DevOps Fast Forward with Go
Since its inception, Google’s Go programming language (Golang) has been experiencing increasing popularity among mainstream users. Additionally, Go ranks highly among programming languages in terms of expertise and learning preference. HackerEarth’s recent survey ‘HackerEarth Developer Survey’ found that 32% of experienced developers pick Go as the programming language they want to learn, well ahead of Python on 24%.
Image Credits: HackerEarth
To give context, the entire DevOps and container ecosystem is built on the back of the Go programming language. Today, countless companies heavily utilize Go and developers these days to learn Go as one of their primary languages.
Both Docker and Kubernetes — two of the most popular open-source projects are both written in Go. Many new DevOps tools coming out these days are completely written in Go, and it is the language most of the DevOps enthusiasts would love to learn.
Go and DevOps go hand in hand
Go enables you to write once and run anywhere if you target multi-platform, multi-architecture environments.
One of the best things in Golang is the ease of cross-compiling code, allowing us to provide tools for other teams and developers to run them in different environments (laptops, ci/cd servers, docker/k8s, etc.).
Go is considered as the best language from a performance perspective. This article on ‘Server-side I/O Performance’ shows how Go stands out in the server-side I/O performance compared to other popular languages.
Go is a lightweight programming language. The thing we love most about Go is a single binary for an entire project. Examples include Consul, Terraform, Vault, Prometheus, etc. (They are all DevOps related tools)
One of the most prominent features of Go is that Google backs it just like K8s.
Big and successful companies use Go and have written a lot about their Golang usage success stories in their engineering blogs.
Go is attractive because of the many features
Concurrency:
Go offers great concurrency primitives and hence makes it extremely simple to implement a concurrent system. Go supports concurrency at the language level. The basic unit for this in Go is a go routine. Go routines are lightweight threads of execution. Generating a go routine is very easy, as easy as adding the go keyword before a function.
Strong security built-in:
Go codes are straightforward and simple. Developers don’t have to worry about complicated and hard identifying errors from the vast number of variable types like in more dynamic languages. Golang garbage collector notices which objects are out of scope and cannot be referenced anymore and frees the memory space they consume. This process happens concurrently while a Go program is running and not before or after the program's execution.
Speed of Compilation:
Go’s compilation and execution speed is much better than other programming languages like Java, Python, etc. Golang is easily parsable without a symbol table. The design of Golang and its compiler was done, keeping the speed of compilation and execution in mind.
Binaries:
Binaries (software artifacts) will be generated for your applications in Go with all the dependencies built-in. It removes the need to install runtimes that are necessary for running any application. This alleviates the task of deploying applications and implementing essential updates across thousands of installations. The big wow factor is Go supports multiple OS and processor architectures.
Testing Support:
Unit testing is right in the Go language itself. It presents a simple mechanism to write the unit tests in parallel with our code. The Go tooling also provides support to understand code coverage by our tests, benchmarking tests, and writing example code used to generate our code documentation.
Go features that make it good for DevOps
Go Modules
Package management is one of the important things Go missed for a long time. One of the major drawbacks of Go's 'go get' was the absence of support for handling dependency versions and facilitating reproducible builds.
Version 1.11 of the Go programming language introduced support for modules, a new dependency management system for Go.
A Go Module is a way to group a set of packages and give it a version number to identify its existence (state) at a specific point in time.
Picking the right Go Module
It can be challenging to choose the right Go module for any new Go developer. There are plenty of great options open when deciding your Go Module, and this can be made simple by considering three fundamental parameters:
Module Popularity – How widely used a module is
Module References – The attribution of the module
Module Compliance – The level of security within that module and its dependencies
[Source: DZone]
At gocenter.io, there is a free repository of over 700,000 versioned Go Modules that can help you choose the right module for your project/use case.
Go PROXY
To improve the state of dependency management in Go, GOPROXY is enabled by default in Go v1.13. A GOPROXY controls the source of your Go module downloads and assures that builds are deterministic and secure.
