Cloud Native Container Design Principles

Creating a containerized application that behaves like a good cloud native citizen and can be automated effectively by a platform such as Kubernetes requires some discipline. See below what it is. (Alternatively, read the same post on Medium)

Software design principles

Principles exist in many areas of life, and they generally represent a fundamental truth or belief from which others are derived. In software, principles are rather abstract guidelines, which are supposed to be followed while designing software. There are fundamental principles for writing quality software such as KISS (Keep it simple, stupid), DRY (Don’t repeat yourself), YAGNI (You aren’t gonna need it), SoC (Separation of concerns), etc. Even if these principles do not specify concrete rules, they represent a language and common wisdom that many developers understand and refer to regularly.

There are also SOLID principles that were introduced by Robert C. Martin, which represent guidelines for writing better object-oriented software. It is a framework consisting of complementary principles that are generic and open for interpretation but still give enough direction for creating better object-oriented designs. The SOLID principles use object-oriented primitives and concepts such as classes, interfaces, and inheritance for reasoning about object-oriented designs. In a similar way, there also principles for designing cloud native applications in which the main primitive is the container image rather than a class. Following these principles will ensure that the resulting containers behave like a good cloud native citizen, allowing them to be scheduled, scaled, and monitored in an automated fashion.

SOLID principles for cloud native applications

Cloud native applications anticipate failure; they run and scale reliably even when their infrastructure experiences outages. To offer such capabilities, cloud native platforms like Kubernetes impose a set of contracts on applications. These contracts ensure that applications they run conform to certain constraints and allow the platform to automate application management. Nowadays, it is possible to put almost any application in a container and run it. But to create a containerized application that can be automated and orchestrated effectively by a cloud native platform such as Kubernetes requires additional efforts. The principles for creating containerized applications listed here use the container as the basic primitive and the container orchestration platforms as the target container runtime environment.

Principles of container-based application design
Below is a short summary of what each principle dictates. To read in more details, download the freely available white paper from here (no signup required).

Build time:

  • Single Concern: Each container addresses a single concern and does it well.
  • Self-Containment: A container relies only on the presence of the Linux kernel. Additional libraries are added when the container is built.
  • Image Immutability: Containerized applications are meant to be immutable, and once built are not expected to change between different environments.


  • High Observability: Every container must implement all necessary APIs to help the platform observe and manage the application in the best way possible.
  • Lifecycle Conformance: A container must have a way to read events coming from the platform and conform by reacting to those events.
  • Process Disposability: Containerized applications must be as ephemeral as possible and ready to be replaced by another container instance at any point in time.
  • Runtime Confinement: Every container must declare its resource requirements and restrict resource use to the requirements indicated.
The build time principles ensure that containers have the right granularity, consistency, and structure in place. The runtime principles dictate what functionalities must be implemented in order for containerized applications to possess cloud native function. Adhering these principles, we are more likely to create containerized applications that are better suited for automation in cloud native platforms such as Kubernetes. Check out the white paper for more details.

The Cathedral and the Bazaar: Moving from Barter to a Currency System

This post was originally published as "How blockchain can complement open source" on under CC BY-SA 4.0. If you prefer, you can also read the same post on Medium.

Open Won Over Closed

The Cathedral and The Bazaar is the classic open source story written 20 years ago by Eric Steven Raymond. In the story, Eric describes a new revolutionary software development model where complex software projects are built without (or with a very little) central management. This new model is open source. Eric's story compares two models:
  • The classic model (represented by the cathedral) where software is crafted by a small group of individuals in a closed and controlled environment through slow and stable releases.
  • And the new model (represented by the bazaar) where software is crafted in an open environment where individuals can participate freely, but still produce a stable and coherent system.
Some of the reasons for open source being so successful can be traced back to the founding principles described by Eric. Releasing early, releasing often, accepting the fact that many heads are inevitably better than one allows open source projects to tap into the world's pool of talent (and not many companies can match that using the closed source model).

Two decades after Eric's reflective analysis of the hacker community, we see open source becoming dominant. It is not any longer a model only for scratching a developer’s personal itch, but instead, the place where innovation happens. It is the model that even worlds largest software companies are transitioning to in order to continue dominating.

A Barter System

If we look closely at how the open source model works in practice, we realize that it is a closed system exclusive only to open source developers and techies. The only way to influence the direction of a project is by joining the open source community, understanding the written and the unwritten rules, learning how to contribute, the coding standards, etc, and doing it yourself. This is how the bazaar works and where the barter system analogy comes from. A barter system is a method of exchange of services and goods for other services and goods in return. In the bazaar - where the software is built, that means, in order to take something, you have to be also a producer yourself, and give something back in return. And that is, by exchanging your time and knowledge for getting something done. A bazaar is a place where open source developers interact with other open source developers and produce open source software, the open source way.

