Announcing Restate Cloud Early Access

Posted June 10, 2024 by Jack Kleeman and Pavel Tcholakov ‐ 7 min read

Together with Restate 1.0, we’re excited to announce early access to the free tier of Restate Cloud, our serverless managed Restate offering. You can now start using Restate in seconds without needing to manage any infrastructure. If you have a GitHub or Google Account, you are just four clicks away from creating your first Restate environment. Go to https://cloud.restate.dev to get started.

Our primary goal with Restate Cloud is to make it extremely easy to deploy and operate applications built on Restate without having to worry about operating servers and managing durable storage. We aim to deliver an awesome out-of-the-box local development experience, and we understand that it can be daunting to operate stateful services. The requirement to host the Restate server is particularly striking if you wish to take advantage of Restate’s support for serverless platforms such as AWS Lambda for hosting your service logic. Restate Cloud takes care of managing the long-term compute and storage needs of your Restate environment, so you can concentrate on building your application, which can run wherever suits you. While we plan to continue to evolve the Restate server software to make it simpler for operators, right now our managed offering is the simplest and easiest way to run Restate.

Development experience

Restate has an awesome local development experience because you can run it in its entirety directly on your laptop. Provided as a single binary with no external dependencies, this makes it easy to run alongside any stack. We wanted the experience of developing against Restate Cloud to be as close as possible to having Restate running locally on your computer. So we added Cloud environment support to the Restate CLI and have made it every bit as simple to use.

First, login to your Restate Cloud account and create an environment. Make sure you are using Restate CLI version 1.0.0 or later, and configure your CLI for your Cloud environment.

restate cloud login
restate cloud env configure

You can securely expose your Cloud environment as if it was a local unauthenticated Restate server with the restate cloud env tunnel command.

# proxies port 8080 to the default cloud environment ingress endpoint
restate cloud env tunnel --remote-port 8080
# invoke deployed services as if Restate was on your laptop
curl localhost:8080/MyService/myHandler

When you use the Restate SDK to expose handlers as an HTTP/2 service, you generally wouldn’t want to expose such endpoints directly to the internet. The tunnel command also allows Cloud environments to connect to your locally-running services by exposing a local port to the specific remote Restate environment:

# allow the cloud environment to connect to locally-hosted server on port 9080
restate cloud env tunnel --local-port 9080

# use the displayed tunnel url to register your local service with your cloud environment
restate deployments register tunnel://example:9081

The Restate tunnel infrastructure permits only your Restate Cloud environment to talk to your service. When you are ready to deploy your service permanently, use a load balancer to make it publicly available. In order for your service to authorize inbound access requests, Cloud environments have a unique environment identity represented by an asymmetric key pair. Copy the public key configuration from your environment’s Settings page and add it to your service endpoint to verify that inbound requests originate from the correct Restate environment. A future version of Restate will also support services to reach out and poll the Restate environment for work, enabling deployments without a public load balancer.

Architecture

Restate Cloud is built up of a number of layers, with both shared and tenant-isolated components. We have gone for an explicit control and data plane separation, which we believe helps make the overall system more robust. We knew from the start that we would rely heavily on Restate to tie together a variety of cloud services. The control plane frontend is backed by TypeScript services deployed to AWS Lambda, and invoked through Restate. We route incoming API requests through a thin gateway layer that provides request authentication and forwards the traffic to the control plane’s Restate environment. Something that surprised us was that we could store all Cloud resources’ state within Restate with no external database dependency, by modeling Cloud resources as virtual objects. This has been excellent dogfooding for us while also benefiting from Restate’s simple and robust communication primitives.

This decomposed approach helped our development velocity massively and enabled us to build Cloud in just a few months. Restate helps us keep our code extremely simple, almost seeming naive, without compromising on dealing with various failure modes. Deploying our service code to Lambda also eliminates many infrastructure headaches. Orchestration code is simple to follow as we can make “synchronous calls” between components with Restate taking care of suspension where needed, without having multiple layers of Lambda invocations blocked on each other.

Scheduling long-running processes across clusters of compute nodes and persistent storage is not a new problem, and you won’t be surprised to learn that we picked Kubernetes to help us implement the data plane. Kubernetes gets a lot of criticism for being applied as a default choice without due consideration of the complexities involved. For our needs of hosting customer Restate Cloud environments, we have found it to be a powerful and performant resource manager, with a control plane that has extension points in all the right places.

The control plane creates Restate clusters using our custom Kubernetes Operator, which we built and open-sourced with this use case in mind. The operator helps us to go from a create-environment API call to a healthy Restate cluster in as little as 10 seconds. Thanks to Kubernetes, the underlying compute clusters can scale up (or down) as necessary in response to demand. The operator also implements security features that we rely on to keep clusters isolated, and provides them with unique cryptographic identities and AWS credentials. In time, we expect to evolve this architecture towards natively multi-tenant Restate clusters, which will help us drive costs down. However, starting with service-per-tenant has helped us to ship fast and have confidence in being able to support migrations in the future thanks to Restate 1.0’s storage format compatibility and its virtual log architecture.

cloud_arch.png

Restate Cloud environments are fronted by a shared horizontally-scalable request routing proxy. We built this service in Rust to perform authentication of both human and machine callers, and route authorized requests to their respective target environments within the data plane. Since the Restate server exposes an HTTP interface, it was easy to build a reverse proxy that met our requirements while preserving the Restate API externally. Authorization policies expressed in the Cedar policy language allow us to cleanly express access roles, for example limited API keys that can only resolve awakeables. We expect to open this up more in the future to allow customers to define custom Cloud access control policies as needed.

Pricing & SLAs

Restate Cloud is launching with a free tier today. While there are no explicit usage limits, every environment gets only a limited resources, which supports in the order of 30-40 events (=steps, calls) per second. The free tier initially offers no strict availability SLAs. We would recommend using Restate Cloud free tier for now for development, testing, and applications that don’t have mission-critical availability needs.

We expect to soon add SLAs to the free tier and to introduce self-signup for paid premium tiers offering higher performance, tighter SLAs, and enhanced support levels. Today, if you require Restate Cloud with specific performance or availability needs, please contact us.

We are enormously grateful to everyone trying out the Restate Cloud free tier. As Restate is a new kind of stateful system with a novel architecture, each of you is important in steering the project and driving the development efforts.

As we evolve the tenancy model of the underlying Restate clusters towards greater efficiency, we hope to make the free tier ever more useful over time. However, we reserve the right to introduce limits based on the usage patterns we observe, for example explicit rate limits on journal throughput, that may be necessary to maintain a healthy service for every user. For our paid tiers, we are committed to a simple to understand usage-based pricing that encourages adoption and is well aligned with the serverless development model.


If Cloud sounds interesting to you, we’d love you to try it and let us know what you think. Sign up at https://cloud.restate.dev and come chat in our Discord or Slack!