Java Kubernetes Client API

Kubernetes RBAC

Azure Application Gateway Ingress

An Ingress may be configured to give Services externally-reachable URLs, load balance traffic, terminate SSL / TLS, and offer name-based virtual hosting.

Azure Credential grant flow (2-legged Oauth)

The authorization code and Implicit flow and implicit flow both require at least one user-interactive login to your application.nd
If you need a completely non-interactive flow, you must use the client credentials flow. sometimes called two-legged OAuth.
This type of grant is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user. The OAuth 2.0 client credentials grant flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service. Because the application's own credentials are being used, these credentials must be kept safe - never publish that credential in your source code.

The provides a simple mechanism for requesting protected resources by using an and including the associated as a Bearer Token. It directly uses an OAuth2AuthorizedClientManager and therefore inherits the following capabilities:ServletOAuth2AuthorizedClientExchangeFilterFunctionOAuth2AuthorizedClientOAuth2AccessToken

An will be requested if the client has not yet been authorized.OAuth2AccessToken
- authorization_code - triggers the Authorization Request redirect to initiate the flow
- client_credentials - the access token is obtained directly from the Token Endpoint
- password - the access token is obtained directly from the Token Endpoint
If the is expired, it will be refreshed (or renewed) if an is available to perform the authorizationOAuth2AccessTokenOAuth2AuthorizedClientProvider

Spring Cloud Azure

Environment - The will read account information specified via environment variables and use it to authenticate.DefaultAzureCredential
Managed Identity - If the application is deployed to an Azure host with Managed Identity enabled, the will authenticate with that account.DefaultAzureCredential

About managed identities

Developer guidelines
Azure AD-managed identities for Azure resources documentation
Choosing system or user-assigned managed identities
Manage user-assigned managed identities
System-assigned - Some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity, an identity is created in Azure AD that's tied to the lifecycle of that service instance. So when the resource is deleted, Azure automatically deletes the identity for you. By design, only that Azure resource can use this identity to request tokens from Azure AD.
User-assigned - You may also create a managed identity as a standalone Azure resource. You can create a user-assigned managed identity and assign it to one or more instances of an Azure service. With user-assigned managed identities, the identity is managed separately from the resources that use it.

Azure networking

Event Sourcing - Database Inside Out

The database inside out is an analogy for stream processing where the same components we find in a database—a commit log, views, indexes, caches—are not confined to a single place, but instead can be made available wherever they are needed.

"Moving from a relational database toward a log of immutable events and materialized views can offer tremendous benefits."

Kafka State Stores

Kafka Streams Interactive Queries | Confluent Documentation

Kafka Exactly-Once Semantics and Transactions

Kafka Streams and JUnit testing

DataOps with Lenses

Lenses Streaming SQL

`Kafka Streams and Spring`

Swiss RE and MS Azure

Swiss Re will transform its internal operating platform by modernising and moving it to the Azure cloud. Swiss Re decided to adopt Microsoft Azure. "Security, availability, and reliability. The reason for Microsoft's success in this country is the company's decision to build two data centers in Switzerland. In addition to the location, the US company has also accommodated the local banks and regulators with physical access authorizations to the server farms, as finews.ch Cloud solution providers also received a boost this spring beyond UBS and CS. The Bankers Association published a guideline that informs about the correct handling of the cloud. Consequently, it is to be expected that more banks will dare to use external computers. already reported.

Azure

Azure DevOps

Azure DevOps Services, these cloud services, provide a scalable, reliable, and globally available hosted services. Are backed by a 99.9% SLA, monitored by 24x7 operations team, and available in local data centers around the world.

Spring on Azure

Azure Pipelines Deploy AKS

What is the difference between blue-green and canary deployment strategies?

Canary deployment works similarly to blue-green deployment, but uses a slightly different method. Instead of another full environment waiting to be switched over once deployment is finished, canary deployments cut over just a small subset of servers or nodes first, before finishing the others.

