Kubernetes limits and ranges and other concepts
- understanding limits and ranges
- Graceful Shutdown of Spring Boot Applications in Kubernetes
- Readiness: IPTables, how kubernetes services direct traffic to Pods
- Keeping the State of Apps
Kustomize
- Kubernetes native configuration management
- the complete kustomize tutorial
- Optimizing Spring Boot Config Management with ConfigMaps
- Declarative Management of Kubernetes Objects Using Kustomize
Java Operator SDK
- https://javaoperatorsdk.io/docs/intro-to-operators/
- Operator Pattern
- Building a Kubernetes Operator SDK for Java Developers
- Write Kubernetes Operators with the Java Operator SDK
- Cloud Native Java: Infrastructure Automation with Kubernetes Operators
- Samples Java Operator SDK
- Kubernetes API overview
- The API
- Good intro on K8S API
Azure APP config and Feature flags onto SpringBoot apps
- Feature management overview
- Tutorial: Use feature flags in a Spring Boot app
- Quickstart: Add feature flags to a Spring Boot app
- Spring Boot Configuration Externalization with Azure App Configuration
- Quickstart: Use Azure App Configuration in Azure Kubernetes Service
- General Availability of Azure App Configuration Kubernetes Provider
- Tutorial: Use dynamic configuration in a Java Spring app
OAUTH 2.0 Token Grant Flows
1. The OAuth 2.0 client credentials grant flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service. The grant specified in RFC 6749, sometimes called two-legged OAuth, can be used to access web-hosted resources by using the identity of an application.
2. The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources like web APIs. The auth code flow requires a user-agent that supports redirection from the authorization server (the Microsoft identity platform) back to your application. For example, a web browser, desktop, or mobile application operated by a user to sign in to your app and access their data.
OAUTH 2.0 SpringBoot Resource server
- OAuth 2.0 Resource Server
- OAuth 2.0 Resource Server JWT
- Configuring Authorization
- Access token claims reference
- Extracting Authorities Manual
- Map authorities from JWT (Baeldung)
- Testing JWT Authentication (spring framework docu)
- Spring Boot Testing Signed JWT with a mock Authorization Server (good full example)
- By default, Spring Security generates a list of GrantedAuthority using the values in the scope or scp claim and the SCOPE_ prefix.
OIDC JWT Spring Security
- Spring Security With JWT for REST API (TopTal)
- How to Secure your REST APIs with Spring Security & JSON Web Tokens (JWTs)
- Securing a Spring Boot API with JWTs
- https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
- https://www.baeldung.com/spring-deprecated-websecurityconfigureradapter
- https://medium.com/@antonioprezcaballero/spring-security-without-the-websecurityconfigureradapter-0c38960bfed5
- https://www.geeksforgeeks.org/upgrading-the-deprecated-websecurityconfigureradapter-in-spring-security/
- https://docs.spring.io/spring-security/site/docs/5.2.5.RELEASE/reference/html/modules.html
SpringTest
- If you want to have full control about the spring's configuration (and not rely on the hidden magic of auto configuration
- Getting Started | Testing the Web Layer (spring.io)
- SpringBoot 3.1 Built-in Test Containers Support
- A Guide to REST-assured
- https://spring.io/blog/2023/06/23/improved-testcontainers-support-in-spring-boot-3-1
- https://docs.spring.io/spring-boot/reference/testing/testcontainers.html
- https://www.baeldung.com/spring-boot-exclude-auto-configuration-test
- Spring Boot Application Testing and Development with Testcontainers *** (
You’ll need to add the spring-boot-testcontainers
module as a test dependency in order to use service connections with Testcontainers. - Write Integration Test using @SpringBootTest **
- https://bell-sw.com/blog/how-to-use-testcontainers-with-spring-boot-applications-for-integration-testing/
- SpringBootTest vs MockMvc
- https://spring.academy/guides/spring-spring-boot-testing#only-load-slices-of-functionality
Override Properties in Spring's Tests
- Override Properties in Spring's Tests | Education
- ConfigFileApplicationContextInitializer
- Run custom ApplicationContextInitializer in @SpringBootTest
- Guide to @DynamicPropertySource in Spring | Education
Azure pipelines
- Deploy SpringBoot App into AKS cluster using Helm and Azure Build and Release Pipelines. | by Zudonu Osomudeya | Medium
- How to automate deployment of spring-boot docker container application with MySQL Database on Azure using Azure DevOps Pipelines | by Sanjeev Mishra | Medium
- Build your Spring Boot project using Azure Pipelines in Azure DevOps | by Tim van Baarsen | Medium
- Deploy a Dockerized Spring Boot app to Azure App Service | CircleCI
Building ETL with SpringBatch
- Top Java Collections Interview Questions (2024) - InterviewBit
- 40 Java Collections Interview Questions and Answers | DigitalOcean
- Core Java Interview Questions and Answers (2024) - InterviewBit
- Java Interview Questions | Baeldung
- Java Collections Framework (programiz.com)
- Collections in Java - GeeksforGeeks
The Java collections framework provides a set of interfaces and classes to implement various data structures and algorithms. Any group of individual objects that are represented as a single unit is known as a Java Collection of Objects. Before the Collection Framework(or before JDK 1.2) was introduced, the standard methods for grouping Java objects (or collections) were Arrays or Vectors, or Hashtables. All of these collections had no common interface.
