Quick Definition (30–60 words)
Pub sub is a messaging pattern where publishers send messages to topics and subscribers receive messages asynchronously. Analogy: a postal distribution center routes mail to subscribers without senders knowing recipients. Formal: an asynchronous, decoupled, topic-based message distribution system supporting at-least-once or exactly-once semantics depending on implementation.
What is Pub sub?
Pub sub (publish–subscribe) is a messaging architecture that decouples producers and consumers using intermediary topics or channels. Publishers emit messages to named topics; subscribers express interest in topics and receive messages. Implementations vary from lightweight in-process libraries to globally distributed cloud services.
What it is NOT:
- Not a direct RPC or synchronous request/response system.
- Not a database or durable store (though some offer durable retention).
- Not a replacement for transactional ACID guarantees across services.
Key properties and constraints:
- Decoupling of producers and consumers.
- Delivery semantics: at-most-once, at-least-once, exactly-once (varies).
- Ordering guarantees: none, per-partition, or strong (varies).
- Retention policies: transient, time-based, or size-based.
- Fanout: one-to-many distribution is native.
- Scalability depends on partitions, shards, or topic design.
Where it fits in modern cloud/SRE workflows:
- Event-driven microservices and data pipelines.
- Observability event streams and security audit trails.
- Decoupling async workloads for resilience and elasticity.
- Asynchronous command/event buses for automation and AI pipelines.
A text-only “diagram description” readers can visualize:
- Publishers -> Topic Router -> Partitions/Shards -> Subscription Queues -> Subscribers/Workers. Control plane manages topic metadata, retention, and access. Observability taps read from router and queues.
Pub sub in one sentence
A pattern that routes messages from producers to interested consumers via topics, enabling asynchronous decoupling, scalable fanout, and flexible delivery semantics.
Pub sub vs related terms (TABLE REQUIRED)
| ID | Term | How it differs from Pub sub | Common confusion |
|---|---|---|---|
| T1 | Message Queue | Single consumer semantics often and queue-focused | Confused with pub sub fanout |
| T2 | Event Bus | Broader concept including routing rules | Used interchangeably sometimes |
| T3 | Streaming Platform | Persists ordered logs and supports replays | Thought identical to simple pub sub |
| T4 | Broker | Component that routes messages | Treated as the entire system |
| T5 | Event Sourcing | Stores events as source of truth | Not the same as transport layer |
| T6 | RPC | Synchronous direct calls | Assumed equivalent due to request semantics |
| T7 | Webhook | HTTP push to endpoints | Considered a pub sub replacement |
| T8 | Notification Service | Simple fanout for alerts | Mistaken for general event routing |
| T9 | Message Bus | Enterprise term for integrated messaging | Overlaps with many patterns |
| T10 | Stream Processing | Stateful transformations over streams | Confused as transport instead of compute |
Row Details (only if any cell says “See details below”)
- None.
Why does Pub sub matter?
Business impact:
- Revenue: enables scalable features like real-time personalization, delayed processing, and user notifications that drive engagement and monetization.
- Trust: decoupling reduces blast radius of failures; reliable delivery maintains customer-facing SLAs.
- Risk: misconfigured retention or permissions can leak data or cause lost revenue.
Engineering impact:
- Incident reduction: decoupling and buffering prevent backpressure from cascading.
- Velocity: teams deploy independently with event contracts rather than synchronous APIs.
- Complexity cost: introduces operational overhead, schema evolution, and retry logic.
SRE framing:
- SLIs: delivery latency, success ratio, consumer lag, retention integrity.
- SLOs: define acceptable loss or duplication; typical SLOs for delivery success are 99.9%+ for core pipelines.
- Error budget: use for feature launches that increase event volume.
- Toil: automate schema registry, topic lifecycle, and partition management to reduce manual tasks.
- On-call: responders should have clear runbooks for consumer lag, brokers full, or FK permission errors.
3–5 realistic “what breaks in production” examples:
- Producer misconfiguration floods topic with high message rate, causing consumer lag and increased costs.
- Consumer bug acking messages prematurely results in data loss or double-processing.
- Broker storage exhausted due to retention miscalculation causing outages and data loss.
- Schema change without versioning causes consumers to crash on parse errors.
- Network partition isolates a datacenter leading to split-brain delivery semantics.
Where is Pub sub used? (TABLE REQUIRED)
| ID | Layer/Area | How Pub sub appears | Typical telemetry | Common tools |
|---|---|---|---|---|
| L1 | Edge network | Event ingestion gateway and CDN logs | Ingest rate, errors, latency | Kafka, Pulsar, CloudPubSub |
| L2 | Service-to-service | Async commands and events between microservices | Ack rate, processing latency, retries | Kafka, NATS, RabbitMQ |
| L3 | Application layer | User notifications and UI events | Fanout latency, delivery success | Push services, Message queues |
| L4 | Data pipelines | ETL, analytics pipelines and stream joins | Consumer lag, processing throughput | Kafka Streams, Flink, Spark |
| L5 | Serverless | Trigger functions from events | Invocation rate, cold starts, failures | CloudPubSub, EventBridge |
| L6 | Observability | Metrics, traces, logs transport | Event loss, throughput, retention | Fluentd, Vector, Log brokers |
| L7 | CI CD | Build notifications and deployment events | Delivery latency, retries | Pub sub systems used by pipelines |
| L8 | Security | Audit events, alerts, SIEM feed | Event fidelity, tamper evidence | Kafka, Cloud PubSub, Security brokers |
Row Details (only if needed)
- None.