The barter system is a great step forward and an evolution from the state of self-sufficiency where everybody has to be a jack of all trades. The bazaar (open source model) using the barter system allows people with common interests and different skills to gather, collaborate and create something that no individual can create on their own. The barter system is simple and lacks complex problems of the modern monetary systems, but it also has some limitations to name a few:
  • Lack of divisibility - in the absence of a common medium of exchange, a large indivisible commodity/value cannot be exchanged for a smaller commodity/value. For example, even if you want to do a small change in an open source project, you may still have to go through a high entry barrier sometimes.
  • Storing value - if a project is important to your company, you may want to have a large investment/commitment in it. But since it is a barter system among open source developers, the only way to have a strong say is by employing many open source committers and that is not always possible.
  • Transferring value - if you have invested in a project (trained employees, hired open source developers) and want to move focus to another project, it is not possible to transfer expertise, reputation, influence quickly.
  • Temporal decoupling - the barter system does not provide a good mechanism for deferred or in advance commitments. In the open source world, that means a user cannot express its commitment/interest in a project in a measurable way in advance, or continuously for future periods.
We will see below what is the back door to the bazaar and how to address these limitations.

A Currency System

People are hanging at the bazaar for different reasons: some are there to learn, some are there to scratch a developer’s personal itch and some work for large software farms. And since the only way to have a say in the bazaar is by becoming part of the open source community and joining the barter system, in order to gain credibility in the open source world, many large software companies pay these developers in a monetary value and employ them. The latter represents the use of a currency system to influence the bazaar. Open source is not any longer for scratching the personal developer itch only. It also accounts for a significant part of the overall software production worldwide and there are many who want to have an influence.

Open source sets the guiding principles through which developers interact and build a coherent system in a distributed way. It dictates how a project is governed, software is built and the output distributed to users. It is an open consensus model for decentralized entities for building quality software together. But the open source model does not cover how open source is subsidized. Whether it is sponsored, directly or indirectly, through intrinsic or extrinsic motivators is irrelevant to the bazaar.
Centralized and decentralized ecosystems supporting open source

Currently, there is no equivalent of the decentralized open source development model for subsidization purpose. The majority of the open source subsidization is centralized and monopolized typically by one company which dominates a project by employing the majority of the open source developers of that project. And to be honest, this is currently the best case scenario which guarantees that the developers will be employed and the project will continue flourishing. While a company is working on its paid software or services whether that is SaaS subsodizes open source development indirectly.

There are also exceptions for the project monopoly scenario: for example, some of the Cloud Native Computing Foundation projects are developed by a large number of competing companies. Also, the Apache Software Foundation aims for their projects not to be dominated by a single vendor by encouraging diverse contributors, but most of the popular projects, in reality, are still single vendor projects...

What we are still missing is an open and decentralized model that works like the bazaar without a central coordination and ownership, where consumers (open source users) and producers (open source developers) interact with each other driven by market forces and open source value. In order to complement open source, such a model also has to be open and decentralized and this is why the blockchain technology would fit here best. This would create an complementary ecosystem that flows subsidies from users to developers, but without a centralized and monopolized entity (such as an open source company). There are already successful open source cryptocurrency projects such as Decred, Dash, Monero, Zcash, that use a similar decentralized funding model where a portion of the mining or donations subsidy is used for their own development.

Most of the existing platforms (blockchain or non-blockchain) that aim to subsidize open source development are targeting primarily bug bounties, small and piecemeal tasks. There are also a few focused on the funding of new open source projects. But there are not many that aim to provide mechanisms for sustaining continued development of open source projects. Basically, a system that would emulate the behavior of an open source service provider company, or open core, open source based SaaS product company: ensuring developers get continued and predictable incentives, and guiding the project development based on the priorities of the incentivizers, i.e. the users. Such a model would address the limitations of the barter system listed above:
  • Allow divisibility - if you want something small fixed, you can pay a small amount without paying the full premium of becoming an open source developer for a project.
  • Storing value - you can invest a large amount into a project and ensure its continued development and ensure your voice is heard.
  • Transferring value - at any point, you can stop investing in the project and move funds into other projects.
  • Temporal decoupling - allow regular recurring payments and subscriptions.
There would be also other benefits raising purely from the fact that such a blockchain based system is transparent and decentralized: to quantify a project's value/usefulness based on its users' commitment, decentralized roadmap governance, decentralized decision making, etc. While there still will be user who prefer to use the more centrally managed software, there will be others who prefer the more transparent and decentralized way of influencing projects. There is enough room for all parties.


On the one hand, we see large companies hiring open source developers, and acquiring open source startups and even foundational platforms (such as Microsoft buying Github). Many if not most long-running successful open source projects are centralised around a single vendor. The significance of open source, and its centralisation is a fact.

On the other hand, the challenges around sustaining open source software are becoming more apparent, and there are many investigating deeper this space and its foundational issues. There are a few projects with high visibility and a large number of contributors, but there are also many other still important projects but with not enough contributors and maintainers.

