Tout comme le Cloud IaaS avant lui, le serverless promet de faciliter le succès de vos projets en accélérant le Time to Market et en fluidifiant les relations entre Devs et Ops. Mais sa mise en œuvre au sein d’une entreprise reste complexe et coûteuse. Après 2 ans à mettre en place des plateformes managées de ce type, nous partagons nos expériences de ce qu’il faut faire pour mettre en œuvre du serverless en entreprise, en évitant les douleurs et en limitant les contraintes au maximum. Tout d’abord l’architecture technique, avec 2 implémentations très différentes : Kubernetes et Helm d’un côté, Clever Cloud on-premise de l’autre. Ensuite, la mise en place et l’utilisation d’OpenFaaS. Comment tester et versionner du Function as a Service. Mais aussi les problématiques de blue/green deployment, de rolling update, d’A/B testing. Comment diagnostiquer rapidement les dépendances et les communications entre services. Enfin, en abordant les sujets chers à la production : * vulnerability management et patch management, * hétérogénéïté du parc, * monitoring et alerting, * gestion des stacks obsolètes, etc.

1. #breizhcamp
! 2+ years of feedback
#serverless
Adrien Blind, Laurent Doguin,
Laurent Grangeau, Ludovic Piot

2. We gonna talk about…
● Serverless, big deal…
● 3 different ways to talk about serverless
− Oxalide feedback : almost-CaaS avec Kubernetes
− Clever Cloud feedback : You write code, we run IT
− FaaS, a new kid in the block

3. starring…
Adrien Blind
@AdrienBlind
DevOps Evangelist
Docker Captain
Ludovic Piot
@lpiot
DevOps @ Cloud
leader
Laurent Doguin
@ldoguin
Developer
Relations VP
Laurent Grangeau
@laurentgrangeau
Cloud Solution
Architect

4. Introduction to serverless
Introduction
Serverless, a big deal?

5. What does the business wants?
Deliver rapidly and flowly
valuable apps for the business

6. What does the business wants?
Cloud
Agile
DevOps
Microservice
architecture
Deliver rapidly and flowly
valuable apps for the business

7. What do you really want?
On demand
Pay as you go
ElasticCloud
Agile
DevOps
Microservice
architecture
Deliver rapidly and flowly
valuable apps for the business

8. A new kid on the block?

9. A new “cloudy” kid on the block!

10. “Serverless computing is a cloud computing execution model in which the cloud provider dynamically manages
the allocation of machine resources”
- Wikipedia
“Serverless computing refers to the concept of building and running applications that do not require server
management. It describes a finer-grained deployment model where applications, bundled as one or
more functions, are uploaded to a platform and then executed, scaled, and billed in response to the exact demand
needed at the moment.”
- CNCF foundation whitepaper on Serverless
“Serverless architectures refer to applications that significantly depend on third-party services (knows
as Backend as a Service or "BaaS") or on custom code that's run in ephemeral containers (Function as a
Service or "FaaS") [...]. such architectures remove the need for the traditional 'always on' server system sitting
behind an application.”
- Mike Roberts, martinfowler.com (2016)
“If your PaaS can efficiently start instances in 20ms that run for half a second, then call it
serverless.”
- Adrian Cockroft (2016)
A single definition for Serverless?

11. ❏ Dev/App perspective
Arch. design & granularity?
Ephemeral apps?
PaaS pattern?
Mostly all of them!
❏ Ops/platform perspective: infrastructure abstraction
Elastic → autoscaling
On-demand → boot in 20 ms
Pay-as-you-go → Scale to zero
What are we talking about?

12. ❏BaaS, aka Backend-as-a-Service
❏FaaS, aka Functions-as-a-Service
2 major serverless tendencies

13. Cloud: Container as a Service
❏ Portability: containers isolate app/runtimes from subsequent OS
❏ Orchestrators enables to consider a pool of OS as a global resource
❏ Auto-scalability mostly based on infrastructure metrics (CPU)
❏ Pricing model mostly related to subsequent infrastructure used (cluster nodes)
❏ Containers commonly associated to finer app granularity

14. Cloud: Platform as a Service
❏ Application PaaS (aPaaS) pioneer: Google App engine
❏ xPaaS = managed services (DBaaS, object storage, etc.)
❏ Complete abstraction from infrastructure
❏ Pricing model not related to infrastructure
❏ Autoscaling & resilient by design

15. ❏Not a cloud service offer, it’s an architecture concept
❏Build apps directly leveraging on PaaS services
❏ Security paradigms shifts
From perimetric to embedded
Auth/Authz/Cipher everything
Backend-as-a-Service architecture
Authentication
Object Storage
Databases (ex. DynamoDB,
CosmosDB, etc.)