When should you use Pub sub?
When it’s necessary:
- Fanout to many consumers with independent processing.
- Decoupling services to improve resilience and deployment autonomy.
- Implementing event-driven or streaming data pipelines with replayability.
- Handling bursty traffic with buffering to absorb spikes.
When it’s optional:
- Simple point-to-point tasks with low throughput where a queue suffices.
- Short-lived synchronous APIs where immediate response is required.
- Small-scale apps where added operational overhead isn’t justified.
When NOT to use / overuse it:
- Don’t use pub sub as a transactional consistency mechanism across services.
- Avoid for simple lookups or queries; use caches or databases.
- Avoid over-fanning events that replicate state unnecessarily and increase coupling.
Decision checklist:
- If you need async fanout and loose coupling -> use pub sub.
- If you need strict transactional consistency across services -> consider synchronous or ACID store.
- If you need ordered processing for a stream of events per key -> use partitioned pub sub or a streaming platform.
- If you need replayability and long retention -> use streaming log with durable storage.
Maturity ladder:
- Beginner: Managed cloud pub sub with simple topics, single consumer groups, no custom partitions.
- Intermediate: Partitioning, consumer groups, schema registry, retries, dead-letter queues.
- Advanced: Multi-region replication, exactly-once semantics, stream processing with stateful operators, automated scaling and cost optimization.
How does Pub sub work?
Components and workflow:
- Publisher: produces messages and writes to a topic.
- Broker/Router: receives messages, partitions, persists or routes them.
- Topic: logical stream identifier with retention and partitioning rules.
- Partition/Shard: unit of parallelism and ordering.
- Subscription: consumer view of a topic; can be push or pull.
- Subscriber/Consumer: reads messages, processes, and acknowledges.
- Control Plane: manages configuration, ACLs, quotas.
- Schema Registry: verifies message formats and supports evolution.
- Monitoring and Observability: captures throughput, latency, errors, lag.
Data flow and lifecycle:
- Producer serializes message and sends to topic.
- Broker accepts message, assigns partition, appends to log or places in queue.
- Subscribers fetch or receive messages; processing occurs.
- Consumer acknowledges success or signals failure; broker marks offset or requeues.
- Retention policy expires message or keeps for replay.
- In case of failure, dead-letter queue or retry mechanism handles retries.
Edge cases and failure modes:
- Network partitions causing duplicate deliveries or split-brain.
- Consumer crashes leaving unacked messages; backlog grows.
- Broker storage full leading to write failures.
- Schema incompatibilities causing consumers to fail parsing.
- Ordering violations due to multi-partition messages for same key.
Typical architecture patterns for Pub sub
- Simple fanout – Use when: notifications, webhook fanout, broadcast events.
- Partitioned streams – Use when: ordered processing per key at scale.
- Compacted event log – Use when: change-data-capture and state materialization.
- Queue-backed subscriptions – Use when: point-to-point processing with load leveling.
- Serverless triggers – Use when: event-driven functions and lightweight workflows.
- Hybrid streaming + batch – Use when: real-time analytics with periodic aggregation.
Failure modes & mitigation (TABLE REQUIRED)
| ID | Failure mode | Symptom | Likely cause | Mitigation | Observability signal |
|---|---|---|---|---|---|
| F1 | Consumer lag | Increasing lag metric | Consumer slowness or outage | Scale consumers or fix bug | Lag per partition spike |
| F2 | Message loss | Missing downstream data | At-most-once config or ack bug | Enable retries and DLQ | Drop in success ratio |
| F3 | Duplicate delivery | Idempotency issues | At-least-once semantics | Add idempotent processing | Reprocessing counts up |
| F4 | Broker full | Writes failing | Retention or disk misconfig | Increase storage or purge | Broker disk utilization |
| F5 | Schema break | Consumer parse errors | Incompatible schema change | Use schema registry, versioning | Parse error rate |
| F6 | Hot partition | Unequal load | Bad key design | Repartition or change keying | Per-partition throughput skew |
| F7 | Authentication fail | Unauthorized errors | ACLs or rotated creds | Rotate and update creds | Auth failure rate |
| F8 | Network partition | Split delivery patterns | Cross-region network issues | Use replication and backpressure | Cross-region error spikes |
| F9 | Slow producer | Throughput drop | Backpressure or client bug | Optimize batching | Producer send latency rise |
| F10 | DLQ floods | DLQ grows quickly | Consumer logic rejects messages | Investigate root cause | DLQ depth increase |
Row Details (only if needed)
- None.