There are many efforts trying to address the challenges of open source through blockchain. These projects should improve the transparency, decentralization, subsidization, and establish a direct link between open source users and developers. This space is still very young but progressing fast, and with time, the bazaar is going to have a cryptocurrency system.

Given enough time, and adequate technology, decentralization is happening at many levels:
  • The Internet is a decentralised medium that unlocked world's potential for sharing and acquiring knowledge.
  • Open source is a decentralized collaboration model that unlocked the world's potential for innovation.
  • And similarly, blockchain can complement open source and become the decentralized open source subsidization model.
Follow me on twitter for other posts in this space.

The Rise of Non-Microservices Architectures

(This post was originally published on Red Hat Developers, the community to learn, code, and share faster. To read the original post, click here.)

This is a short summary of my recent experiences with customers implementing architectures similar to microservices but with different characteristics in the post-microservices world.

The microservices architectural style has been around close to five years now, and much has been said and written about it. Today, I see teams deciding not to follow strictly certain principles of the "pure" microservices architecture and breaking some of the "rules". Teams are now more informed about pros and cons of microservices and take context driven decisions respecting team experience, organizational boundaries and accepting the fact that not every company is Netflix. Below are some examples I see in my recent microservices gigs.

No premium in advance

Teams (composed of devs, ops, testers, business analysts, architects, etc) are becoming more and more aware of on the premium they have to pay for the privilege of going into pure microservices based architecture. A typical Java based microservice running on Kubernetes (the most popular microservices platform) will require: a git repository, maven module, a collection of tests (unit, integration, acceptance), APIs, maven artifacts, container images, configurations, secure configurations, build pipelines, design, documentation, etc. At runtime, it will require CPU, memory, disk, networking, metrics aggregation, log aggregation, database, endpoints, service mesh proxy side car, etc. Also a collection of Kubernetes objects: container, volume, configmap, secret, pod, service, replica set, deployment, etc. Navigating and managing tens or hundreds of these artifacts puts a serious burden on everybody in a team. No surprise that recently Thoughtworks announced they are not intending to put microservices architecture into adopting phase of their technology radar in a foreseeable future.

Raison d'ĂȘtre

Considering there is a price per service (not envisaging all the hidden premium), rather than the original "start small, start with few hundred lines of code", systems start as one service, as a mono repository as long as it belongs to one team. Then for every service, there is a clearly identified reason with benefits justifying its existence as an independent microservice. That is a mandatory existence check before carving a service as a standalone. Talking about reasons, below are a few very valid reasons.

Breaking the bounded context

While the most talked method for decomposition into microservices is decomposition by bounded context, in practice there are many more reasons for creating microservices: decomposing by maturity, decomposing by data-access pattern (read vs write), decomposition by data source (rather than partitioning a data source per microservice, create a microservice per data source), aggregation for a derived functionality (create an orchestrating service for a few other services), aggregation for client convenience (such as backend for frontend pattern), aggregation to aid system performance, etc.

Shared data sources

One of the fundamental principles of microservices is that every service has a separate data store. While in theory, this principles makes perfect sense, in practice, for brownfield projects, it is the hardest part about microservices, and not always worth the effort. That is especially true for integration projects where the data source is typically owned by a different team or company and cannot be partitioned to start with. It is still possible to benefit from having independent services sharing the same data store, by acknowledging its future constraints caused by the data source level coupling.

Less inflated expectations

The good news is that teams are now making more informed decisions rather than blindly trusting microservices conference slides. In regards to Gartner's Hype cycle, that means, after a couple of years of "Inflated Expectations", the microservices architecture is heading (down) towards "Trough of Disillusionment" stage where expectations are more aligned with the real benefits.
Hype cycle
From here on, the future is full of enlightenment and productivity. Unless another cycle starts (such as serverless) before we rip the benefits of this one.

Mutated microservices

Microservices favor event-driven interactions and choreography over orchestration to decrease service coupling. But at the same time we have seen projects like Cadence by Uber, Conductor by Netflix created specifically to orchestrate distributed long-running services as an alternative of the choreography approach.

Bernd Ruecker has done a very good review of using events, orchestration and workflow engines in distributed system and analysing their real against perceived benefits.

In a different post titled Microservices in a Post-Kubernetes Era, I also described what are the changes in the microservices architectural style driven purely by Kubernetes and the cloud native primitives.

There are also others who also wrote about non-microservices architectures such as self-contained systems, miniservices, goodbye-microservices that are better alternatives to pure microservices in certain contexts. These are all good reasons for breaking away from pure microservices principles whenever the context requires it.


The best architecture is the context-driven architecture where you take a well-understood architecture and adapt it your needs. You question every principle, every rule and are not afraid of breaking away from some of the prescriptive elements as long as you understand and accept the consequences. A good analogy is “The map is not the territory”. If the architecture is the map, the context is the territory. Let me know which microservices rules you are breaking and it works for you even better. Be brave.

About Me