- Collection tutorial at geeks
- HashSet in Java - GeeksforGeeks
- TreeSet in Java - GeeksforGeeks
- ArrayList in Java - GeeksforGeeks
- Linked List Data Structure - GeeksforGeeks
- HashMap in Java - GeeksforGeeks
- Hashtable in Java - GeeksforGeeks
- TreeMap in Java - GeeksforGeeks
- LinkedList in Java - GeeksforGeeks
- LinkedHashSet in Java with Examples - GeeksforGeeks
- Abstraction, Inheritance, Polymorphism, Encapsuplation
- Extract, Transform and Load (ETL) | by Arjun Agarwal | Medium
- GitHub - nevinmathew/Spring-Batch-ETL: The project efficiently processes user data, demonstrating key components. Explore the code for a structured approach to large-scale data transformations.
- 39. Distributed Transactions with JTA (spring.io)
- Scaling and Parallel Processing :: Spring Batch
- Parallel Processing in Spring Batch | by Murat Derman | Medium
- Spring Batch using Partitioner | Baeldung
Best PostgreSQL performance posts
K8S Jobs
- How to Run Kubernetes Jobs Programmatically? | by Gokhan Gorali | Medium
- Creating K8S jobs with SpringBoot by implementing ApplicationRunner
- Spring Batch on Kubernetes: Efficient batch processing at scale
- Tips to run Cron Jobs reliably using Spring Boot on Kubernetes | by Abhishek Anand | CodeX | Medium
- Kubernetes cron job for Java batch processing | by S Sivaraman | Medium
- Running Cron Jobs in Kubernetes | Baeldung
- A Tight Schedule: Spring, Kubernetes, and Scheduled Jobs (focusedlabs.io)
AKS SpringBoot container logging
Java Kubernetes Client API
- Kubectl Java Equivalents with Fabric8 Kubernetes Client
- How to dynamically manage Kubernetes Objects
- Coding K8S resource in Java
- Writing Kubernetes Sample Controller in Java
- kubernetes-client/DeploymentExamples.java at master · fabric8io/kubernetes-client · GitHub
Kubernetes RBAC
- Limiting access to Kubernetes resources with RBAC (learnk8s.io)
- Configuring permissions in Kubernetes with RBAC | by Containerum | Containerum | Medium
Azure Application Gateway Ingress
An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting.
Azure Credential grant flow (2-legged Oauth)
The authorization code and Implicit flow and implicit flow both require at least one user-interactive login to your application.
If you need a completely non-interactive flow, you must use the client credentials flow. sometimes called two-legged OAuth, which allows applications to authenticate as themselves (rather than on behalf of a user) to programmatically and securely obtain access to an API.
This type of grant is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user. The OAuth 2.0 client credentials grant flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service. Because the application's own credentials are being used, these credentials must be kept safe - never publish that credential in your source code.
