Bulletproof Microservices with Spring and Kubernetes

•Download as PPTX, PDF•

0 likes•440 views

VMware Tanzu

SpringOne 2020 Bella Bai: Software Engineer, VMware; Ollie Hughes: Senior Member of Technical Staff, Spring, VMware

Software

Bullet-proof Microservices
with Spring & Kubernetes
September 2–3, 2020
springone.io
1

About us
2
● Bella Bai
○ Yuxin Bai
○ 白玉欣
● Servant of two rescued
kitties

About us
3
● Oliver Hughes
○ Ollie
○ @olliehughes82

Pod
6
Deploying apps to Kubernetes
Pod
Animal Rescue
Spring Boot App
Container
Image
Registry
Partner Adoption
Center
Node.js App
Container
ReplicaSet
Deployment
ReplicaSet
Deployment
Service
Service
👩
🧑
💻

8
🧑
💻
Basic Authentication
Username
Password

So, back to this diagram...
10
🧑
💼
Username
Password
✓

Wait, HTTP is not encrypted...
14
🙅
♀️
Username
Password
🧑
🧑
♀️

Need to enable TLS, but how?
15
● Pick a Certificate Authority (CA)
● Manage certificates (issue/update/renew)
● Enable TLS on servers Or
Ingress

ACME HTTP01 Challenge
16
🙋
Need a cert for
animalrescue.online
plzzzz.

ACME HTTP01 Challenge
17
🙆
Here is a token,
Serve it up with your server,
I will check later.
Token

ACME HTTP01 Challenge
18
🧑
💻
📄 with token

ACME HTTP01 Challenge
19
💁
Ready for action!

ACME HTTP01 Challenge
2
0
💁
Retrieve and verify the file from
http://animalrescue.online/.well-
known/acme-challenge/<TOKEN>

ACME HTTP01 Challenge
21
🙇
I trust this account.
I will grant a valid cert -
On their next request.

ACME HTTP01 Challenge
2
2
🧑
Retrieve cert

ACME HTTP01 Challenge
2
3
🧑
♀️
Retrieve cert

Now the communication is secured
2
5
💁 Username
Password
🙈

But I want to use my GitHub account!
2
6
🙅
♀️
Username
Password

But OAuth2 is for users, what about machines?
2
9
🧑

Clients can prove their identities too!
3
0
🧑
⚖️ Private
Certificate
Authority
IssueIssue
Mutual TLS

How to mTLS in k8s?
31
Create CA certificate
with a self-signed
issuer
Create CA issuer
with the created
CA certificate
Issue certificates
with the created CA
issuer
Mount certificates
on app deployments
Update apps
to use the mounted
certificate for mTLS
Step by step guide: https://blog.jetstack.io/blog/securing-mysql-with-cert-manager/

Autocert makes mTLS easier
3
2
Create CA certificate
with a self-signed
issuer
Create CA issuer
with the created
CA certificate
Create certificates
with the created CA
issuer
Mount certificates
on app deployments
Update apps
to use the mounted
certificate for mTLS

A few notes about Autocert
3
4
● Pros:
○ Certificates are generated and only available within the pod
○ Easy to set up and run - just one annotation needed
○ Perfect for apps that already know how to handle mTLS
● Cons:
○ Need to add some code to:
■ Load the certs and keys
■ Watch for file changes on cert rotation
○ No fine-grained access control

Automating mTLS with Service Mesh
3
5
Tanzu Service
Mesh Istio
Tanzu Service Mesh: https://docs.vmware.com/en/VMware-Tanzu-Service-Mesh/services/concepts-guide/GUID-9E3F1F90-4310-415B-98C8-C06E59B8A5EE.html
Traefik: https://docs.traefik.io/https/tls/#client-authentication-mtls
Istio: https://istio.io/latest/docs/concepts/security/#mutual-tls-authentication
Linkerd: https://linkerd.io/2/features/automatic-mtls/

https://github.com/LittleBaiBai/animal-rescue
Check out our repo

Bella Bai
LittleBaiBai bellalleb_bai
Oliver Hughes
@olliehughes82
#springone@s1p
Stay Connected.