16. ❏ Ephemeral: platform waits requests
FaaS
platform
FaaS compute capacity abstracted from dev perspective
Cloud: FaaS
Client
Gateway
Event
queues

17. ❏ Ephemeral: platform waits requests and
instantiate function on demand, which
“lives” the time to deliver the result: not
always-on!
FaaS
platform
FaaS compute capacity abstracted from dev perspective
Cloud: FaaS
Instanciated
function
(your code)
Gateway
Client
Event
queues

18. ❏ Ephemeral: platform waits requests and
instantiate function on demand, which
“lives” the time to deliver the result: not
always-on!
❏ Dynamic scalability & resilience provided
by the platform: more calls, more
instances
❏ Extremely fine grained pay-per-use on
public cloud: per-call costs
FaaS
platform
FaaS compute capacity abstracted from dev perspective
Cloud: FaaS
Instanciated
function
(your code)
Instanciated
function
(your code)
Instanciated
function
(your code)
Gateway
Client
Event
queues

19. ❏Beware of design constraints applying to your app
❏ Service/function granularity
❏ Stateless services
❏ Small wake up time
❏ No long-running services
❏Deal with function graph calls & orchestration
❏Possible Vendor lock-in: check out serverless.io?
❏Testing → you must deploy on the platform everytime
❏Adapt DevOps practices: monitoring, deployment, versioning...
FaaS constraints

20. All major cloud vendors have products
Alternatively you can deploy your own FaaS framework
You may leverage on existing CaaS and put value on top of it
• Container encapsulation of the function
• Kubernetes orchestration
Cloud: FaaS

21. Serverless key aspects -dev/app perspective
❏ Serverless is an architecture
trend, not just a new cloud
service offer (aka FaaS)
❏ A serverless app is a mashup of
value-added, managed services:
aPaaS, xPaaS, FaaS…
❏ Fits today’s architecture stakes:
cloud native apps, 12 factors...
Devs gain a greater productivity, refocusing on business valuable code

22. Serverless key aspects -ops/ptf perspective
❏ You no longer manage infrastructure
aspects directly:
auto-scalability & resilience provided
by design
❏ Close to NoOps
❏ Cloud promise at its finest
“resolution”
On-demand, Elastic, Pay-Per-Use
Ops gets more efficiency and cost-saving, offloading several concerns
to platform

23. From IaaS to FaaS
Focus on value & better TTM
but support platform constraints
More flexibility, more tuning
capacity… but assume plumbing
Functions
ABSTRACT
FOCUS
INFRA
Microservices
Monoliths
CaaS
IaaS
FaaS
& PaaS

24. Some usecases
❏ Small microservices
❏ Stream processing
❏ IoT / Event-driven-programming
❏ Batch / Scheduled tasks
❏ May even replace some old compute grids ;)

25. Feedback #1 - almost-CaaS with Kubernetes
Feedback #1
almost-CaaS
based upon Kubernetes

26. Taking advantage of public cloud models
On-premise Iaas Paas Caas
RESPONSIBILITIES
Define who’s responsible for
what… overlap might happens.
Cloud provider
Outsourcer
Client
PROPERTY
Cloud platforms are client’s
proprerty.
Governance might be delegate
to outsourcer.
Hypervisor
VM
OS
Libs
conf.
Kernel
HDW
Middleware
conf.
Apps
conf.
Server Storage
Network
Logs / Metrology / Backups
Data
Runtime
conf.
Container
conf.

27. Cross-validation to share knowledge

28. Take advantage of Docker image inheritance
Dev team
Ops team
Container
Apps
Middle
wares
Libs
OS
conf.conf.conf.con
f.
Container
Libs
OS
conf.conf.
Image
Container
Middle
wares
conf.
Container
Apps
conf.
ImageImage
☹ Not
prod-ready
Container
Apps
conf.
"
prod-
ready
"
Prod
ready Image
"
Prod
ready

29. Serverless or not?
Serverless or not?
Managed infrastructure
and services
Usage
Cost
Infrastructure is fully managed
K8S primitives empower user enough to provision
resources (volume claim, ingress)
services are fully managed
Runtimes are partially managed since they are included in
application docker images
Abstraction of any
server notion
Usage
Cost
On a developer perspective, YES
Self-healing and auto-scaling
But on a cost perspective, he still pays for servers
Cost scales to 0 Cost On a developer perspective, YES
Fast provisioning Usage
Booting up a K8S pod depends on what the Docker image
is containing. Most of the time < 10 sec.

30. Feedback #2 - Clever Cloud PaaS
Feedback #2
Clever Cloud PaaS
You write code - We Run IT

31. PaaS Players

32. PaaS for developers
PaaS promise
git push and it works!
Production grade!
No-OPS!
Limited catalog
Opinionated way
of running apps
No vendor lock-in
DEV OPS

33. PaaS for developers
PaaS promise
git push and it works!
Production grade!
No-OPS!
Using a PaaS:
Choose a runtime
+ build tool
Write your app. code
Add git remote branch
Push to remote
You are in production!
DEVELOPER ACTIVITY
PLATFORM ACTIVITY

34. Shift from machine to application
BASIC DEPLOYMENT UNIT
from machine to application
Production grade
Provisioning on-demand
Immutable architecture
No interruption of service
Security
Automatic scalability
Monitoring and logs
No-OPS!

