Statements about Stateless

Statements Abou t Stateless DevOpsDays Cairo 2024 Dan “phrawzty” Maher

Dan “phrawzty” Maher ! Open Source Engineer @ Cerbos ! Co-Chair of DevOpsDays ! Previously Scaleway, Datadog, Mozilla, Ubisoft… ! A little more ops than dev ;) @phrawzty // cerbos.dev 2

Cerbos - Externalised, policy-based runtime authorisation for your applications. - Open source, written in Go - https://cerbos.dev/ - Most importantly: it’s stateless! @phrawzty // cerbos.dev 4

Agenda 1. Core Principles 2. Advantages & Disadvantages 3. Practical Concerns @phrawzty // cerbos.dev 5

Agenda 0. What Even Is State? 1. Core Principles 2. Advantages & Disadvantages 3. Practical Concerns @phrawzty // cerbos.dev 6

What is state? State refers to any information that a system or application needs to retain between different requests or interactions to understand and respond correctly to subsequent requests from the same user or process. @phrawzty // cerbos.dev 7

Examples of state - User sessions - Request context - Client-specific data - System state @phrawzty // cerbos.dev 8

Is stateless real? @phrawzty // cerbos.dev 9

Core principles - Independent requests - External state management - Idempotency - Decoupled components - Horizontal scalability @phrawzty // cerbos.dev 10

Independent requests - Every request is self-contained - Every request is (considered) a fresh interaction @phrawzty // cerbos.dev 11

Ex ternal state management - State is managed outside of the interaction - Client or external system manages continuity @phrawzty // cerbos.dev 12

Idempotency - Same request, same result - “referential transparency” @phrawzty // cerbos.dev 13

Decoupled components - No shared state means forced modularity - Components communicate through interfaces @phrawzty // cerbos.dev 14

Horizontal scalabili ty - Distributed workload by nature - Cloud native (cloud-friendly?) @phrawzty // cerbos.dev 15

Advantages & Disadvantages - Independent requests - External state management - Idempotency - Decoupled components - Horizontal scalability @phrawzty // cerbos.dev 16

Independent requests - Advantages: Resilient, flexible, and distributed - Disadvantages: Increased overhead, high network dependence @phrawzty // cerbos.dev 17

Ex ternal state management - Advantages: Simplified server-side, straightforward scalability - Disadvantages: “Unusual” security profile, state synchronisation challenges @phrawzty // cerbos.dev 18

Idempotency - Advantages: Improved reliability, graceful error recovery - Disadvantages: Reduced flexibility, potentially complex implementation @phrawzty // cerbos.dev 19

Decoupled components - Advantages: Modular, flexible, fault-tolerant - Disadvantages: Coordination overhead, network intensive, sensitive to latency @phrawzty // cerbos.dev 20

Horizontal Scaling - Advantages: Elasticity, load distribution, resilience - Disadvantages: Now you’re managing a distributed system. My condolences. @phrawzty // cerbos.dev 21

Practical Concerns - Handling user sessions - Caching mechanisms - Deployment and lifecycle Image courtesy Bent Inge Johansen (public domain): https://flic.kr/p/tjuZMw @phrawzty // cerbos.dev 22

Handling user sessions - Externalised session management - Client tokens (e.g. JWT) @phrawzty // cerbos.dev 23

JSON Web Tokens (JWT) - Good: Stateless, compact, cryptographically secure signature - Bad: Difficult to revoke, plaintext paylod @phrawzty // cerbos.dev 24

Caching mechanisms - Distrbuted key/value store - HTTP caching at the edge - Browser cache @phrawzty // cerbos.dev 25

Test your caching mechanisms! - Load testing, misses, unexpected invalidations, consistency concerns… @phrawzty // cerbos.dev 26

Deployment and lifecycle concerns - Deployment / environment consistency - Dependencies and service discovery - Load balancing and traffic management @phrawzty // cerbos.dev 27

Deployment / environment consistency - Side effects and emergent properties - Situational differences @phrawzty // cerbos.dev 28

Dependencies and service discovery - State management - So many services! @phrawzty // cerbos.dev 29

Load balancing and traffic management - Balancing algorithms and affinity - (Auto) Scaling @phrawzty // cerbos.dev 30

Conclusion - Everything is a trade-off @phrawzty // cerbos.dev 31

Actually the conclusion @phrawzty // cerbos.dev 32