The document provides advice for writing documentation based on Hemingway's writing style. It recommends focusing documentation on intermediate users trying to become experts, and accounting for different learning styles like visual and kinesthetic. Key advice includes being minimalist with words, using present tense, preferring shorter words, being direct, making information stick through formatting and diagrams, writing for everyone by avoiding cultural references, and testing documentation through peer review.

Next-Generation Cloud Native Apps with Spring Cloud and Kubernetes

VMware Tanzu

Walking Through Spring Cloud Data Flow

VMware Tanzu

This document provides an overview and safe harbor statement for the "Walking Through Spring Cloud Data Flow" presentation at SpringOne 2020. It outlines that any information provided is intended for informational purposes only and is subject to change. The presentation will cover topics like Spring Cloud Stream for event-driven applications, Spring Cloud Task for batch applications, application development, deployment and monitoring using Spring Cloud Data Flow. It also provides details about the presenters and includes a sample demo data.

Resilient and Adaptable Systems with Cloud Native APIs

VMware Tanzu

What Is Spring?

VMware Tanzu

The document discusses the SpringOne 2021 conference which was held from September 1-2, 2021. It provides an overview of Spring, a popular Java application development framework, and highlights some of the sessions at the conference related to Spring Boot, Spring Cloud, microservices, data access, security, and the future of Spring. The conference focused on helping developers learn about the latest features and best practices for building applications using the Spring ecosystem of products.

Spring Boot Loves K8s

VMware Tanzu

Spring Boot Observability

VMware Tanzu

This document discusses Spring Boot observability and provides tips for instrumenting applications. It recommends getting started with Spring Boot metrics and actuator endpoints, using Micrometer for custom metrics, and Spring Cloud Sleuth for distributed tracing. It also recommends using Spring Boot's integration with Wavefront and considering observability before production. The speaker shares their experience troubleshooting issues and how they discovered Dropwizard and Spring Boot, which made observability much easier.

Spring is an open source integration framework for Java applications. It began in 2002 as an alternative to EJB and has since expanded into a full application development framework. It provides core features like inversion of control (IoC) and dependency injection (DI) and supports various web frameworks, data access technologies, messaging, and cloud technologies. The Spring community has grown significantly in recent years, with over 15 million projects generated from start.spring.io in 2019 alone.

What’s New in Spring Data MongoDB

VMware Tanzu

This document summarizes the new features in recent releases of Spring Data MongoDB. Spring Data MongoDB 3.0 included major upgrades to the MongoDB Java driver from version 2.x to 4.x, which changed dependencies and configuration. Version 3.0 also added the ability to perform updates via the aggregation pipeline and made changes to the reactive GridFS implementation. Spring Data MongoDB 3.1 focuses on closing gaps to the imperative implementation, including adding reactive support for SpEL queries, auditing, and metrics collection. It also improves the experience of building native images with GraalVM.

Security Patterns for Microservice Architectures - SpringOne 2020

Matt Raible

Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures. 1. Be Secure by Design 2. Scan Dependencies 3. Use HTTPS Everywhere 4. Use Access and Identity Tokens 5. Encrypt and Protect Secrets 6. Verify Security with Delivery Pipelines 7. Slow Down Attackers 8. Use Docker Rootless Mode 9. Use Time-Based Security 10. Scan Docker and Kubernetes Configuration for Vulnerabilities 11. Know Your Cloud and Cluster Security Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns

Going Serverless Using the Spring Framework Ecosystem

VMware Tanzu

Observability Enhancements in Steeltoe

VMware Tanzu

Make Spring Home (Spring Customization and Extensibility)

VMware Tanzu

State of Steeltoe 2020

VMware Tanzu

This presentation provides an overview and status update of the Steeltoe software framework. It discusses Steeltoe's components for observability, security, scalability, and ease of use. Recent updates include improvements to abstractions, configuration, connectors, discovery, management, and messaging. Future plans include further Kubernetes support, tooling enhancements, and making streams and data flow integration production-ready. The presentation encourages attendees to stay updated on Steeltoe's documentation, GitHub, Slack channel, and social media accounts.