Key Concepts, Keywords & Terminology for Pub sub
Below are 40+ terms with concise definitions, importance, and common pitfall.
- Topic — Named stream for messages — central routing unit — Pitfall: Unlimited topics increase ops burden.
- Subscription — Consumer view of a topic — defines delivery semantics — Pitfall: Misconfigured ack settings.
- Partition — Unit of parallelism — controls ordering scope — Pitfall: Hot partitions from skewed keys.
- Broker — Message router and storage node — handles append and delivery — Pitfall: Single broker limits scale.
- Producer — Service that publishes events — initiates pipeline — Pitfall: Not batching causes high overhead.
- Consumer — Service that processes messages — drives downstream work — Pitfall: Not idempotent leads to duplicates.
- Offset — Position in a partition log — used for replay — Pitfall: Manual offset commits are error-prone.
- Acknowledgement — Confirmation of processing — controls redelivery — Pitfall: Premature ack causes data loss.
- At-least-once — Delivery guarantee — may cause duplicates — Pitfall: Requires idempotency.
- At-most-once — Delivery guarantee — may lose messages — Pitfall: Used for non-critical events incorrectly.
- Exactly-once — Delivery with deduplication — desired but complex — Pitfall: Often only within specific systems.
- Fanout — One message to many subscribers — enables broadcast — Pitfall: Uncontrolled fanout increases costs.
- Retention — How long messages are kept — enables replay — Pitfall: Too long increases storage cost.
- Compaction — Keep latest per key — used for state streams — Pitfall: Not suitable for event history.
- Dead-letter queue — Holds failed messages — prevents blocking — Pitfall: Treating DLQ as archive instead of fix pipeline.
- Schema registry — Stores message schemas — enables validation — Pitfall: Skipping registry leads to runtime errors.
- Serialization — Converting objects to bytes — essential for transport — Pitfall: Changing formats silently breaks consumers.
- Deserialization — Parsing bytes to objects — consumer-side operation — Pitfall: No version handling causes crashes.
- Consumer group — Set of consumers sharing a subscription — enables scaling — Pitfall: Miscounting consumers reduces parallelism.
- Leader election — Broker cluster coordination — maintains consistency — Pitfall: Unstable elections cause outages.
- Throughput — Messages per second — capacity measure — Pitfall: Ignoring message size when computing throughput.
- Latency — Time from publish to ack — user experience metric — Pitfall: Measuring only broker-side underestimates end-to-end.
- Backpressure — Mechanism to slow producers — protects consumers — Pitfall: No backpressure leads to cascading failures.
- Retry policy — How failures are retried — balances reliability and duplication — Pitfall: Infinite retries create DLQ storms.
- Exactly-once semantics — Deduplicate or transactional processing — reduces duplicates — Pitfall: High overhead and complexity.
- Idempotency — Processing safe to repeat — reduces duplicate side effects — Pitfall: Not designing idempotency early.
- Ordering guarantee — Whether messages keep order — affects correctness — Pitfall: Multi-partition ordering surprises.
- Sharding — Dividing data for scale — similar to partitions — Pitfall: Poor shard key choice causes imbalance.
- Stream processing — Real-time transformations — enables analytics — Pitfall: Stateful processes need checkpointing.
- Checkpointing — Save consumer offsets reliably — supports recovery — Pitfall: Storing externally can be inconsistent.
- Push vs Pull — Delivery model — push sends, pull requests — Pitfall: Push needs robust endpoint availability.
- Exactly-once delivery transactions — Broker+processor transactional commit — supports consistent state — Pitfall: Not universally supported.
- Multi-tenancy — Sharing topics across teams — improves efficiency — Pitfall: No isolation can cause noisy neighbors.
- Replication — Copy data across nodes or regions — increases availability — Pitfall: Higher cost and eventual consistency.
- Broker quota — Limits per tenant — prevents abuse — Pitfall: Hidden throttles cause silent failures.
- Consumer lag — How far behind consumer is — operational health metric — Pitfall: Silent growth until SLA breach.
- Observability hooks — Traces, metrics, logs for pipeline — essential for SRE — Pitfall: No tracing of event lineage.
- Dead-letter handling — Process for failed messages — prevents loss — Pitfall: DLQ ignored in ops.
