Governance in MSA
- It is always a better approach to create the guidelines and policies beforehand which can be used by teams and will play a vital role in resolving conflicts however governance team should not be rigid and open to make changes in the guidelines and policies if suggested changes are align with business and architectural goals.Both design-time and run-time governance are required to ensure the success of any of the program/project.
- In microservices architecture style, decentralized governance should be considered which gives the freedom to development teams to decide best suited tech stack and coding standards for their microservices however a high level governance is always required to ensure that they are compliance with the defined policies and regulatory.
Design time policies and guidelines can include:
- Implementation guidelines of Health check endpoints.
- Documentation guidelines so that other interested microservices can understand endpoints and payload.
- Security design and implementation at multiple levels: authentication, authorization, secrets management, secure communication, etc.
- RESTful API standards.
- DevOps and CI/CD related guidelines and standards.
- API versioning and/or schema versioning for input/ output request parameters.
- Microservice teams can choose their own coding standards and tech stack however those should be within the scope of what the organization level standards allow.
- Implementation related guidelines and standards.
- Ensuring compliance with internal and external standards & regulatory obligations.
Run time policies and guidelines can include:
- Handling routing, blocking, and processing
- Monitoring and notifications when:
- Outage is noticed
- Usage crosses the threshold
- Any microservice is not meeting defined SLA
- To ensure availability and scalability requirements.
- Monitoring the security related risks.
- Traffic throttling, smoothing, and load balancing.
- Rate limiting per-API usage.