The Path Towards Spring Boot Native Applications

VMware Tanzu

Spring Boot Whirlwind Tour

VMware Tanzu

Spring Boot provides a convention-over-configuration approach for building stand-alone, production-grade Spring-based Applications that you can "just run". It takes an opinionated view of configuring Spring applications and applications can be started using a single command. Spring Boot Actuator provides production-ready features to monitor and manage applications with no additional coding required.

Spring Data JDBC: Beyond the Obvious

VMware Tanzu

Resilient Microservices with Spring Cloud

VMware Tanzu

This document discusses building resilient microservices with Spring Cloud. It defines criteria for cloud native, cloud resilient, cloud friendly, and cloud ready applications. It also describes Spring Cloud features for service discovery, circuit breakers, and gateway routing that help meet these criteria. The presentation includes demos of Spring Cloud service discovery and circuit breakers, and a Kubernetes demo using Spring Cloud Kubernetes.

Not Just Initializing

VMware Tanzu

Spring: Your Next Java Micro-Framework

VMware Tanzu

Fundamental Spring Boot: Keep it Simple, Get it Right, Be Productive and Have...

VMware Tanzu

The document summarizes key concepts for working with Spring Boot fundamentals including: - Application properties can be managed through YAML files with different profiles for environments and validated through POJOs - Dependency injection preferably uses constructor injection and Lombok can generate code - Troubleshooting tips include turning on debug logs and leveraging actuator endpoints - Being productive involves using Lombok, DevTools, Boot Dashboard, and the H2 console.

Welcome to the Metrics

VMware Tanzu

Introduction to WebMvc.fn

VMware Tanzu

This document provides an introduction to WebMvc.fn, which is a functional web framework for building servlet endpoints in Spring. It covers handler functions, router functions, request predicates, and handler filter functions. Handler functions map requests to responses, router functions map requests to handler functions, and request predicates evaluate requests. WebMvc.fn uses an immutable and functional approach compared to the traditional Spring MVC framework.

Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes

VMware Tanzu

“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events

VMware Tanzu

TDD for Microservices

VMware Tanzu

RESHMI KRISHNA SENIOR CLOUD APPLICATION & PLATFORM ARCHITECT, PIVOTAL VINAY UPADHYA ADVISORY PLATFORM ARCHITECT, PIVOTAL TDD introduced many improvements into the development process with the biggest advantage relating to code design. As we move to a microservices based architecture, TDD becomes hard to implement across teams building different codebases. Consumer driven contracts (CDC) is like TDD but applied at the API level and is becoming more relevant in the world of microservices. It is a pattern for specifying and verifying interactions between different modules of an application. Spring Cloud Contract provides support for Consumer Driven Contracts and service schemas in Spring applications, covering a range of options for writing tests, publishing them as assets, asserting that a contract is kept by producers and consumers, for HTTP and message-based interactions. In this session, you will learn how we can implement TDD in microservices based architecture using Spring Cloud Contracts.

Spring Boot—Production Boost

VMware Tanzu

Microservices security - jpmc tech fest 2018

MOnCloud

OAuth for QuickBooks Online REST Services

Intuit Developer

What's hot

What Is Spring?