35. PaaS - under the hood
Provisioning on-demand
CLI, Web console, API
Runtime and add-ons catalog
Dynamically configured reverse-proxies & DNS
Self-healing and autoscaling
CLI
WebUI
API Message
broker
Deployment
scheduler
Dev
hipster
Reverse-proxies
Hypervisors VMs
Message
broker
VM images
catalog
Monitoring
& logging

36. PaaS - under the hood
Immutable infrastructure
Preset KVM optimized and secured images
■ maintained on our own
■ copy-on-write -> VM boots in 7 sec
Linux Exherbo distribution
■ maintained on our own
■ source-based
■ upstream
■ to be more reactive and efficient against security threats
Application build on-site from source code
Alerting users on old instances to make them redeploy
Details here: https://www.youtube.com/watch?v=CeaoTAXkIZE
CLIPaaS
Ops
VM images
catalog
Hypervisors VMs
Building
binaries

37. PaaS - under the hood
Application deployment
Application build on-site from source code
Automated build
■ introspect source code
to determine build tool needed
■ keep build cache
for autoscaling purpose
CLI
Hypervisors VMs
Building
binaries
Dev
hipster
App
deployer

38. Blue/green deployment pattern
Blue/green
deployment
No interruption of service
Auto-restart when crashed
Shadow upgrade
Dynamic scalability

39. Will IT Scale?

40. Serverless or not?
Serverless or not?
Managed infrastructure
and services
Usage
Cost
Infrastructure is fully managed
User cannot claim any specific infrastructure resource BUT
use available add-ons
services are fully managed
Runtimes are fully managed
Abstraction of any
server notion
Usage
Cost
On a developer perspective, YES
Self-healing and auto-scaling
But on a cost perspective, he still pays for servers
Cost scales to 0 Cost Auto-scaling can get cost very low, but still not 0 yet
Fast provisionning Usage Booting up an app is around 7 sec after the first build

41. Feedback #3 - FaaS
Retour d’expérience #3
FaaS, the new hype

42. FaaS model

43. FaaS model

44. FaaS pattern

45. On-Premise
Serverless Functions made simple
for Docker and Kubernetes

46. On-Premise

47. OpenFaaS highlights
❏ Ease of use through UI portal and one-click install
helm upgrade --install rivieradev openfaas/ --namespace rivieradev -f values.yaml
❏ Write functions in any language for Linux or Windows and package in Docker/OCI
image format
❏ Portable - runs on existing hardware or public/private cloud - Kubernetes and
Docker Swarm native
❏ CLI available with YAML format for templating and defining functions
faas-cli build | push | deploy -f myfn.yml
❏ Auto-scales as demand increases

48. OpenFaaS gateway

49. OpenFaaS gateway

50. OpenFaaS gateway

51. OpenFaaS idler

52. OpenFaaS cloud

53. OpenFaaS cloud

54. OpenFaaS cloud

55. OpenFaaS cloud

56. OpenFaaS monitoring

57. OpenFaaS compared
OpenFaaS Kubeless Knative
Vendor Community Bitnami Google
Maturity 2 years 2 years 3 months
Docker
YAML Stack / CRD CRD CRD
Stable
Lightweight
Code limits 50kb / 1 mb
Zero-scale

58. FaaS - the Clever Cloud way…
Function deployment
Functions built on-site as WebAssembly binary
Each function isolated into a VM
VM have no OS but a lightweight WASM
“Bootloader”
■ the Unikernel way
CLI
Hypervisors VMs
Building WebAssembly
binaries
Dev
hipster
WASM function
+ bootloader”

59. Final thoughts
Finally, the ending word
Serverless & beyond!

60. Serverless & IoT
❏ IoT generates large loads of small & basic-to-process
events, in huge quantity
❏ It calls for an event-driven programming approach
❏ … which fits well with the idea of simple, elementary
functions of Serverless/FaaS computing
Serverless
+
IoT
It’s a
match!

61. Serverless & edge computing
❏ Google Trends graphs for “Serverless” & “Edge computing” terms
❏ Beware, scales are not the same ;)
❏ Anyway, an interesting correlation to notice, isn’t it ?

62. WTF with Edge computing?
❏ Offload computing tasks close to the data,
at the border of the network / out from the
cloud
❏ Example, precompute face recognition
close to a camera, to avoid uploading the
whole video flow to the cloud
❏ Particularly valuable in an IoT landscape
CLOUD
EDGE

63. Unleash from the Cloud
Major cloud vendors are building their strategy on top of the
following triptic, to unleash their service from the cloud
For instance: Azure IoT Edge / Sphere, AWS Greengrass...
Edge
Computing
Serverless
Architecture
Internet Of Things
New connectivity
5G/Sigfox/Laura...
Event-driven
programing

64. Questions ?

65. ROTI