12- Factor apps/15- Factor Apps of Modern Cloud Native application

Disclaimer: This blog content has been taken from my latest book:

“Cloud Native Microservices with Spring and Kubernetes”

A quick overview of 12 Factor Apps and newly added 3 factors for standard of cloud Native Application

I. Codebase

One codebase tracked in revision control, many deploys

II. Dependencies

Explicitly declare and isolate dependencies

III. Config

Store config in the environment

IV. Backing services

Treat backing services as attached resources

V. Build, release, run

Strictly separate build and run stages

VI. Processes

Execute the app as one or more stateless processes

VII. Port binding

Export services via port binding

VIII. Concurrency

Scale out via the process model

IX. Disposability

Maximize robustness with fast startup and graceful shutdown

X. Dev/prod parity

Keep development, staging, and production as similar as possible

XI. Logs

Treat logs as event streams

XII. Admin processes

Run admin/management tasks as one-off processes

New 3 more factors for modern applications:

  • API First
  • Telemetry
  • Security , Authentication and Authorization (A&A)

13. API First

API first suggests to start API designing first and expose all cloud native micro-services thru REST API endpoints. Try to follow best REST API practices, set API contract like request, response payload, API name, security and arguments. In modern applications cloud native apps are exposed and integrated thru APIs. Use API Gateways to follow these standards. I like Spring Cloud Gateway open-source to implement code centric API standards, its faster, lightweight and easily configurable by the developers.

14. Telemetry

Add advance feature of monitor hundreds and thousands of micro-services apps, containers, environment. It’s very important to monitor logging, disk space usage, memory consumption, performance, and so on. Based on these telemetry data platform can scale, self-heal and manage alerts for end users and platform operators. Analytics can be done using Machine learning and based on that any organization can derive to future business strategy!

15. Security , Authentication and Authorization (A&A)

Security of microservice cloud native application is Super Important. Security is a major concern in modern era, where hackers are really smart to steal confidential and critical information. Make sure almost all security policies are in place at H/W, N/W and S/W. These are very high level important security measure.

  • DOS, DDOS protection
  • API should be secured using A&A – API token, RBAC, OAuth
  • Web content should be exposed externally on HTTPS
  • Network should have firewall protection
  • API request/response payloads should be encrypted
  • Firewall and router level security should be in place
  • Database protection
  • MFA (Mutii-factor authentication)

Published by

Rajiv Srivastava

Principal Architect with Wells Fargo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s