VMware Tanzu

What’s New in Spring Data MongoDB

VMware Tanzu

Security Patterns for Microservice Architectures - SpringOne 2020

Matt Raible

Going Serverless Using the Spring Framework Ecosystem

VMware Tanzu

Observability Enhancements in Steeltoe

VMware Tanzu

Make Spring Home (Spring Customization and Extensibility)

VMware Tanzu

State of Steeltoe 2020

VMware Tanzu

The Path Towards Spring Boot Native Applications

VMware Tanzu

Spring Boot Whirlwind Tour

VMware Tanzu

Spring Data JDBC: Beyond the Obvious

VMware Tanzu

Resilient Microservices with Spring Cloud

VMware Tanzu

Not Just Initializing

VMware Tanzu

Spring: Your Next Java Micro-Framework

VMware Tanzu

Fundamental Spring Boot: Keep it Simple, Get it Right, Be Productive and Have...

VMware Tanzu

Welcome to the Metrics

VMware Tanzu

Introduction to WebMvc.fn

VMware Tanzu

Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes

VMware Tanzu

“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events

VMware Tanzu

TDD for Microservices

VMware Tanzu

Spring Boot—Production Boost

VMware Tanzu

What's hot (20)

What Is Spring?

What’s New in Spring Data MongoDB

Security Patterns for Microservice Architectures - SpringOne 2020

Going Serverless Using the Spring Framework Ecosystem

Observability Enhancements in Steeltoe

Make Spring Home (Spring Customization and Extensibility)

State of Steeltoe 2020

The Path Towards Spring Boot Native Applications

Spring Boot Whirlwind Tour

Spring Data JDBC: Beyond the Obvious

Resilient Microservices with Spring Cloud

Not Just Initializing

Spring: Your Next Java Micro-Framework

Fundamental Spring Boot: Keep it Simple, Get it Right, Be Productive and Have...

Welcome to the Metrics

Introduction to WebMvc.fn

Connecting Spring Apps to Distributed SQL Clusters Running in Kubernetes

“Sh*^%# on Fire, Yo!”: A True Story Inspired by Real Events

TDD for Microservices

Spring Boot—Production Boost

Similar to Bulletproof Microservices with Spring and Kubernetes

Microservices security - jpmc tech fest 2018

MOnCloud

OAuth for QuickBooks Online REST Services

Intuit Developer

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

HashiCorp

Vault is a tool for centrally managing secrets like passwords, API keys, and certificates. It addresses the problem of "secrets sprawl" where credentials are stored insecurely in multiple places like source code, emails, and configuration files. Vault centralizes secrets management, provides access control and auditing, and generates unique short-lived credentials to reduce risk if a secret is compromised. It also supports encrypting sensitive data for additional protection. Implementing Vault involves deciding where it will run, who will manage encryption keys, which secrets it will store, where audit logs will go, and who will operate and configure the system on an ongoing basis.

"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...

Fwdays

If you ever had to deal with identity within your solutions then this is the session for you. Join JP and Christos to find out how to implement authentication and authorization for your mobile apps and back-end services using the Microsoft Identity platform. We will show you how to use our libraries to quickly connect to our platform and authenticate your users in a few, basic steps. Get ready for demos and examples the highlight how the Microsoft Identity Platform allows you to create scalable and secure applications.

Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...

Angel Alberici

DevOps Tooling - Pop-up Loft TLV 2017

Amazon Web Services

Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).

Integrating Okta with Anypoint Platform for a mobile security use case

Bahman Kalali

This document outlines a solution to integrate Okta identity management with MuleSoft Anypoint Platform using OpenID Connect. It describes setting up Okta with custom attributes, scopes and claims. It also covers configuring OpenID Connect in Anypoint Platform, applying token enforcement policies to APIs, and accessing Okta claims in API implementations. The solution uses Authorization Code Flow with PKCE to get an access token from Okta to invoke a secured API while retrieving a custom claim like customer ID without passing it in the URL.

Ahmadabad mule soft_meetup_6march2021_azure_CICD

Shekh Muenuddeen

The document provides an agenda and information about an Ahmedabad MuleSoft Meetup on Azure DevOps and CICD. The meetup will cover topics like what DevOps and CI/CD are, CI/CD pipelines, deploying Mule applications using CloudHub and Maven, unit testing with MUnit, source control with Git and build tools like Azure DevOps. It includes details about the speakers and provides references and next steps after the meetup.