How to Measure Pub sub (Metrics, SLIs, SLOs) (TABLE REQUIRED)
| ID | Metric/SLI | What it tells you | How to measure | Starting target | Gotchas |
|---|---|---|---|---|---|
| M1 | Publish success rate | Producer writes accepted | successful publishes / total publishes | 99.9% | Backpressure skews short term |
| M2 | End-to-end latency | Time from publish to ack | median and p95 of publish to ack | p95 < 1s for infra events | Large variance with retries |
| M3 | Consumer lag | How far consumer behind | latest offset minus consumer offset | lag per partition < threshold | Silent slowdowns happen |
| M4 | Message loss rate | Messages not processed | detected via reconciliation | near 0 for critical flows | Hard to detect without lineage |
| M5 | Duplicate rate | Re-delivered messages | duplicate ids / total processed | <0.1% for critical | Requires dedupe keys |
| M6 | DLQ rate | Failed messages per time | DLQ inflow / total | Low but nonzero | Noise from malformed messages |
| M7 | Broker disk usage | Storage capacity health | used/available per broker | <75% | Retention spikes blow it up |
| M8 | Partition skew | Uneven partition load | max/min throughput ratio | ratio < 3 | Hot keys create extremes |
| M9 | Consumer throughput | Processing capacity | processed messages per second | scale to traffic | Varies with message size |
| M10 | Schema compatibility failures | Schema errors count | schema rejections per deploy | 0 per deploy | Hard to track without registry |
Row Details (only if needed)
- None.
Best tools to measure Pub sub
Tool — Prometheus
- What it measures for Pub sub: Broker and consumer metrics, request latencies, lag exports.
- Best-fit environment: Kubernetes and on-prem clusters.
- Setup outline:
- Export broker metrics via instrumentation.
- Export consumer metrics with client libs.
- Configure Prometheus scrape intervals.
- Use recording rules for lag and error rates.
- Integrate with Alertmanager.
- Strengths:
- Highly flexible and open-source.
- Strong Kubernetes integration.
- Limitations:
- Needs capacity planning for high cardinality.
- Long-term storage requires remote write.
Tool — Grafana
- What it measures for Pub sub: Visualization of Prometheus or other metrics stores.
- Best-fit environment: Dashboards across teams.
- Setup outline:
- Connect data sources.
- Build panels for lag, throughput, errors.
- Create alerting rules to Alertmanager.
- Strengths:
- Powerful visualization and templating.
- Team dashboards and annotations.
- Limitations:
- Alerting depends on external alert router.
- Can become cluttered without governance.
Tool — OpenTelemetry Tracing
- What it measures for Pub sub: End-to-end request traces across publish and consume.
- Best-fit environment: Distributed systems and microservices.
- Setup outline:
- Instrument producers and consumers with tracing libs.
- Propagate trace context with message metadata.
- Export to tracing backend for visualization.
- Strengths:
- Correlates events across services.
- Helps root cause latency.
- Limitations:
- Adds overhead and storage for high volume.
- Sampling strategy needed.
Tool — Managed Cloud Monitoring (Cloud Provider)
- What it measures for Pub sub: Integrated broker metrics, operation metrics.
- Best-fit environment: Cloud-managed pub sub services.
- Setup outline:
- Enable provider monitoring.
- Use built-in dashboards and alerts.
- Export logs to central observability.
- Strengths:
- Low setup overhead.
- Tailored to provider features.
- Limitations:
- Visibility limited to provider metrics.
- Cross-cloud correlation varies.
Tool — Kafka Connect + Metrics
- What it measures for Pub sub: Connector health, throughput, and offsets.
- Best-fit environment: Streaming data integrations.
- Setup outline:
- Deploy Connect cluster.
- Monitor connector metrics and tasks.
- Alert on task failures and lag.
- Strengths:
- Simplifies integration with external systems.
- Standardized metrics per connector.
- Limitations:
- Connector reliability varies.
- Operational overhead.
Recommended dashboards & alerts for Pub sub
Executive dashboard:
- Panels: Total message throughput, critical pipeline success rate, consumer lag summary, infrastructure health summary.
- Why: High-level view for stakeholders and capacity planning.
On-call dashboard:
- Panels: Per-topic consumer lag, DLQ inflow, broker disk usage, recent errors, top failing consumers.
- Why: Rapid triage and decision-making.
Debug dashboard:
- Panels: Per-partition throughput and latency, producer send latency, trace links, schema errors, retry counts.
- Why: Deep troubleshooting and performance tuning.
Alerting guidance:
- Page vs ticket:
- Page for SLO-breaching conditions: consumer lag > SLO threshold, broker down, retention exceeded.
- Ticket for non-urgent issues: minor DLQ increases, single-message schema errors.
- Burn-rate guidance:
- If error budget burn rate > 3x baseline, escalate to engineering and consider mitigation freezes.
- Noise reduction tactics:
- Deduplicate alerts by grouping labels.
- Suppress low-impact transient alerts with short cooldowns.
- Use dynamic thresholds (baseline-aware) to avoid flapping.
Implementation Guide (Step-by-step)
1) Prerequisites – Define event contracts and schemas. – Choose pub sub platform and sizing model. – Ensure identity and access management (IAM) is planned. – Plan retention, partitioning, and DLQ strategy.
2) Instrumentation plan – Instrument producers to emit publish metrics and trace context. – Instrument consumers for processing latency, success rate, and idempotency markers. – Export broker metrics to monitoring stack.
3) Data collection – Centralize logs, metrics, and traces. – Capture message metadata (message id, publish time, schema id). – Implement audit trails for security and compliance.