- OAuth 2.0 Client and OAuth2AuthorizedClientManager
- OAuth 2.0 Client
- WebClient integration for Servlet Environments
- OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft Entra | Microsoft Docs
- Microsoft identity platform documentation - Microsoft Entra | Microsoft Docs
- OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft Entra | Microsoft Docs
- DefaultAzureCredential: Unifying How We Get Azure AD Token | Rahul Nath (rahulpnath.com)
- Introduction to the Azure Log Analytics REST API
Spring Cloud Azure
- Spring Cloud Azure managing identities
- Auto-configure Azure SDK clients
- Spring Cloud Azure authentication with DefaultAzureCredential
- Azure SDK for Java
- Authenticating logsQueryClient using Azure Active Directory
- spring-cloud-azure-starter-active-directory Core scenarios
- Protecting REST resource server endpoints
- Auto-configure Azure SDK clients
- Securing a RESTful API using Spring Boot and AAD
- Developer guidelines
- Azure AD-managed identities for Azure resources documentation
- Choosing system or user-assigned managed identities
- Manage user-assigned managed identities
Event Sourcing - Database Inside Out
The database inside out is an analogy for stream processing where the same components we find in a database—a commit log, views, indexes, caches—are not confined to a single place, but instead can be made available wherever they are needed.
"Moving from a relational database toward a log of immutable events and materialized views can offer tremendous benefits."
- Turning the database inside out with Event Store - Event Store Blog
- Turning Microservices Inside-Out (infoq.com)
- Event Sourcing Outgrows the Database (confluent.io)
- Kafka Streams KTable Exercise (confluent.io)
- Build a Real-Time Streaming ETL Pipeline in 20 Minutes (confluent.io)
- KSQL in Action: Real-Time Streaming ETL from Oracle Transactional Data (confluent.io)
Kafka State Stores
Kafka Exactly-Once Semantics and Transactions
- Exactly-Once Semantics Are Possible: Here's How Kafka Does It
- Enabling Exactly-Once in Kafka Streams
- Transactions in Apache Kafka
Kafka Streams and JUnit testing
- Testing Kafka Streams – A Deep Dive
- How to Test Kafka Streams Applications
- Kafka Streams TopologyTestDriver with Avro
- Easy Kafka Streams Testing with TopologyTestDriver - KIP-470 (confluent.io)
- Test topology driver — Streamiz.Kafka.Net documentation (lgouellec.github.io)
DataOps with Lenses
Lenses Streaming SQL
Kafka Streams and Spring
- Multiple kafka Streams managed by Spring
- Kafka Consumer group lags by Baeldung
- https://www.baeldung.com/java-kafka-streams-vs-kafka-consumer
- https://docs.confluent.io/platform/current/streams/developer-guide/config-streams.html
- https://www.instaclustr.com/support/documentation/kafka/accessing-and-using-kafka/working-with-kafka-streams-api/
- https://mydeveloperplanet.com/2019/12/11/introduction-to-spring-kafka/
Swiss RE and MS Azure
Swiss Re will transform its internal operating platform by modernising and moving it to the Azure cloud. Swiss Re decided to adopt Microsoft Azure. "Security, availability, and reliability. The reason for Microsoft's success in this country is the company's decision to build two data centers in Switzerland. In addition to the location, the US company has also accommodated the local banks and regulators with physical access authorizations to the server farms, as finews.ch Cloud solution providers also received a boost this spring beyond UBS and CS. The Bankers Association published a guideline that informs about the correct handling of the cloud. Consequently, it is to be expected that more banks will dare to use external computers. already reported.
- Cloud: Credit Suisse in UBS's footsteps
- Credit Suisse relies on Microsoft Azure
- UBS Group, Swiss Re Group, Swisscom and others turn to Microsoft for their digital transformation
- Credit Suisse relies on Microsoft Azure
- Swiss Re announces a strategic alliance with Microsoft – Microsoft Switzerland Newsroom
- Swiss Re: Fully automated insurance platform with Azure PaaS (codit.eu)
- Microsoft Customer Story-Swiss Re Magnum AI and cloud solution ready to enable data-driven underwriting and empower your automated ecosystem
- Azure API Management
- About API Management
- Azure Monitor
- Azure Synapse Analytics
Azure
- Deploying a Spring Boot app to Azure
- Azure CLI
- Azure portal
- Myportal
- Quickstart: Deploy your first application to Azure Spring Cloud
- Azure Pipelines
- Azure Pipelines documentation
- Azure DevOps
- Azure Command-Line Interface (CLI)
- Deploy an Azure Kubernetes Service cluster using the Azure CLI
- Kubectl Deploy an Azure Kubernetes Service (AKS) cluster
- Connect with SSH to Azure Kubernetes Service
- kubectl Cheat Sheet
- List of kubectl Commands
Azure DevOps
Azure DevOps Services, these cloud services, provide a scalable, reliable, and globally available hosted services. Are backed by a 99.9% SLA, monitored by 24x7 operations team, and available in local data centers around the world.