Building APIs in a Cloud Native Era

Nuwan Dias

apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias

apidays

Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018

Guillaume Meyer

Indianapolis_meetup_April-1st-2022.pptx

ikram_ahamed

The document summarizes an Indianapolis MuleSoft Meetup on implementing a CI/CD pipeline for deploying MuleSoft applications using GitHub Actions. The agenda includes explaining what CI/CD and GitHub Actions are, demonstrating how to deploy a MuleSoft application to CloudHub using GitHub Actions with Anypoint username/password and connected apps, and a potential demonstration on running SonarQube code analysis. The meetup organizer and speaker are introduced. Attendees are encouraged to provide feedback, nominate themselves as future speakers, and participate in a quiz with a prize.

Deep Dive on CI/CD NYC Meet Up Group

NeerajKumar1965

This document provides information about an upcoming MuleSoft Meetup event on Continuous Integration and Continuous Delivery (CI/CD) with MuleSoft. The meetup will include a deep dive on CI/CD workflows using tools like Jenkins, Anypoint CLI, and Groovy scripts to automate API deployment and configuration. The agenda covers manual deployment processes, enabling CI/CD with Anypoint Platform, Jenkins pipeline orchestration, deploying APIs with Anypoint CLI via a connected app, and automatically discovering and configuring APIs and policies within the CD flow. The meetup hosts will also demonstrate setting up API policies and auto discovery within a CI/CD pipeline from Jenkins using Groovy scripts.

Ultimate Guide to Microservice Architecture on Kubernetes

kloia

This document provides an overview of microservice architecture on Kubernetes. It discusses: 1. Benefits of microservice architecture like independent deployability and scalability compared to monolithic applications. 2. Best practices for microservices including RESTful design, distributed configuration, client code generation, and API gateways. 3. Tools for microservices on Kubernetes including Prometheus for monitoring, Elasticsearch (ELK) stack for logging, service meshes, and event sourcing with CQRS.

Meetup bangalore-may22nd2021

pruthviraj krishnam

The document contains an agenda for a Bangalore MuleSoft Meetup Group event taking place on May 22nd, 2021. The agenda includes: an introduction from 6:00-6:15PM, a session on building custom connectors with XML SDK from 6:15-7:00PM, a session on basic authentication without API Manager in Mule4 from 7:00-7:45PM, a Q&A session from 7:45-8:15PM, a trivia quiz from 8:15-8:30PM, and wrapping up the event at 8:30PM. The document also provides information on MuleSoft certifications and a maintenance process available through May 31, 2021.

Sydney mule soft meetup 30 april 2020

Royston Lobo

The document summarizes a MuleSoft meetup that took place in Sydney. It includes: 1) Introductions from the meetup leaders and an overview of the agenda which included updates, presentations on MUnit and API security, and a trivia competition. 2) A presentation from Jason Johl on recent updates to MUnit including a new test recorder feature in Mule 4.3 and Anypoint Studio 7.5. 3) A presentation from James Healy on API security best practices such as encrypting credentials, validating JWT tokens, and regularly changing passwords.

Building APIs with Mule and Spring Boot

Guilherme Pereira Silva

This document provides an agenda for a Meetup event on building APIs with MuleSoft and SpringBoot. The agenda includes introductions, an overview of Mule and how it relates to Java, a discussion of the API lifecycle including building APIs with MuleSoft and SpringBoot, and a trivia game to win a MuleSoft course. Sponsor and speaker bios are also included. The event will compare tasks like connecting to Salesforce, API design, implementation, DevOps, and operations between MuleSoft and a SpringBoot implementation. MuleSoft provides out-of-the-box capabilities while SpringBoot requires implementing more functionality from scratch.

Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...

