Statements about Stateless

A presentation at DevOpsDays Cairo 2024 in September 2024 in Cairo, Cairo Governorate, Egypt by Daniel "phrawzty" Maher

Slide 1

Slide 1

Statements Abou t Stateless DevOpsDays Cairo 2024 Dan “phrawzty” Maher

Slide 2

Slide 2

Dan “phrawzty” Maher ! Open Source Engineer @ Cerbos ! Co-Chair of DevOpsDays ! Previously Scaleway, Datadog, Mozilla, Ubisoft… ! A little more ops than dev ;) @phrawzty // cerbos.dev 2

Slide 3

Slide 3

Slide 4

Slide 4

Cerbos - Externalised, policy-based runtime authorisation for your applications. - Open source, written in Go - https://cerbos.dev/ - Most importantly: it’s stateless! @phrawzty // cerbos.dev 4

Slide 5

Slide 5

Agenda 1. Core Principles 2. Advantages & Disadvantages 3. Practical Concerns @phrawzty // cerbos.dev 5

Slide 6

Slide 6

Agenda 0. What Even Is State? 1. Core Principles 2. Advantages & Disadvantages 3. Practical Concerns @phrawzty // cerbos.dev 6

Slide 7

Slide 7

What is state? State refers to any information that a system or application needs to retain between different requests or interactions to understand and respond correctly to subsequent requests from the same user or process. @phrawzty // cerbos.dev 7

Slide 8

Slide 8

Examples of state - User sessions - Request context - Client-specific data - System state @phrawzty // cerbos.dev 8

Slide 9

Slide 9

Is stateless real? @phrawzty // cerbos.dev 9

Slide 10

Slide 10

Core principles - Independent requests - External state management - Idempotency - Decoupled components - Horizontal scalability @phrawzty // cerbos.dev 10

Slide 11

Slide 11

Independent requests - Every request is self-contained - Every request is (considered) a fresh interaction @phrawzty // cerbos.dev 11

Slide 12

Slide 12

Ex ternal state management - State is managed outside of the interaction - Client or external system manages continuity @phrawzty // cerbos.dev 12

Slide 13

Slide 13

Idempotency - Same request, same result - “referential transparency” @phrawzty // cerbos.dev 13

Slide 14

Slide 14

Decoupled components - No shared state means forced modularity - Components communicate through interfaces @phrawzty // cerbos.dev 14

Slide 15

Slide 15

Horizontal scalabili ty - Distributed workload by nature - Cloud native (cloud-friendly?) @phrawzty // cerbos.dev 15

Slide 16

Slide 16

Advantages & Disadvantages - Independent requests - External state management - Idempotency - Decoupled components - Horizontal scalability @phrawzty // cerbos.dev 16

Slide 17

Slide 17

Independent requests - Advantages: Resilient, flexible, and distributed - Disadvantages: Increased overhead, high network dependence @phrawzty // cerbos.dev 17

Slide 18

Slide 18

Ex ternal state management - Advantages: Simplified server-side, straightforward scalability - Disadvantages: “Unusual” security profile, state synchronisation challenges @phrawzty // cerbos.dev 18

Slide 19

Slide 19

Idempotency - Advantages: Improved reliability, graceful error recovery - Disadvantages: Reduced flexibility, potentially complex implementation @phrawzty // cerbos.dev 19

Slide 20

Slide 20

Decoupled components - Advantages: Modular, flexible, fault-tolerant - Disadvantages: Coordination overhead, network intensive, sensitive to latency @phrawzty // cerbos.dev 20

Slide 21

Slide 21

Horizontal Scaling - Advantages: Elasticity, load distribution, resilience - Disadvantages: Now you’re managing a distributed system. My condolences. @phrawzty // cerbos.dev 21

Slide 22

Slide 22

Practical Concerns - Handling user sessions - Caching mechanisms - Deployment and lifecycle Image courtesy Bent Inge Johansen (public domain): https://flic.kr/p/tjuZMw @phrawzty // cerbos.dev 22

Slide 23

Slide 23

Handling user sessions - Externalised session management - Client tokens (e.g. JWT) @phrawzty // cerbos.dev 23

Slide 24

Slide 24

JSON Web Tokens (JWT) - Good: Stateless, compact, cryptographically secure signature - Bad: Difficult to revoke, plaintext paylod @phrawzty // cerbos.dev 24

Slide 25

Slide 25

Caching mechanisms - Distrbuted key/value store - HTTP caching at the edge - Browser cache @phrawzty // cerbos.dev 25

Slide 26

Slide 26

Test your caching mechanisms! - Load testing, misses, unexpected invalidations, consistency concerns… @phrawzty // cerbos.dev 26

Slide 27

Slide 27

Deployment and lifecycle concerns - Deployment / environment consistency - Dependencies and service discovery - Load balancing and traffic management @phrawzty // cerbos.dev 27

Slide 28

Slide 28

Deployment / environment consistency - Side effects and emergent properties - Situational differences @phrawzty // cerbos.dev 28

Slide 29

Slide 29

Dependencies and service discovery - State management - So many services! @phrawzty // cerbos.dev 29

Slide 30

Slide 30

Load balancing and traffic management - Balancing algorithms and affinity - (Auto) Scaling @phrawzty // cerbos.dev 30

Slide 31

Slide 31

Conclusion - Everything is a trade-off @phrawzty // cerbos.dev 31

Slide 32

Slide 32

Actually the conclusion @phrawzty // cerbos.dev 32