- Azure DevOps documentation
- Azure Pipelines documentation
- Create your first pipeline
- YAML pipeline editor
- Build Java apps
- Create a project in Azure DevOps
- About projects and scaling your organization
- Advanced Pipeline example
- How to deploy a spring boot restful API with Azure pipeline at stackoverflow
Spring on Azure
- Spring on Azure integration documentation
- Azure Toolkit for IntelliJ documentation
- Azure Toolkit for IntelliJ
- https://www.baeldung.com/spring-boot-azure
- Build your Spring Boot project using Azure Pipelines in Azure DevOps
- What’s new in Spring Boot 2.3?
- Cloud Native Buildpacks transform your application source code into images that can run on any cloud.
- Intro to Cloud Native Buildpacks
- Create a CI/CD pipeline for Java with the Azure DevOps Project
- Automate Spring Boot application deployments to Azure!
- Using Azure Pipelines to build, test and deploy a Spring Boot and Angular application
- Azure for Java developer documentation | Microsoft Docs
- Push images to Azure docker registry
- Create a Docker Image in an Azure DevOps CI Pipeline
- https://github.com/microsoft/azure-pipelines-tasks
Azure Pipelines Deploy AKS
- Build and deploy to Azure Kubernetes Service
- Build and push image to Azure Container Registry; Deploy to Azure Kubernetes Service (pipeline templates)
- Kubernetes core concepts for Azure Kubernetes Service (AKS)
- Deploying a multi-container application to Azure Kubernetes Services
- Deploy to Kubernetes
- https://github.com/MicrosoftDocs/azure-devops-docs/blob/main/docs/pipelines/tasks/deploy/kubernetes-manifest.md
- Built-in Example (Kubernetes Manifest Task)
- Kubernetes manifest task
- User Defined PipeLine variables
- Run quality tests in your build pipeline by using Azure Pipelines
- CI/CD pipeline with quality gates
- SonarQube's integration with Azure DevOps
Azure Spring Cloud
- 2021 Toolbox for developing micro services | by Praveen Manvi | Medium
- GitHub - microsoft/azure-spring-cloud-training: Guides and tutorials to make the most out of Azure Spring Cloud
What is Cloud Native computing
Almost everything you read on REST and MicroServices Architecture MSA is closely related to Cloud Native software development and computing. Let's first get the definition right.
"Cloud-native technologies are used to develop applications built as services(MSA), packaged in containers, deployed and managed on elastic infrastructure (like Kubernetes) through agile DevOps processes and continuous delivery workflows".
Read about the 10 KEY ATTRIBUTES OF CLOUD-NATIVE APPLICATIONS
About 12-Factor Principles
The Twelve-Factor App Methodology is suggested by developers for smoothly working and delivering Software as a Service (SaaS) Applications or Web Apps with a focus on Microservices.
- Best intro
- DZone on 12 Factor App Principles and Cloud-Native Microservices
- Medium on What is the Twelve-Factor App Methodology?
- Medium on Kubernetes & 12-factor apps
- Microservices in Practice - Key Architectural Concepts of an MSA (WSO2 whilepaper)
Running Spring Boot GraalVM Native Images with Docker
All those Micronaut, Quarkus.io & Co. frameworks sound great! But Spring is the undisputed forerunner in Enterprise Java. Wouldn't it be great to combine Spring Boot with the benefits of GraalVM?!
- What is GraalVM? (dev-insider.de)
- Running Spring Boot GraalVM Native Images with Docker & Heroku (codecentric.de)
- GitHub - jonashackt/spring-boot-graalvm: This example project shows how to compile a Webflux based Spring Boot application into a Native App using GraalVM Native Image locally & on GitHub Actions with & without Docker
-
Running Reactive Spring Boot on GraalVM in Docker (amis.nl)
- Convert Spring Boot Apps to GraalVM with Spring Native Beta (infoq.com)
Skaffold
If a developer has to wait for 30 minutes for their code to compile, that code lacks velocity. So, the developer experience is awful, and he/she is very frustrated. Skaffold automates the workflow for building, pushing and deploying applications into a Kubernetes cluster. With Skaffold, developers can iterate on application source code locally while having it continually updated and ready for validation or testing in their local or remote Kubernetes clusters. Developers can run Skaffold as a background process while they are developing their code.