4) SLO design – Define SLIs: end-to-end latency, delivery success rate, consumer lag. – Set SLOs based on criticality and business tolerance. – Map SLOs to alerts and runbooks.
5) Dashboards – Build executive, on-call, and debug dashboards. – Include topology panels showing active topics and subscription counts.
6) Alerts & routing – Define on-call rotations and escalation paths. – Route page-worthy alerts to SREs; route application-level alerts to owning teams.
7) Runbooks & automation – Document runbooks for common failures: lag, DLQ, schema breaks. – Automate common remediations: consumer scaling, topic retention changes, partition rebalances.
8) Validation (load/chaos/game days) – Run load tests with representative message sizes and keys. – Simulate consumer slowdowns and broker outages. – Perform game days that include schema changes and cross-region failures.
9) Continuous improvement – Review postmortems and refine SLOs. – Automate repetitive ops tasks. – Revisit topic partitioning and retention quarterly.
Pre-production checklist
- Schemas registered and validated.
- IAM and network policies set.
- Instrumentation verified end-to-end.
- Consumer tests for idempotency and error handling.
- Load test completes under expected traffic.
Production readiness checklist
- SLOs defined and observed.
- Alerting configured and routed.
- Capacity and cost model approved.
- Backup or replication strategy validated.
- Runbooks and runbook playbooks accessible to on-call.
Incident checklist specific to Pub sub
- Identify impacted topics and consumer groups.
- Check producer error rates and broker health.
- Verify consumer lag and DLQ growth.
- Isolate faulty producer or consumer and roll back recent changes.
- If necessary, throttle producers or increase consumer capacity.
- Engage relevant owners and start postmortem.
Use Cases of Pub sub
-
Real-time notifications – Context: Send alerts to users across channels. – Problem: Synchronous APIs slow down response and couple systems. – Why Pub sub helps: Fanout to multiple delivery channels concurrently. – What to measure: Delivery success rate, latency, DLQ counts. – Typical tools: Managed pub sub, notification services.
-
Change data capture (CDC) – Context: Capture DB changes for analytics. – Problem: Batch ETL introduces latency and duplicates. – Why Pub sub helps: Stream DB change events for real-time materialized views. – What to measure: Event completeness, ordering, replayability. – Typical tools: Kafka, Debezium, Pulsar.
-
Serverless function triggers – Context: Invoke functions on events. – Problem: Polling and scaling inefficiencies. – Why Pub sub helps: Event-driven invocations scale and are cost-efficient. – What to measure: Invocation rate, cold starts, retries. – Typical tools: Cloud PubSub, EventBridge, SNS.
-
Metrics and telemetry pipeline – Context: Transport metrics and logs to analytics. – Problem: Heavy load on backend ingestion during spikes. – Why Pub sub helps: Buffering and decoupling ingestion. – What to measure: Throughput, drop rate, ingestion latency. – Typical tools: Fluentd + brokers, Vector + Kafka.
-
Workflow orchestration – Context: Coordinate long-running business workflows. – Problem: Synchronous state management is brittle. – Why Pub sub helps: Events trigger state changes and allow retries. – What to measure: Workflow completion rate, time to complete. – Typical tools: Temporal with pub sub, step functions wired to events.
-
Microservice integration – Context: Share events across services. – Problem: Tight coupling via synchronous APIs. – Why Pub sub helps: Loose contracts and independent scaling. – What to measure: Service coupling degree, event schema drift. – Typical tools: Kafka, NATS, RabbitMQ.
-
Analytics and stream processing – Context: Real-time aggregations and alerts. – Problem: Batch windows delay insights. – Why Pub sub helps: Continuous processing for low-latency analytics. – What to measure: Processed throughput, state store size. – Typical tools: Flink, Spark Streaming, ksqlDB.
-
Security telemetry – Context: Feed SIEM and detection systems. – Problem: Loss of forensic data under load. – Why Pub sub helps: Durable, auditable event streams. – What to measure: Event fidelity, retention integrity. – Typical tools: Kafka, managed pub sub with secure endpoints.
-
IoT event ingestion – Context: Devices sending telemetry bursts. – Problem: Scale and intermittent connectivity. – Why Pub sub helps: Buffering and replay across intermittent connections. – What to measure: Message ingress rate, device partition assignment. – Typical tools: MQTT frontends with backend pub sub.
-
AI/ML feature pipelines – Context: Stream features and labeling events to feature stores. – Problem: Staleness and offline sync issues. – Why Pub sub helps: Real-time feature updates and replayability for retraining. – What to measure: Feature latency, completeness, data drift. – Typical tools: Kafka, Pulsar, data streaming connectors.
-
Cross-region replication – Context: Geo-distributed systems needing eventual consistency. – Problem: Manual replication is slow and error-prone. – Why Pub sub helps: Replicate topics across regions with configurable guarantees. – What to measure: Replication lag, conflict rates. – Typical tools: Managed pub sub with multi-region support.
