{
    "componentChunkName": "component---src-pages-blog-post-tsx",
    "path": "/blog/2020-09-16/why-distributed-apps-need-dependency-management",
    "result": {"data":{"site":{"siteMetadata":{"siteUrl":"https://www.architect.io"}},"allMdx":{"edges":[{"node":{"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"title\": \"Why distributed apps need dependency management\",\n  \"slug\": \"why-distributed-apps-need-dependency-management\",\n  \"date\": \"2020-09-16T00:00:00.000Z\",\n  \"author\": \"David Thor\",\n  \"image\": \"./dependency-mgmt@2x.png\"\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"1000px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/799f3/dependency-mgmt%402x.png\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"55.99999999999999%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAALCAYAAAB/Ca1DAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA+UlEQVQoz51Ty27DMAzL///fbjvu0GE9dM3DsSWZA2VrDdIswxZAVpDQDE0qQ60VUWaP+//WwAWoUDWIKET1dINZw7GfEKKDKkoRB/NyAgLRMKjtvWr7cGCeCKMIInFeCqQo1MwJ1pSh8Tw3wq099hMhutralZZUMN8S7h8TptuCOE2X66t2C2jZE+G2SEiiz/fR+zImt0KpnARi3otIO53oCSEqlnHF5fWKt5cL8pybx10FTxAVIantFEZq3KT9CGlecb9O317SQyrbC8DeQ/dBtSW43dB9itTZSUqc6PHoDNvZ+m0GGUT4xaQjiMOx+ctf4uHo8WB/AcT1ZkZqha+PAAAAAElFTkSuQmCC')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Dependency management\",\n    \"title\": \"Dependency management\",\n    \"src\": \"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/00d43/dependency-mgmt%402x.png\",\n    \"srcSet\": [\"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/63868/dependency-mgmt%402x.png 250w\", \"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/0b533/dependency-mgmt%402x.png 500w\", \"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/00d43/dependency-mgmt%402x.png 1000w\", \"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/aa440/dependency-mgmt%402x.png 1500w\", \"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/799f3/dependency-mgmt%402x.png 1642w\"],\n    \"sizes\": \"(max-width: 1000px) 100vw, 1000px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Distributed cloud applications (aka microservices) have introduced an enormous amount of complexity\\ninto the design and operation of cloud software. What used to manifest itself as complexity hidden\\nwithin a single process or runtime now finds itself spread across tens or hundreds of loosely\\ncoupled services. While all of these services can use different languages and can scale\\nindependently from one another, the distributed nature can often make the app as a whole hard to\\nnavigate, hard to deploy, and hard secure.\"), mdx(\"p\", null, \"This new complexity makes it increasingly difficult to manage and contribute to cloud-native\\napplications, and beckons questions as to how we can maintain healthy cloud software. How can we\\ntake advantage of the benefits of service-oriented design without introducing friction and cost\\nelsewhere?\"), mdx(\"p\", null, \"Fortunately we've run into this problem before. Microservices aren't the first pattern that has\\nforced developers to figure out how to collaborate and contribute to endless webs of interconnected\\ncomponents. For the last few decades the solution has been the same: \", mdx(\"strong\", {\n    parentName: \"p\"\n  }, \"dependency management\"), \".\"), mdx(\"p\", null, \"We use dependency managers every day to re-use public and private software packages, build upon the\\nwork of others, and gracefully encapulate the details of our own work into consumable formats. There\\nare a number of reasons why dependency management is the key to unlocking the power of distributed\\nsoftware, and it's high time we learn from the past to power the future of cloud-native development.\"), mdx(\"h2\", {\n    \"id\": \"1-developer-collaboration\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, \"1. Developer collaboration\", mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#1-developer-collaboration\",\n    \"aria-label\": \"1 developer collaboration permalink\",\n    \"className\": \"anchor after\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  })))), mdx(\"p\", null, \"One of the most important functions of dependency managers like \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://www.npmjs.com/\"\n  }, \"NPM\"), \",\\n\", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://pip.pypa.io/\"\n  }, \"Pip\"), \", \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://maven.apache.org/what-is-maven.html\"\n  }, \"Maven\"), \", and others, is to\\nbroker collaboration amongst developers. By providing a consistent packaging mechanic that\\nseamlessly enables code to be extended, dependency managers have enabled otherwise unrelated teams\\nto consume each other's work. While these tools can be used within the walls of enterprises to\\nenable teams to publish and collaborate on their work, we've seen dependency managers used at a much\\ngrander scale to broker collaboration within the open-source community. The consistency of the\\ntooling and width of adoption has enabled the creation of enormously powerful and freely accessible\\nlibraries for all to use and continue to build upon.\"), mdx(\"p\", null, \"While this level of collaboration has been realized within the communities for individual languages\\n(NPM for Javascript, Pip for Python, etc.), it has yet to be fully realized within the cloud-native\\ncommunity. We fortunately have Docker to create consistency in how cloud services are packaged, but\\ncontainers don't have enough information about the relationships between services to resolve and\\nextend dependencies. Adding proper dependency management to index and resolve relationships to peer\\napps and services is critical if we want to realize for microservices what others already do with\\nlibraries in individual languages.\"), mdx(\"h2\", {\n    \"id\": \"2-self-service-environments\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, \"2. Self-service environments\", mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#2-self-service-environments\",\n    \"aria-label\": \"2 self service environments permalink\",\n    \"className\": \"anchor after\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  })))), mdx(\"p\", null, \"The collaborative effects of dependency managers don't happen by magic. The main reason consistent\\ndependency resolvers are so powerful is because developers all around the world are able to\\nreproduce their effects using the same commands and processes. Reproducibility is a key element of\\ndependency managers. Without it, no one would be able to download and operate libraries and packages\\ncreated by others without complex, custom bootstrapping logic \\u2013 the creation of which would be an\\nenormous barrier to adoption and distribution.\"), mdx(\"p\", null, \"Service-oriented applications are no different from language-specific libraries in this regard. Our\\nability to extend the work of others is predicated on our ability to run or otherwise access the\\nservices and applications we hope to make calls to. Teams have been able to make due by operating\\ncentralized QA or sandbox environments, but the inability to reproduce these environments creates a\\nnew set of problems. Engineers can't operate their own development environments, services that\\ndepend on others can't be easily shipped, developers are forced to write their own scripts to run\\ntheir app locally and remotely, and every team needs to about production-grade tools, networking,\\nand network security. By leveraging a consistent, dependency management solution, teams need only to\\nassert the network dependencies for their services to give everyone in the org a consistent way to\\nspin up services in their stack along with its dependencies \\u2013 allowing everyone to operate their own\\nenvironments.\"), mdx(\"h2\", {\n    \"id\": \"3-automation\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, \"3. Automation\", mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#3-automation\",\n    \"aria-label\": \"3 automation permalink\",\n    \"className\": \"anchor after\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  })))), mdx(\"p\", null, \"The self-service benefits of consistent dependency management doesn't just mean that developers can\\noperate their own environments. It also means that environments can be provisioned and torn down\\nthrough automation. The consistency of a single command or process to resolve dependencies, enrich\\nnetworking, and automate security is the perfect recipe for integration into CI/CD pipelines!\"), mdx(\"p\", null, \"If every service can be run consistently (e.g. with container platforms) and is aware of its own\\ndependencies, new environments can be provisioned for each merge request and changes can be\\nseamlessly promoted into staging and production when merged into relevant branches. This means that\\nevery team can achieve scalable\\n\", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://thenewstack.io/what-is-gitops-and-why-it-might-be-the-next-big-thing-for-devops/\"\n  }, \"GitOps\"), \"\\nfor every developer and every new service added to the application.