Building distributed systems at scale is never easy. The challenges of orchestrating multiple services, ensuring strong contracts, and managing network communication can be overwhelming, this is where gRPC stands out. In this talk, I will give a deep dive into how to effectively build production-ready gRPC microservices using Go. I will also cover various aspects crucial to developing these at scale, providing attendees with practical insights and best practices, as well as some of the lessons we learnt when building these at Cloudflare.
In the introduction, I'll provide a brief overview of gRPC and discuss the advantages it brings to microservices architecture, emphasising the simplicity and benefits when using with Go. I will then dive into the practical aspects, by demonstrating how to create a basic gRPC server, as well as showcasing both unary and bidirectional streaming.
A large portion of the talk will be dedicated to establishing how to build a standardised protobuf build pipeline. This can be used as a centralised repository for all protobuf definitions, and can act as documentation for gRPC APIs. This will give engineering teams the following benefits:
Protecting the applications we create or use is getting harder and harder every day. We can’t go a week without hearing about another CVE (Common Vulnerabilities and Exposures) or zero-day vulnerability. On top of this, basically every app we write or use requires network connectivity. These apps all have potential security hazards. Still, we must attach to networks and expose our apps to these risks. Zero trust networking is a strategy created to try to address some of these problems. Centering around a strong identity and with the main idea of “never trust, always verify”, zero trust attempts to reduce the amount of risk incurred by simply attaching to any given network. The problem is, most ‘zero trust’ is bolt-on solutions which are not relevant to developers. Applying zero trust principles to your network is an excellent start but it simply doesn’t go far enough. What if you can embed zero trust into the application itself, and treat all networks as compromised and hostile? This allows you to know who is trying to connect - before they are allowed to connect. Your applications do not need to listen on any port. Having no listening ports makes your application immune to scan-and-attack network-based attacks. Implementing zero trust within your application doesn't merely enhance security; it integrates security directly into your app's core, all the while optimizing its performance.
In this talk I going to share my experience through the reading of the Go compiler/runtime source code. While I was reading the code and preparing talks like "Dissecting Slices, Maps and Channels in Go" or "Understanding the Go Compiler", I had some interesting "Aha!" moments. Thinks that clicked in my head, or given me an interesting insight about how the go programming language work. In this talk we are going to explore 10 of that aha moments. Some of them is going to provide you better understanding of how the language work, some of them are going to make you more conscious about certain performance implications and some of them, maybe, can inspire you to build something new. But all of them catch my attention, and I think is going to captures yours.
RONNA STEINBERG
Ronna is a Tech Lead at Upvest, a Google developer expert for the Go programming language, a Women Who Go organizer, and a GoTime’s unpopular opinion "hall of famer". After 20 years in software development, Ronna knows that she is the sum of the opportunities that were given to her, which is why she helps others to do the same.