NaimishKakkad2

The document summarizes a meetup event on continuous integration and continuous delivery. It includes an agenda that covers manual deployment processes, API discovery, what CI/CD are, tools and techniques for CI/CD, and a deep dive into CI/CD workflows. The speakers are introduced and their backgrounds are provided. The event objectives are outlined and the tools and prerequisites for CI/CD are listed. An overview of the CI/CD setup is given and Groovy scripts are mentioned for automating the workflows.

Deploying Compliant Kubernetes: Real World Edge Cases

DevOps.com

This document discusses Lola's deployment of compliant Kubernetes to meet PCI DSS requirements. Lola stores credit card details on behalf of users but does not directly process payments, requiring Level 1 PCI compliance. It outlines how Lola uses technologies like TLS encryption with Ingress controllers, IAM authentication for Kubernetes, and Prometheus for cluster monitoring to meet requirements for firewalls, encryption, secure systems, and access control. The document advises engaging auditors technically rather than treating Kubernetes as a black box, and leveraging open source tools and communities for pre-built applications to simplify compliance tasks like authentication, monitoring, and logging.

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...

Priyanka Aash

Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore operate without sufficient detection and response capabilities that monitor their cloud accounts for compromise. Amazon Web Services, Google Cloud Platform, and Microsoft Azure have recently launched a new set of native platform threat and anomalous behavior detection services to help their customers better identify and respond to certain issues and activities occurring inside their cloud accounts. From detecting crypto-currency mining to identifying bot-infected systems to alerting on suspicious cloud credential usage to triggering on cloud-specific methods of data exfiltration, these new services aim to make these kinds of detections much easier and simpler to centrally manage. But what new and unique insights do they offer? What configuration is required to achieve the full benefits of these detections? What types of activities are not yet covered? What attack methods and techniques can avoid detection by these systems and still be successful? What practical guidelines can be followed to make the best use of these services in an organization? Follow along as we attempt to answer these questions using practical demonstrations that highlight the real threats facing cloud account owners and how the new threat detection capabilities perform in reducing the risks of operating workloads in the public cloud.

Similar to Bulletproof Microservices with Spring and Kubernetes (20)

Microservices security - jpmc tech fest 2018

OAuth for QuickBooks Online REST Services

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...

Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...

DevOps Tooling - Pop-up Loft TLV 2017

Integrating Okta with Anypoint Platform for a mobile security use case

Ahmadabad mule soft_meetup_6march2021_azure_CICD

Building APIs in a Cloud Native Era

apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias

Créer une App Microsoft Teams : REX - Replay Microsoft Experiences 2018

Indianapolis_meetup_April-1st-2022.pptx

Deep Dive on CI/CD NYC Meet Up Group

Ultimate Guide to Microservice Architecture on Kubernetes

Meetup bangalore-may22nd2021

Sydney mule soft meetup 30 april 2020

Building APIs with Mule and Spring Boot

Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...

Deploying Compliant Kubernetes: Real World Edge Cases

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...

More from VMware Tanzu

Spring into AI presented by Dan Vega 5/14

VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It

VMware Tanzu

The document summarizes Matthew Quinn's presentation on "What AI Means For Your Product Strategy And What To Do About It" at Denver Startup Week 2023. The presentation discusses how generative AI could impact product strategies by potentially solving problems companies have ignored or allowing competitors to create new solutions. Quinn advises product teams to evaluate their strategies and roadmaps, ensure they understand user needs, and consider how AI may change the problems being addressed. He provides examples of how AI could influence product development for apps in home organization and solar sales. Quinn concludes by urging attendees not to ignore AI's potential impacts and to have hard conversations about emerging threats and opportunities.

Make the Right Thing the Obvious Thing at Cardinal Health 2023

VMware Tanzu

This document discusses the evolution of internal developer platforms and defines what they are. It provides a timeline of how technologies like infrastructure as a service, public clouds, containers and Kubernetes have shaped developer platforms. The key aspects of an internal developer platform are described as providing application-centric abstractions, service level agreements, automated processes from code to production, consolidated monitoring and feedback. The document advocates that internal platforms should make the right choices obvious and easy for developers. It also introduces Backstage as an open source solution for building internal developer portals.