\"), mdx(\"h2\", {\n    \"id\": \"4-security\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, \"4. Security\", mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#4-security\",\n    \"aria-label\": \"4 security permalink\",\n    \"className\": \"anchor after\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  })))), mdx(\"p\", null, \"One of the risks introduced by microservice architectures is the need for each service to expose\\nAPIs that broker access to their functionality. Since these services live as separate processes,\\ncommunication over a network is one of the only ways for them to connect to each other and receive\\nrequests for processing. This means that each new service exposes an interface that can be accessed\\nby others, and if developers aren't careful they can accidentally expose it to the wrong parties.\"), mdx(\"p\", null, mdx(\"span\", {\n    parentName: \"p\",\n    \"className\": \"gatsby-resp-image-wrapper\",\n    \"style\": {\n      \"position\": \"relative\",\n      \"display\": \"block\",\n      \"marginLeft\": \"auto\",\n      \"marginRight\": \"auto\",\n      \"maxWidth\": \"695px\"\n    }\n  }, \"\\n      \", mdx(\"a\", {\n    parentName: \"span\",\n    \"className\": \"gatsby-resp-image-link\",\n    \"href\": \"/static/9730d795af956c9258aa87e4195a49d5/cc587/declare-data-breach.webp\",\n    \"style\": {\n      \"display\": \"block\"\n    },\n    \"target\": \"_blank\",\n    \"rel\": \"noopener\"\n  }, \"\\n    \", mdx(\"span\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-background-image\",\n    \"style\": {\n      \"paddingBottom\": \"55.99999999999999%\",\n      \"position\": \"relative\",\n      \"bottom\": \"0\",\n      \"left\": \"0\",\n      \"backgroundImage\": \"url('data:image/webp;base64,UklGRpYAAABXRUJQVlA4IIoAAAAQBACdASoUAAsAPtFUo0uoJKMhsAgBABoJYwC7AYvgz/kNY6xqChp74AD9TXpDsWKJkFZ4CLtp8HfysymXBEZtb9f6ZqeTeNrY77UEQVCBaU9JBbVd1OIX0EuUG9+Tsh9l5R8bp15CSWNMj7NVn3JBSK5DJ8UT/ZiHxJhuNMBac6wDehWz3FSgAAA=')\",\n      \"backgroundSize\": \"cover\",\n      \"display\": \"block\"\n    }\n  }), \"\\n  \", mdx(\"img\", {\n    parentName: \"a\",\n    \"className\": \"gatsby-resp-image-image\",\n    \"alt\": \"Cloud Security\",\n    \"title\": \"Cloud Security\",\n    \"src\": \"/static/9730d795af956c9258aa87e4195a49d5/cc587/declare-data-breach.webp\",\n    \"srcSet\": [\"/static/9730d795af956c9258aa87e4195a49d5/1e0be/declare-data-breach.webp 250w\", \"/static/9730d795af956c9258aa87e4195a49d5/b0a15/declare-data-breach.webp 500w\", \"/static/9730d795af956c9258aa87e4195a49d5/cc587/declare-data-breach.webp 695w\"],\n    \"sizes\": \"(max-width: 695px) 100vw, 695px\",\n    \"style\": {\n      \"width\": \"100%\",\n      \"height\": \"100%\",\n      \"margin\": \"0\",\n      \"verticalAlign\": \"middle\",\n      \"position\": \"absolute\",\n      \"top\": \"0\",\n      \"left\": \"0\"\n    },\n    \"loading\": \"lazy\",\n    \"decoding\": \"async\"\n  }), \"\\n  \"), \"\\n    \")), mdx(\"p\", null, \"Preventing accidental exposure of network interfaces is yet another area where dependency management\\ncan provide support. With developers providing a structured index of their own service's network\\ndependencies, not only can we automatically resolve those dependencies, but we can also enrich the\\nenvironment with the corresponding network policies required to lock it down \\u2013 only services that\\ndepend on each other can access each other. This structured approach drastically reduces the need\\nfor developers to understand network security tooling, and opens them up to create new services more\\nfreely.\"), mdx(\"h2\", {\n    \"id\": \"5-flexibility\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, \"5. Flexibility\", mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#5-flexibility\",\n    \"aria-label\": \"5 flexibility permalink\",\n    \"className\": \"anchor after\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  })))), mdx(\"p\", null, \"Another benefit of dependency management with respect to microservices and distributed applications\\nis flexibility. With developers capturing the details of their immediate dependencies and\\nassociating them with their own services, the resolver itself is free to instrument the\\nrelationships in unique ways in each environment that gets deployed. Want to try out a different API\\ngateway or service mesh? Want to instrument distributed tracing by capturing ingress and egress\\ntraffic from each service? With automation that can hook into the dependency resolver, operators are\\nfree to experiment with new tools and configs without any code changes to existing services or\\ndistractions for developers.