A public GOPROXY is a centralized repository accessible and available free to Golang devs and enthusiasts worldwide. This hosts open-source Go modules that have been made public from third party sources in publicly accessible VCS project repositories.
GoCenter
GoCenter automatically processes and validates Go projects directly from source code repositories into immutable, versioned modules, making them freely available to the Go developer community.
In this blog, ‘Go at Full Speed with GoCenter’ you will know more about how GoCenter empowers the Go community to reliably generate reproducible builds of their Go applications.
Security
The most frustrating thing for Go developers is Go Module vulnerabilities, with the approach of DevSecOps best practices and a shifting left strategy, it’s becoming even more relevant for developers to be able to track and report vulnerabilities as early as possible. JFrog GoCenter can help Go developers remove this frustration by tracking and mitigating vulnerabilities.
JFrog Xray’s security vulnerability scanning of Go modules has recently been added to GoCenter.io! GoCenter automatically scans for known vulnerabilities recognized in the public vulnerability database NVD. Those results are stored in GoCenter and exposed on the Security page of the UI, which will list all vulnerabilities that exist in the module version. Learn more about 'GoCenter Reveals Go Module Vulnerabilities With Xray'.
To know more about Go Modules security, you can read this article ‘Go Modules Security’
Go Registry
The Go ecosystem was missing standardization – there was an absence of a standard tool for dependency management, and hence, developers could not create reproducible builds with Go, which was a huge drawback working with Go projects and became quite an issue. After several years, Google eventually solved this issue by adding versioning support for Go.
Additionally, the release of Artifactory 5.11 added support for Go registries giving the community various capabilities when developing with Go.
Build promotion
Go applications are a single binary with dependencies included, lending themselves to build promotion for DevOps. Build once and promote throughout is one of the best practices when it comes to Go projects CI/CD best practices.
Building the Go-based microservices once, and promoting them to the next stages once promotion criteria such as tests and scans are met. When you intend to containerize your Go microservice, the same principle applies: 'Build once and promote' - That means building each Docker image once and promoting it through a series of staging repositories. Like this, you can ensure that what was tested is exactly what is being released to production.
Real-world examples of Go usage
Go’s features like concurrency, garbage collection, speed, and high-performance help several apps, firms, and services achieve their goal.
Google itself is currently and heavily using Go to provide its cloud infrastructure.
To manage its 500 million users more efficiently, Dropbox uses Golang.
Most of GitHub's infrastructure is now written in Go.
Netflix and YouTube make use of Go programming language to manage the demanding load on their websites, and Soundcloud also uses Go to deploy its internal services.
BBC has been using Golang for internal analytic services and backend development since 2012.
Uber uses Go to improve its map processing speeds when users load geofence lookups.
The software delivery life cycle has changed dramatically. Containers and microservices architectures have become an answer to unlock application agility and modernization. Modern apps must be designed with cloud-native principles in mind and take advantage of cloud platforms' loosely coupled cloud services.
Go is an explicit language, specially designed with these new requirements in mind. Go is growing in popularity because of its unmatched simplicity, features like garbage collection, concurrency, etc.
Go helps make DevOps work
Go is a perfect choice for any firm that is starting out its DevOps journey. Go's inherent features help enable the best practices for DevOps: immutable packages, testing, build promotion, security, etc. GoCenter is also a great resource for Go developers, providing always-available immutable access to dependencies with important metrics.
Explore GoCenter to see how it demonstrates these important DevOps principles.
Combined, a very powerful way to practice strong DevOps. Golang has become an ideal choice for developers working with open-source technology and DevOps projects; it has an excellent combination of concurrency, safety, and simplicity. It is undoubtedly an amazing programming language for writing web services and has the ability to integrate easily with other services. Top enterprise organizations are using Golang for their software development. Some worldwide popular companies that use Golang are Uber, YouTube, Google, BBC, Dailymotion, Adobe, etc. Since the market for Golang is still growing, it seems that the future continues to support this demand.
