Breaking down a monolith into microservices - an integration journey
- Before transitioning, identify the biggest pain points and boundaries in the monolithic codebase and decouple them into separate services. Rather than the size of code chunks, focus on ensuring these services can handle their business logic within the boundaries.
- Split developers into two teams: one that continues to work on the old monolith which is still running and even growing and another to work on the new codebase.
- Avoid too much decoupling as a first step, you can always break it down later on. Enable logging across the board for observation and monitoring.
- Enforce security between microservices with mutual TLS to restrict access by unauthorized clients even within the architecture, and Oauth2-based security service.
- For external clients, use an API gateway for authentication and authorization, and firewalls and/or tokens based on the type of client.
- Secure any middleware you use as most come without credentials or a default credential. Automate security testing in your microservices deployment procedure.
Full post here, 5 mins read