This blog post discusses the best practices to be followed while using App Configuration on IBM Cloud.
IBM Cloud App Configuration is a centralized feature-management and configuration service on IBM Cloud. App Configuration helps developers progressively deliver features in order to ship the code faster and reduce risk of potential failures. The service also offers SDKs for programming languages like Go, Node.js, Java, Python, JavaScript, React and Kotlin that can be integrated with the applications.
IBM Cloud App Configuration best practices
Create different App Configuration environments for boundary protection
Based on the compliance requirements, you may have a boundary requirement for your prod/non-prod instances, and you can have separate non-prod and prod instances of App Configuration. Further, you can create App Configuration environments based on the deployment environments. You can also choose to extend this architecture to have individual instances for each prod region:
Control access based on policies
You may want to control access to feature flags based on policies. For instance, only administrators should be allowed to toggle a feature flag on a production-related environment in App Configuration. To restrict access to your feature flags in an environment, you can manage using environment-level access in the service.
Follow naming conventions
Following a naming convention can help in multiple ways:
- The name can help identify the purpose of the flag.
- The name can identify the role of the flag (e.g., if it’s for internal or external usage).
Having a naming convention helps developer to understand the feature flag, and this avoids ambiguity.
Like naming conventions on the feature flag, you should define specific tags to categorize the feature flags/properties. A description of the flags can be used to detail the purpose of the application for which the flag is being used.
Manage operational flags/properties
App Configuration can be used to manage your operational flags/properties (and not just the release flags). Operational flags prepare the system to respond to any production failures. It works like a circuit breaker, which can help in graceful degradation of a system under peak load or customer-impacting incidents.
It can also help dynamically enable trace for a specific feature failure or for a specific customer incident, which in turn drastically reduces MTTR.
Utilize targeted feature roll-out
You can use App Configuration to perform A/B testing, canary testing and experimentation in production or to selectively enable features for a set of groups of users or a geography. This helps you test in production with live data, allowing you to receive feedback from your business users or customers with very minimal or no impact.
Avoid dependencies between flags
Each flag should serve a specific purpose, and flags should be independent of each other. If you need to enable multiple flags for a single release or switching the state of a flag conflicts with another flag, it can become confusing and difficult to maintain. This also will impact the user experience negatively.
Use App Configuration to manage your secrets
App Configuration integrates with IBM Cloud Secrets Manager, which helps manage your secrets as if they are configuration properties. This can help in maintaining properties and secrets together as part of the Configuration as Code (CaC).
Clean up obsolete flags
Release flags and roll-out flags are only temporarily needed. Operational flags are required until the application exist. Not removing the flags and the corresponding code can lead to technical debt. When a flag is fully released and no longer required, it can be tagged with specific tag, and once in a specific time frame (e.g., every 6 months), all such tagged features can be removed from the system. The same process can be applied to properties, segments and collections.
Use the latest version of the SDK
Always use the latest version of the SDKs. The latest version contains the bug fixes, vulnerability fixes and new feature support.
Listen to the feature or property changes
Listen to the event-based notifications for real-time updates in the App Configuration instance using the SDK. This helps to keep your application up to date with the updates.
Bootstrap your application with App Configuration snapshots
Capture the current configuration using snapshots into your Git repositories. This can help in maintaining the versions of your configuration (Configuration as Code). Bootstrap your application even when there is no connectivity to the App Configuration service.
Use feature flags/properties in CI/CD pipelines
Use App Configuration feature flags or properties in your CI/CD pipelines to avoid the hard coding of configurations in the pipeline.
Using App Configuration in the pipeline also helps manage secrets for your dependencies. For example, if a dependency is not used in a specific region or a dependency is applicable only to a specific region, control the creation of Kubernetes secrets or environmental variables in your regional infrastructure according to the applicable dependencies using the CI/CD pipelines integrated with App Configuration.
Automate using Infrastructure as Code (IaC)
Automate your feature flag deployments using Terraform supported by App Configuration to easily onboard to a new region.
Follow a Governance process
Feature flag hell can be avoided by using a Governance process. This Governance process helps ensure the best practices are enforced. The process also helps identify the lifecycle of the feature flag, including how to define the feature flag and when to remove it. App Configuration helps audit events using IBM Cloud Activity Tracker. Use this feature to track how users and applications are using the feature flags/properties.