-
Audit trail and compliance – Context: Immutable logs for regulation. – Problem: Ad-hoc logging cannot guarantee immutability. – Why Pub sub helps: Durable logs with append-only semantics. – What to measure: Retention correctness, tamper signals. – Typical tools: Compacted topics, immutable storage backends.
Scenario Examples (Realistic, End-to-End)
Scenario #1 — Kubernetes: Event-driven Order Processing
Context: E-commerce order events processed by microservices in Kubernetes. Goal: Decouple order placement from fulfillment and analytics. Why Pub sub matters here: Allows independent scaling and retries for downstream processors. Architecture / workflow: Order API -> Publisher service writes to Topic orders -> Consumer group fulfillment workers (K8s deployments) and analytics consumers. Step-by-step implementation:
- Create topic orders with partitions keyed by customer id.
- Register schemas and enforce compatibility.
- Deploy fulfillment consumer as a Deployment with HPA based on consumer lag.
- Instrument producers and consumers with OpenTelemetry.
- Configure DLQ for malformed events. What to measure: Consumer lag, end-to-end latency, DLQ rate, replica CPU. Tools to use and why: Kafka (durability), Prometheus/Grafana (metrics), OpenTelemetry (trace). Common pitfalls: Hot partition on VIP customers, missing idempotency causing duplicate shipments. Validation: Load test with 10x anticipated peak and run chaos to kill a consumer pod. Outcome: Independent deployments, reduced order processing latency, resilient retries.
Scenario #2 — Serverless/Managed-PaaS: Notifications at Scale
Context: SaaS sends emails and push notifications using cloud managed services. Goal: Scale notification delivery without coupling to main app. Why Pub sub matters here: Events trigger serverless functions; managed pub sub handles scale. Architecture / workflow: App writes to managed pub sub topic -> Cloud function subscribers for email, push -> External third-party providers. Step-by-step implementation:
- Create managed topic and subscriptions with push endpoints to cloud functions.
- Implement idempotent send logic in functions.
- Set retry policy and DLQ for failed deliveries.
- Monitor invocation errors and function cold starts. What to measure: Invocation rate, success rate, DLQ inflow. Tools to use and why: Cloud PubSub or equivalent, serverless functions, provider SDKs. Common pitfalls: High fanout costs, transient provider rate limits causing spikes in DLQ. Validation: Spike test with simulated events and verify backpressure behavior. Outcome: Scalable notification system that isolates failures to function DLQ and improves delivery capacity.
Scenario #3 — Incident-response/Postmortem: Lagging Analytics Pipeline
Context: Analytics downstream missing events leading to wrong dashboards. Goal: Recover missing events and prevent recurrence. Why Pub sub matters here: Persistent topic allows replay and forensic analysis. Architecture / workflow: Producers write to topic with retention 7 days; analytics consumer falls behind. Step-by-step implementation:
- Detect increasing consumer lag via alert.
- Pause downstream consumers and inspect DLQ and error logs.
- Reprocess backlog from earliest offset needed.
- Fix consumer bug and resume processing with test replays.
- Document incident and add test to CI. What to measure: Replay throughput, recovery time, data completeness. Tools to use and why: Kafka with retention and tooling to reset offsets, monitoring tools. Common pitfalls: Offsets reset incorrectly causing duplicates, insufficient retention for full replay. Validation: Simulated consumer outage and reprocessing in staging. Outcome: Restored analytics accuracy and improved runbooks for reprocessing.
Scenario #4 — Cost/Performance Trade-off: Retention vs Storage Cost
Context: Company stores events long-term for compliance but costs rise. Goal: Balance retention for replay against storage expense. Why Pub sub matters here: Retention configuration directly impacts cost and recovery options. Architecture / workflow: Events routed to hot topic for 7 days and cold storage after that. Step-by-step implementation:
- Analyze retention usage by topic and replay frequency.
- Implement tiered storage: active topic retention short, archival sink to cheaper storage.
- Add metadata to archived events for rehydration workflows.
- Automate lifecycle transitions. What to measure: Cost per GB, retrieval latency for archived events. Tools to use and why: Streaming platform with tiered storage, object store for cold archive. Common pitfalls: Forgotten archives not accessible for operational replay. Validation: Simulate archival retrieval and measure latency and cost. Outcome: Cost reduction while preserving replayability for compliance windows.
Common Mistakes, Anti-patterns, and Troubleshooting
List of common mistakes with symptom -> root cause -> fix.
- Symptom: Sudden consumer lag spike -> Root cause: Consumer crash or slow processing -> Fix: Check consumer logs, scale replicas, patch bug.
- Symptom: Lost messages -> Root cause: At-most-once config or premature ack -> Fix: Use at-least-once and idempotent consumers.
- Symptom: Duplicate side effects -> Root cause: At-least-once without idempotency -> Fix: Add idempotency keys and dedupe.
- Symptom: Hot partition causing throttling -> Root cause: Poor key design -> Fix: Repartition and redesign key hashing.