Azure Test Plans

Azure Spring Cloud

What is Cloud Native computing

Almost everything you read on REST and MicroServices Architecture MSA is closely related to Cloud Native software development and computing. Let's first get the definition right.

"Cloud-native technologies are used to develop applications built as services(MSA), packaged in containers, deployed and managed on elastic infrastructure (like Kubernetes) through agile DevOps processes and continuous delivery workflows".

Read about the 10 KEY ATTRIBUTES OF CLOUD-NATIVE APPLICATIONS

About 12-Factor Principles

The Twelve-Factor App Methodology is suggested by developers for smoothly working and delivering Software as a Service (SaaS) Applications or Web Apps with a focus on Microservices.

Running Spring Boot GraalVM Native Images with Docker

All those Micronaut, Quarkus.io & Co. frameworks sound great! But Spring is the undisputed forerunner in Enterprise Java. Wouldn't it be great to combine Spring Boot with the benefits of GraalVM?!

Skaffold

If a developer has to wait for 30 minutes for their code to compile, that code lacks velocity. So, the developer experience is awful, and he/she is very frustrated. Skaffold automates the workflow for building, pushing and deploying applications into a Kubernetes cluster. With Skaffold, developers can iterate on application source code locally while having it continually updated and ready for validation or testing in their local or remote Kubernetes clusters. Developers can run Skaffold as a background process while they are developing their code.

Spring on Kubernetes

When it comes to building Java apps that run in the cloud, Spring and Spring Boot are clear favorites. It is also increasingly clear that technologies such as Docker and Kubernetes play an important role in the Spring community.

Developing SpringBoot on Kubernetes

In the cloud-native world, where microservices are developed, distributed, and operated, the operational burden becomes more complicated as the services become smaller and smaller. Fortunately, there are technologies available to vastly reduce both the time and costs associated with development and operations.

SpringBoot and ISTIO

Istio is currently the leading solution for building service mesh on Kubernetes. Thanks to Istio you can take control of a communication process between microservices. It also lets you secure and observe your services. Spring Boot is still the most popular JVM framework for building microservice applications.

SpringBoot OIDC flows

About Skaffold

Skaffold is a simple command-line tool that is able to handle the workflow for building, pushing and deploying your Java application on Kubernetes. It saves a lot of developer time by automating most of the work from source code to the deployment.

Jib, is dedicated only for Java applications. It allows you to build optimized Docker and OCI images for your Java applications without a Docker daemon. It is available as Maven of Gradle plugin, or just as a Java library. With Jib you don't need to maintain a Dockerfile or even run a Docker daemon.

About JIB Java Image Builder

Jib is a container tool that builds, pushes the Docker images of Java applications without a Docker daemon. Means, you don't have to have a docker daemon installed on your machine!

Distroless Docker images and JIB

"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.

SpringBoot OIDC, Keycloak, ISTIO

Keycloak is an open source Identity and Access Management solution targeted towards modern applications and services.

Keycloak offers features such as Single-Sign-On (SSO), Identity Brokering and Social Login, User Federation, Client Adapters, an Admin Console, and an Account Management Console. To learn more about Keycloak, please visit the official page.

Kustomize

Kustomize is a standalone configuration management tool. The basic idea is to create a collection of these configuration files as a ‘base’ configuration and apply ‘overlays’ to change them by the environment. Kustomize has been integrated with kubectl.

Writing Kubernetes Operators in Java

Java is no doubt one of the most popular programming languages in the world but it's been difficult for a period time for those non-Golang developers to build up their customized controller/operator due to the lack of library resources in the community. In the world of Golang, there're already some excellent controller frameworks. Driven by the emerging need of further integration into the platform of Kubernetes, we not only ported many essential toolings from the Golang SDK into the kubernetes Java SDK including informers, work-queues, leader-elections, etc. but also developed a controller-builder SDK which wires up everything into a runnable controller without hiccups.

CI/CD pipeline with quality gates