Join the conversation on Kubescape’s Slack channels
From specific questions to random thoughts, whatever it is, you’re welcome to join the Kubescape...
Jan 13, 2020
While the move to microservices-based architecture is relatively new, it is already mainstream. A majority of companies are choosing it as their default architecture for new development,and you are not cool if you are not using microservices.
With regards to migrating legacy apps and breaking them down to microservices, companies are showing more conservatism, and rightly so. While the move creates a lot of value, mainly around new features, time to market, and scalability, it also has its complexities and trade offs.
If you plan to make the move, make sure you have an “end game” point of view. Moving to microservices is a fundamental architecture change, so layout the main principles of the architecture before you start, what APIs will be used, how service discovery will work, should a specific workload be stateful or stateless, and what merits a microservice – for example, two microservices that constantly call back one another may need to be one service.
Time and effort are other major considerations– development resources are always scarce,and we always prefer to invest them in new functionality rather than infrastructure changes. A sober look at the migration process starts with identifying areas of the legacy apps most suited for migration.The easiest areas to move into microservices are API-based and external-facing components such as specific web services that are expected to grow in functionality going forward. These are relatively stand-alone pieces of the application that don’t need code changes in the legacy app to support them.
Since most environments contain “data workloads” and “processing workloads,” “freeing data first” should be a good best practice. Since many of the microservices will need to use and access data; separating data services and making data available easily to new microservices through APIs is a key milestone in moving to a microservices-based architecture.
Finally, security needs to be considered. One critical aspect is ensuring that data protection and compliance stay resilient throughout the process. Moving data to the cloud will necessitate encryption and ensuring it is protected at rest, in transit, and in-use across your legacy and microservices environments.
Another security challenge arises due to the mere fact that more microservices mean more independent software components running in the environment, enlarging the attack surface and increasing the complexity of security configurations. Assuring control over code execution becomes critical.
With the growth in the number of individual workloads comes growth in the number of interfaces and APIs in the system. Defining policies across these numerous services becomes increasingly complicated especially with system like Kubernetes abstracting much of the network infrastructure.
With these challenges, Application Security cannot be an afterthought. It must play a central role throughout the migration process and in the target architecture as a key consideration in the decision to break down the application. Addressing that at the beginning will reduce risks of getting bogged down later when you try to integrate security concerns in the middle of the process.
To wrap up, moving to microservices accelerates product development and time to market. It allows your applications to get up and running quickly, delivering minimum viable products more quickly and effectively. Make sure, though, to take a measured approach to ensure stable and secure results.
Hope you found our content interesting. We always appreciate getting feedback and discussing our ideas, please feel free to drop us a line, we make sure to answer everyone [email protected]
From specific questions to random thoughts, whatever it is, you’re welcome to join the Kubescape...
Former Google DevRel lead and co-host of the weekly Kubernetes podcast, Craig will lead ARMO’s...
ARMO’s Kubescape is an open, transparent, single pane of glass for Kubernetes security, used by...