- How Skaffold Enabled Me to Deliver Features 10 Times Faster | by Matan Cohen | Wix Engineering | medium
- Local Kubernetes development simplified with Skaffold (opcito.com)
- Kubernetes Development in Real-Time With Skaffold - DZone Cloud
Spring on Kubernetes
When it comes to building Java apps that run in the cloud, Spring and Spring Boot are clear favorites. It is also increasingly clear that technologies such as Docker and Kubernetes play an important role in the Spring community.
- https://spring.io/guides/topicals/spring-on-kubernetes/
- https://spring.io/guides/gs/spring-boot-kubernetes/
Developing SpringBoot on Kubernetes
In the cloud-native world, where microservices are developed, distributed, and operated, the operational burden becomes more complicated as the services become smaller and smaller. Fortunately, there are technologies available to vastly reduce both the time and costs associated with development and operations.
- Getting Started with Spring Boot and Kubernetes
- Developing and deploying Spring Boot microservices on Kubernetes
- Okta about building a Microservice Architecture with Spring Boot and Kubernetes
- Baeldung about Guide to Spring Cloud Kubernetes
- https://developer.okta.com/blog/2019/05/22/java-microservices-spring-boot-spring-cloud
- https://developer.okta.com/blog/2019/02/28/spring-microservices-docker
SpringBoot and ISTIO
Istio is currently the leading solution for building service mesh on Kubernetes. Thanks to Istio you can take control of a communication process between microservices. It also lets you secure and observe your services. Spring Boot is still the most popular JVM framework for building microservice applications.
- Service mesh on Kubernetes with SpringBoot and ISTIO
- Integrating a Spring Boot Application into an Istio Service Mesh
- Getting Started with Istio Service Mesh Routing
SpringBoot OIDC flows
- Authorization Code Flow
- Spring Security and OpenID Connect
- Authorization Code Grant Flow With Spring Security OAuth 2.0
About Skaffold
Skaffold is a simple command-line tool that is able to handle the workflow for building, pushing and deploying your Java application on Kubernetes. It saves a lot of developer time by automating most of the work from source code to the deployment.
Jib, is dedicated only for Java applications. It allows you to build optimized Docker and OCI images for your Java applications without a Docker daemon. It is available as Maven of Gradle plugin, or just as a Java library. With Jib you don't need to maintain a Dockerfile or even run a Docker daemon.
- Local Java Development on Kubernetes
- Continuous Spring Boot deployment in Kubernetes using Jib and Skaffold
- Simplify development on Kubernetes with Decorate, Skaffold and Spring Boot
About JIB Java Image Builder
Jib is a container tool that builds, pushes the Docker images of Java applications without a Docker daemon. Means, you don't have to have a docker daemon installed on your machine!
- Dockerizing Java Applications with Jib
- Containerizing Java Applications with Jib InfoQ
- DZone Containerizing SpringBoot Application With Jib
Distroless Docker images and JIB
"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.
- Distroless at Google
- Dockerizing with Distroless at Medium
- Distroless and Jib: Lightweight Java Container Images
Kustomize
Kustomize is a standalone configuration management tool. The basic idea is to create a collection of these configuration files as a ‘base’ configuration and apply ‘overlays’ to change them by the environment. Kustomize has been integrated with kubectl.
- Kustomize: A Tool for Kubernetes Configuration Management - DZone Cloud
- Kustomize - Kubernetes native configuration management
- Deploy to Kubernetes with Kustomize · Codefresh | Docs
Writing Kubernetes Operators in Java
Java is no doubt one of the most popular programming languages in the world but it's been difficult for a period time for those non-Golang developers to build up their customized controller/operator due to the lack of library resources in the community. In the world of Golang, there're already some excellent controller frameworks. Driven by the emerging need of further integration into the platform of Kubernetes, we not only ported many essential toolings from the Golang SDK into the kubernetes Java SDK including informers, work-queues, leader-elections, etc. but also developed a controller-builder SDK which wires up everything into a runnable controller without hiccups.
- About k8s operators
- Develop a Kubernetes controller in Java at kubernetes.io
- Your own Kubernetes controller - Developing in Java
- Another good post
- Kubernetes Java Client at Github
- Coding K8S resource in Java — Part 2 (Java Client)
Spring Boot Configuration Externalization with Azure App Configuration