openskills.info

Cloud Native Architecture

itCloud native tools and technologies

Cloud Native Architecture

Cloud native architecture helps you build systems that can change often without turning every change into an outage. It is an approach to design and operations, not a product checklist.

The Cloud Native Computing Foundation defines the approach through outcomes. Cloud native systems are loosely coupled, secure, resilient, manageable, sustainable, and observable. Teams use repeatable automation to build and deploy them across public, private, and hybrid environments.

Containers, microservices, serverless platforms, service meshes, immutable infrastructure, and declarative APIs can support those outcomes. None is mandatory by itself. A containerized monolith can be cloud native. A collection of fragile microservices can fail to be cloud native.

Start with the change you need

Architecture sets boundaries. A useful boundary contains change and gives one team a clear responsibility. A poor boundary adds a network call, a deployment, and another failure mode without creating useful independence.

Ask four questions before splitting a system:

  1. What must change independently?
  2. What must scale independently?
  3. What must fail independently?
  4. Who owns the behavior and its data?

Keep components together when their release schedules, scaling needs, and ownership stay aligned. Separate them when the independence pays for the operational cost.

Microservices are one possible result. They can let teams develop, deploy, and scale components independently. They also replace in-process calls with distributed communication. That introduces authentication, service discovery, secure transport, load balancing, throttling, and failure-handling concerns.

Design the runtime as a feedback system

A cloud native runtime works best when you declare an intended state and let control loops reconcile actual state toward it. The declaration becomes a durable contract. The platform repeatedly compares intent with reality and acts when they differ.

Kubernetes Deployments show this pattern. You declare the desired Pods. A controller creates or replaces Pods to approach that state. The same idea appears in GitOps, where versioned declarations are pulled and continuously reconciled by software agents.

Reconciliation does not make an application correct. A platform can restart a crashing process, but it cannot repair faulty business logic. You still need timeouts, bounded retries, graceful degradation, tested recovery, and clear ownership.

Separate build, release, and run

Treat a release as an immutable candidate. Build it once, add environment-specific configuration at deployment time, and promote the same artifact through environments. Avoid repairing production by changing a running instance. Replace it with a known version instead.

This model reduces configuration drift and makes rollback easier to reason about. It also requires external state. Store durable data outside disposable application processes, and design schema changes so old and new versions can coexist during a rollout.

Make failure a normal design input

Distributed systems fail partially. One component may be healthy while a dependency is slow or unavailable. A request can succeed on the server after the client has timed out. A retry can therefore repeat an action that already happened.

Design each remote interaction with an explicit deadline. Retry only when the operation is safe to repeat, or use an idempotency mechanism. Limit retries and add jitter so many clients do not retry together. Use circuit breakers or load shedding where continued calls would deepen an overload.

Keep the failure domain smaller than the whole system. Replicate critical components across independent infrastructure when the business requirement justifies it. Test restoration from backups; replication alone does not protect against deletion or corruption.

Observe behavior across boundaries

You cannot manage a distributed system from host health alone. Instrument the path that serves the user.

OpenTelemetry organizes telemetry into signals such as traces, metrics, logs, and baggage. Traces connect work across service boundaries. Metrics summarize behavior over time. Logs record discrete events. Correlation identifiers help you move between these views.

Start with service-level indicators tied to user outcomes, such as successful request rate and latency. Define a service-level objective for the acceptable result. Alerts should report a threatened objective or an action an operator can take, not every internal fluctuation.

Treat the delivery path as part of the architecture

Source, build systems, artifact registries, deployment automation, policy, and runtime configuration form one delivery path. A weakness in that path can affect every workload it ships.

Keep desired state versioned. Review changes. Produce repeatable builds. Identify artifacts precisely. Restrict who and what may promote them. Prefer automated policy checks for rules that must hold every time.

Security spans every boundary. Authenticate callers, authorize each action, encrypt sensitive traffic, minimize privileges, and record security-relevant events. A service mesh or API gateway can centralize some controls, but it cannot choose correct authorization rules for the application.

Platforms reduce repeated work

If every team assembles its own logging, deployment, identity, and recovery mechanisms, the organization owns many inconsistent platforms. A shared platform can provide tested paths for common workloads.

Good platform abstractions expose the choices application teams need and hide incidental machinery. They should not erase escape routes for unusual requirements. Treat the platform as a product: document it, observe it, version its interfaces, and learn where users work around it.

When this approach fits

Cloud native architecture is useful when you need frequent change, elastic capacity, many independently owned capabilities, automated recovery, or portability across dynamic environments. Its practices also help a modular monolith running on a managed platform.

The full operating model may be excessive for a small system with stable demand and one team. More deployable units mean more interfaces, identities, telemetry, failure modes, and operational work. Begin with the simplest architecture that meets the required change rate and reliability. Add distribution when evidence supports it.

A practical design sequence

  1. Name the user outcome and measurable reliability target.
  2. Map dependencies, data ownership, trust boundaries, and failure domains.
  3. Choose boundaries that support independent change or scaling.
  4. Define contracts for synchronous calls, events, and stored data.
  5. Design timeouts, retries, degradation, recovery, and rollout behavior.
  6. Define versioned desired state and an automated delivery path.
  7. Instrument the user journey and rehearse failure.
  8. Revisit the design with production evidence.