- Symptom: Broker disk full -> Root cause: Retention misconfigured or runaway topic -> Fix: Increase storage, reduce retention, or throttle producers.
- Symptom: Schema errors after deploy -> Root cause: Breaking change without compatibility -> Fix: Use schema registry with compatibility rules.
- Symptom: Unexpected high costs -> Root cause: Excessive retention and fanout -> Fix: Tier storage and audit topics.
- Symptom: DLQ filled -> Root cause: Consumer rejects many messages -> Fix: Inspect failures, fix logic, and reprocess valid events.
- Symptom: Slow producer throughput -> Root cause: Small batch sizes and sync sends -> Fix: Increase batching and use async publishing.
- Symptom: Network partition causes split deliveries -> Root cause: Cross-region replication without quorum -> Fix: Use designed replication and failover strategies.
- Symptom: Alert storm -> Root cause: High cardinality metrics and noisy thresholds -> Fix: Aggregate alerts and use dynamic thresholds.
- Symptom: No tracing across events -> Root cause: No trace propagation in messages -> Fix: Propagate trace context and instrument consumers.
- Symptom: Secret rotation breaks publishers -> Root cause: Hardcoded credentials -> Fix: Use secret manager and rolling updates.
- Symptom: Producers overwhelmed by backpressure -> Root cause: No producer throttling -> Fix: Implement client-side rate limiting and retries with backoff.
- Symptom: Incorrect ordering -> Root cause: Multi-partition ordering for related keys -> Fix: Use single partition per key or design idempotent consumers.
- Symptom: Slow consumer restarts -> Root cause: Large state stores checkpoint restore -> Fix: Optimize state snapshots and incremental checkpointing.
- Symptom: Overuse of topics -> Root cause: Per-tenant topics for many tenants -> Fix: Use topic partitioning or multi-tenant keys.
- Symptom: Unclear ownership -> Root cause: Shared topics with no owner -> Fix: Assign owners and SLAs per topic.
- Symptom: Observability gaps -> Root cause: No metrics at producer or consumer level -> Fix: Add instrumentation and create dashboards.
- Symptom: Silent throttling by broker -> Root cause: Unseen quotas -> Fix: Monitor throttling metrics and adjust quotas.
- Symptom: Late discovery of failures -> Root cause: Aggregated alerts hiding spikes -> Fix: Add per-critical-topic alerts.
- Symptom: Misrouted messages -> Root cause: Incorrect topic names or routing keys -> Fix: Validate routing logic in deployment tests.
- Symptom: Over-reliance on DLQ -> Root cause: Treat DLQ as archive -> Fix: Create remediation pipeline for DLQ items.
- Symptom: Excessive consumer restarts -> Root cause: Unhandled exceptions -> Fix: Harden error handling and circuit breakers.
- Symptom: Lack of replayability -> Root cause: Short retention windows -> Fix: Increase retention or archive to durable store.
Observability pitfalls (at least five included above):
- No producer metrics.
- No trace context propagation.
- Aggregated metrics hiding hot partitions.
- Missing per-topic dashboards.
- Not tracking DLQ causes.
Best Practices & Operating Model
Ownership and on-call:
- Assign topic ownership to a team with clear SLAs.
- On-call rotation should include SREs for infra-level alerts and app owners for logical errors.
Runbooks vs playbooks:
- Runbooks: step-by-step recovery for common operational failures.
- Playbooks: higher-level decision guides for complex incidents.
Safe deployments (canary/rollback):
- Use canary publishers or consumer canary to validate schema and load.
- Deploy consumers with health checks and automatic rollback on error rate spikes.
Toil reduction and automation:
- Automate topic lifecycle, quota management, partition scaling.
- Use CI checks for schema compatibility and consumer smoke tests.
Security basics:
- Enforce least-privilege IAM for topics and subscriptions.
- Encrypt data in transit and at rest.
- Audit access and mutations to critical topics.
Weekly/monthly routines:
- Weekly: review DLQ growth, top offending topics, and owner status.
- Monthly: validate retention patterns, review cost, and partition usage.
What to review in postmortems related to Pub sub:
- Exact sequence of events with offsets and timestamps.
- SLO breaches and error budget impact.
- Root cause and mitigation steps.
- Automation or test coverage gaps.
- Ownership and follow-up actions with deadlines.
