Archives de catégorie : kubernetes

Devnexus 2019 : kotlin, micronaut, security and kubernetes

Just got back from DevNexus 2019 (March 6th – 8th in Atlanta, GA) and the title I chose sum up the most frequent themes of this edition !

Security Workshop

During the first day, I could get my hands on Java security, thanks to the workshop hosted by Snyk, Sonatype and IBM; I particularly appreciated the workshop exercises provided by Snyk, that are available on Github (I strongly advise you to spend few hours to complete them, they’re pretty fun to complete : you play the role of the hacker and then try to fix things up ! pretty cool workshop !)

Steve Pool could also explain the danger of serialization, and brought to our attention a project to automate  payloads that exploit unsafe Java object deserialization

Sessions

Still on the topic of security, the excellent Nicolas Fränkel hosted a great session about the JVM security manager : most users don’t know if a rogue third party library accesses more than it’s supposed to, and the JVM has the necessary tooling to tighten your application accesses (network, file reflection, etc.) – will you spend the necessary energy to close those security gaps ? (lots of testing is required to make sure you don’t close too much!) – You can check the demos on github here and there.

Micronaut was definitely one of the stars of this edition : no less than 9 sessions were about this reactive framework that looks promising. Breaking news ! a contender was announced during DevNexus : Quarkus, from RedHat

Cloud technologies were not forgotten, far from that : Istio, Knative and Kubernetes in general were mentioned in a lot of talks : some projects, such as riff or fn promise to make the Serverless adoption smoother, but I can’t help but think it ends up being a lot of technology stacked together to understand and run flawlessly …

Get your Java application ready for Kubernetes

I’ll end this post sharing some notes about this presentation I gave.

After warning the audience the necessity to have the cgroups aware JVM options (-XX:+UnlockExperimentalVMOptions and -XX:+UseCGroupMemoryLimitForHeap) set when running Java < 8u191 (they’re on by default in the following releases), I presented 2 new ways to build images for a Java application : CNCF Buildpacks and Jib

We then moved on to Kubernetes with a quick refresher, and I introduced Helm too.

Before closing the sessions with Prometheus metrics and Java libraries to interact with Kubernetes, I presented Skaffold that allows to automate redeployment and Telepresence that allows developers to start a local process and make it part of a remote Kubernetes cluster : great for debugging !

You can find the presentation on SlideShare ; I apologize to the audience for the couple of demos that failed during the session :-( – I learnt my lessons with internet dependent demos (always have a backup plan) !