edu Official git book: https://git-scm.com/book/en/v2 Atlassian

1.11k views • 53 slides

More recommend