Tooling & Integration Map for Pub sub (TABLE REQUIRED)
| ID | Category | What it does | Key integrations | Notes |
|---|---|---|---|---|
| I1 | Broker | Core message transport and storage | Producers, Consumers, Schema registry | Choose per scale and features |
| I2 | Schema Registry | Stores and validates schemas | CI, Brokers, Clients | Enforce compatibility rules |
| I3 | Stream Processor | Stateful/Stateless stream compute | Brokers, Object stores | For analytics and enrichments |
| I4 | Connector | Integrates external systems | Databases, Sinks, APIs | Use managed connectors when possible |
| I5 | Monitoring | Collects metrics and alerts | Brokers, Clients, Dashboards | Critical for SRE ops |
| I6 | Tracing | Correlates events across services | Producers, Consumers | Propagate trace context in messages |
| I7 | Secret Manager | Manages credentials for clients | CI, Brokers, Clients | Use rotation and least privilege |
| I8 | CI/CD | Deploys producer/consumer code | Testing, Canary health checks | Integrate schema validations |
| I9 | Policy Engine | Access and quota enforcement | IAM, Brokers | Enforce multi-tenant limits |
| I10 | Archive | Cold storage for long-term retention | Object store, Rehydration jobs | Cost optimization via lifecycle |
Row Details (only if needed)
- None.
Frequently Asked Questions (FAQs)
What is the difference between pub sub and messaging queue?
Pub sub focuses on topic-based fanout and decoupling; queues are usually point-to-point with single consumer semantics.
Can pub sub guarantee exactly-once delivery?
Some systems provide exactly-once within bounded scenarios; generally depends on broker, transactional support, and consumer idempotency.
How do I handle schema changes safely?
Use a schema registry with compatibility rules and deploy non-breaking changes first, followed by consumers update.
What is best practice for partition key design?
Choose keys that balance load while preserving ordering for related events; monitor for hot partitions.
How long should I retain events?
Depends on business needs; short-term for operational pipelines, longer for compliance or replayability; consider tiered storage.
Should I use serverless consumers?
Yes for bursty or event-driven workloads, but account for cold starts and concurrency limits.
How to prevent duplicate processing?
Design idempotent consumers and use deduplication based on message IDs or transactional processing where supported.
What observability should I add first?
Producer publish success, consumer processing success, consumer lag, DLQ inflow, and broker health.
When to use managed pub sub vs self-hosted?
Use managed for lower ops overhead; choose self-hosted for fine-grained control and cost at scale.
How do I troubleshoot consumer lag?
Check consumer pod health, processing latency, partition assignment, and broker throughput.
What is a dead-letter queue and why use it?
A DLQ captures messages that repeatedly fail processing to avoid blocking the main pipeline and allow manual remediation.
How to secure pub sub topics?
Use IAM for access control, TLS for transport, encryption at rest, and audit logs for access monitoring.
How to do replay of old messages?
Ensure retention covers needed window or archive to object storage; consumers can reset offsets or rehydrate.
What metrics map to SLOs?
End-to-end latency, publish success rate, consumer lag, and DLQ rate are primary SLIs to consider.
How to manage multi-region replication?
Use platform replication features or mirrored topics with conflict resolution and measure replication lag.
What size should I set for message batches?
Batch size depends on message size; find balance between latency and throughput; test under load.
When should I use compaction?
Use compaction when you care about latest state per key rather than full event history.
How do I avoid noisy neighbor problems?
Use quotas, separate topics per tenant where necessary, and monitor per-tenant usage.
Conclusion
Pub sub is a foundational pattern for scalable, decoupled, and resilient cloud-native systems. It supports many modern use cases from analytics to real-time automation but requires careful operational practices, observability, and governance.
Next 7 days plan (5 bullets):
- Day 1: Inventory current event topics and owners; map retention and consumer groups.
- Day 2: Add basic instrumentation for publish success and consumer lag.
- Day 3: Create on-call dashboard and define two critical alerts.
- Day 4: Run a load test for one critical pipeline and validate scaling rules.
- Day 5–7: Implement schema registry checks in CI and prepare runbooks for top 3 failure modes.
Appendix — Pub sub Keyword Cluster (SEO)
- Primary keywords
- pub sub
- publish subscribe
- pubsub system
- pub sub architecture
- pub sub pattern
- pub sub messaging
- pub sub tutorial
- pubsub guide
-
pub sub example
-
Secondary keywords
- message broker
- event streaming
- partitioned topic
- consumer lag
- dead-letter queue
- schema registry
- at least once delivery
- exactly once semantics
- fanout pattern
-
retention policy
-
Long-tail questions
- what is pub sub messaging pattern
- how does pub sub differ from queues
- best practices for pub sub in kubernetes
- how to measure pub sub latency
- pub sub consumer lag troubleshooting
- how to design pub sub partitions
- when to use pub sub vs http
- pub sub security best practices
- how to implement dlq for pub sub
- pub sub schema evolution strategy
- how to replay messages in pub sub
-
cost optimization strategies for pub sub
-
Related terminology
- topic
- subscription
- partition
- offset
- broker
- producer
- consumer
- ack
- nack
- message id
- compaction
- retention
- stream processing
- connector
- checkpointing
- backpressure
- idempotency
- tracing
- observability
- fault tolerance
- replication
- multi region
- throughput
- latency
- schema compatibility
- dead letter queue
- consumer group
- leader election
- exactly once delivery
- at most once delivery
- at least once delivery
- multi tenancy
- tiered storage
- archival
- rehydration
- hot partition
- shard
- message serialization
- authorization
- authentication
- IAM