Architecture Weekly Issue #30. Articles, books, and playlists on architecture and related topics. Every record has the complexity indication: 🀟 means hardcore, πŸ‘·β€β™‚οΈ is technically applicable right away,  🍼 - introduction to the topic or an overview. Now in telegram as well.


It's already been 172 days of the crazy, brutal, unjustified war of Russia against Ukraine. We condemn this war and want it to stop ASAP. We continue this newsletter so you can advance your skill and help the millions of Ukrainian people in any way possible.

A detailed post from DoorDash on the reengineering their event streaming platform. They introduced Kafka to all their services via Kafka Rest Proxy, and the post explaines how they come up with the solution and how they configured it to run in Kubernetes.

Building Scalable Real Time Event Processing with Kafka and Flink
Learn how DoorDash build a platform to process billions of events from different data sources, quickly, consistently and reliably

Kubernetes Policy Management Whitepaper 🀟

Cloud-Native Foundation published a whitepaper on the Kubernetes Policy Management. It highlights how the Policy Management brings security of clusters and workloads and brings the pieces to have proper policy management in place. Read a short note on the whitepaper on infoq.

CNCF Publishes the Kubernetes Policy Management Whitepaper
The CNCF recently published a new whitepaper about Kubernetes Policy Management. The whitepaper highlights the importance of Kubernetes policy management when it comes to the security and automation of clusters as well as workloads. Also, it goes in-depth into the problems Kubernetes policies solve…

Introduction to API Contract Testing 🍼

In my practice, the situation when there is an API agreed between several teams is broken by a typo, misunderstanding or changed requirements, was quite common. Going API First typically helps to improve the situation, but does not guarantee to avoid it. Thus, we introduce testing the contracts to finish the circle. What's that and how to use it in the article by Sauce Labs.

Getting Started with API Contract Testing
Learn what OpenAPI-driven contract testing is, how and when contract testing is performed and scaled for massive microservices programs, and how it can provide relief to development teams.

Mastering the Architecture Mindset 🍼

Gregor Hohpe visited the podcast "Breaking Changes". In this episode he speaks on removing the constraints from the teams and the mindset to use facing new technologies, like what questions you should definitely ask yoursefl. Find the full episode below.

IoT Security Overview πŸ‘·β€β™‚οΈ

There is a whitepaper on ResearchGate, which makes a good, detailed overview on the IoT world and the security concerns within it. It describes the different types of IoT devices, the common IoT system architecture and lists the security concerns for them.

Logical Physical Clocks 🀟

We know, there is no single time in a distributed system. There are different attempts to solve this: logical clocks, physical time, hybrid approach, etc. Another way of it is a Hybrid Clock algorythm. What's that? Read in the paper.

Architectures for Modern eCommerce Applications πŸ‘·β€β™‚οΈ

eCommerce is the next domain I want to start share design materials on. Find a short note of a reference architecture and highlights of the best practices for the domain.

Architectures for Modern eCommerce Applications
API-first, modular architectures offer many possibilities when it comes to creating highly performant commerce applications that center around user experience.

Supply Chain Integrity Framework πŸ‘·β€β™‚οΈ

The threats of hijacking npm packets or docker containers increased lately. This is one of the attacks on the supply chains, as software delivery is part of one indeed. Google suggested a framework of ensuring the Supply Chain integrity for Software. Read below.

Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
Posted Kim Lewandowski, Google Open Source Security Team & Mark Lodato, Binary Authorization for Borg Team Supply chain integrity attacksβ€”u...

Performance Efficiency in Cloud πŸ‘·β€β™‚οΈ

Going performce efficient in the cloud environment can be tricky. AWS lists the best practices for performance design as a part of their Well-Architected Framework, which contains design principles and reference architectures.

Performance Efficiency - AWS Well-Architected Framework

Do you really need Microservices? πŸ‘·β€β™‚οΈ

Microservices can deal well with using different technology stacks, isolate failures or parallelize work between teams. But they come with a high price. Matthew Spence posted a new article on how you can tackle the same problem with less distributed approach.

You Don’t Need Microservices
Microservices are very much in vogue for web software architecture. For most teams though, the monolith should remain the default choice.

PCI for dummies

Payment Card industry Data Security Standard is a set of measures to ensure that transactions are secure, traceable and convenient. There is a PDF on introduction to PCI which explains what should be done if you store and process card holders data.

This newsletter is hosted on GCP and uses Mailgun to send the emails. The cost is ~$25 per month. Liked it? Consider helping to run this newsletter at Patreon :)