\"), mdx(\"h2\", {\n    \"id\": \"why-doesnt-it-already-exist\",\n    \"style\": {\n      \"position\": \"relative\"\n    }\n  }, \"Why doesn't it already exist?\", mdx(\"a\", {\n    parentName: \"h2\",\n    \"href\": \"#why-doesnt-it-already-exist\",\n    \"aria-label\": \"why doesnt it already exist permalink\",\n    \"className\": \"anchor after\"\n  }, mdx(\"svg\", {\n    parentName: \"a\",\n    \"aria-hidden\": \"true\",\n    \"focusable\": \"false\",\n    \"height\": \"16\",\n    \"version\": \"1.1\",\n    \"viewBox\": \"0 0 16 16\",\n    \"width\": \"16\"\n  }, mdx(\"path\", {\n    parentName: \"svg\",\n    \"fillRule\": \"evenodd\",\n    \"d\": \"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"\n  })))), mdx(\"p\", null, \"Dependency resolution would be an enormously powerful tool solution to enable developers to\\ncollaborate and contribute to cloud-native applications, but can't we use the vast number of package\\nmanagers that already exist to help with instrumentation? While it would be nice to use existing\\ntools, resolving dependencies for networked applications isn't the same as resolving the\\nrelationships between libraries and binaries.\"), mdx(\"p\", null, \"The download of code artifacts that fulfill dependency requirements for libraries all happens at\\nbuild-time to create one master binary/library. Microservices however don't get bundled into single\\nbinaries and instead need to be run as independent services and then connected to over a network.\\nThis means that the resolution strategy has additional steps, and happens at an entirely different\\nlifecycle stage than regular libraries. Turns out, the earliest point in an application lifecycle\\nthat we can properly resolve dependencies for distributed applications is at deploy-time. It is at\\nthis point that we know both the relationships between all services in the stack as well as the\\ntooling and details of the target environment needed to properly provision and connect services.\"), mdx(\"p\", null, \"To sum it up, it's hard to create a large scale resolver for network dependencies, but doing so\\nwould provide enormous benefits to engineering teams and the cloud community as a whole. If we're to\\nproperly navigate the growing landscape of cloud-native tools, we'll need to learn from dependency\\nmanagement practices of the past.\"));\n}\n;\nMDXContent.isMDXComponent = true;","excerpt":"Distributed cloud applications (aka microservices) have introduced an enormous amount of complexity\ninto the design and operation of cloud software. What used to manifest itself as complexity hidden…","tableOfContents":{"items":[{"url":"#1-developer-collaboration","title":"1. Developer collaboration"},{"url":"#2-self-service-environments","title":"2. Self-service environments"},{"url":"#3-automation","title":"3. Automation"},{"url":"#4-security","title":"4. Security"},{"url":"#5-flexibility","title":"5. Flexibility"},{"url":"#why-doesnt-it-already-exist","title":"Why doesn't it already exist?"}]},"frontmatter":{"title":"Why distributed apps need dependency management","description":null,"author":"David Thor","date":"2020-09-16","image":{"childImageSharp":{"gatsbyImageData":{"layout":"constrained","images":{"fallback":{"src":"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/b7c37/dependency-mgmt%402x.png","srcSet":"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/a9493/dependency-mgmt%402x.png 250w,\n/static/37a3c99a03c6df8fa9cbbfeafa8247ff/9901b/dependency-mgmt%402x.png 500w,\n/static/37a3c99a03c6df8fa9cbbfeafa8247ff/b7c37/dependency-mgmt%402x.png 1000w","sizes":"(min-width: 1000px) 1000px, 100vw"},"sources":[{"srcSet":"/static/37a3c99a03c6df8fa9cbbfeafa8247ff/81cfb/dependency-mgmt%402x.webp 250w,\n/static/37a3c99a03c6df8fa9cbbfeafa8247ff/c1a5c/dependency-mgmt%402x.webp 500w,\n/static/37a3c99a03c6df8fa9cbbfeafa8247ff/caa2d/dependency-mgmt%402x.webp 1000w","type":"image/webp","sizes":"(min-width: 1000px) 1000px, 100vw"}]},"width":1000,"height":559}}}}},"next":null,"previous":null}]}},"pageContext":{"slug":"why-distributed-apps-need-dependency-management"}},
    "staticQueryHashes": ["764694655"]}