Enhancing DevEx and Simplifying Operations at Scale

VMware Tanzu

Cardinal Health introduced Tanzu Application Service in 2016 and set up foundations for cloud native applications in AWS and later migrated to GCP in 2018. TAS has provided Cardinal Health with benefits like faster development of applications, zero downtime for critical applications, hosting over 5,000 application instances, quicker patching for security vulnerabilities, and savings through reduced lead times and staffing needs.

Spring Update | July 2023

VMware Tanzu

Dan Vega discussed upcoming changes and improvements in Spring including Spring Boot 3, which will have support for JDK 17, Jakarta EE 9/10, ahead-of-time compilation, improved observability with Micrometer, and Project Loom's virtual threads. Spring Boot 3.1 additions were also highlighted such as Docker Compose integration and Spring Authorization Server 1.0. Spring Boot 3.2 will focus on embracing virtual threads from Project Loom to improve scalability of web applications.

Platforms, Platform Engineering, & Platform as a Product

VMware Tanzu

This document discusses building platforms as products and reducing developer toil. It notes that platform engineering now encompasses PaaS and developer tools. A quote from Mercedes-Benz emphasizes building platforms for developers, not for the company itself. The document contrasts reactive, ticket-driven approaches with automated, self-service platforms and products. It discusses moving from considering platforms as a cost center to experts that drive business results. Finally, it provides questions to identify sources of developer toil, such as issues with workstation setup, running software locally, integration testing, committing changes, and release processes.

Building Cloud Ready Apps

VMware Tanzu

This document provides an overview of building cloud-ready applications in .NET. It defines what makes an application cloud-ready, discusses common issues with legacy applications, and recommends design patterns and practices to address these issues, including loose coupling, high cohesion, messaging, service discovery, API gateways, and resiliency policies. It includes code examples and links to additional resources.

Spring Boot 3 And Beyond

VMware Tanzu

Dan Vega discussed new features and capabilities in Spring Boot 3 and beyond, including support for JDK 17, Jakarta EE 9, ahead-of-time compilation, observability with Micrometer, Docker Compose integration, and initial support for Project Loom's virtual threads in Spring Boot 3.2 to improve scalability. He provided an overview of each new feature and explained how they can help Spring applications.

Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf

VMware Tanzu

Spring Cloud Gateway is a gateway that provides routing, security, monitoring, and resiliency capabilities for microservices. It acts as an API gateway and sits in front of microservices, routing requests to the appropriate microservice. The gateway uses predicates and filters to route requests and modify requests and responses. It is lightweight and built on reactive principles to enable it to scale to thousands of routes.

Simplify and Scale Enterprise Apps in the Cloud | Boston 2023

VMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023

VMware Tanzu

tanzu_developer_connect.pptx

VMware Tanzu

This document appears to be from a VMware Tanzu Developer Connect presentation. It discusses Tanzu Application Platform (TAP), which provides a developer experience on Kubernetes across multiple clouds. TAP aims to unlock developer productivity, build rapid paths to production, and coordinate the work of development, security and operations teams. It offers features like pre-configured templates, integrated developer tools, centralized visibility and workload status, role-based access control, automated pipelines and built-in security. The presentation provides examples of how these capabilities improve experiences for developers, operations teams and security teams.

Tanzu Virtual Developer Connect Workshop - French

VMware Tanzu

Tanzu Developer Connect Workshop - English

VMware Tanzu

The document provides information about a Tanzu Developer Connect Workshop on Tanzu Application Platform. The agenda includes welcome and introductions on Tanzu Application Platform, followed by interactive hands-on workshops on the developer experience and operator experience. It will conclude with a quiz, prizes and giveaways. The document discusses challenges with developing on Kubernetes and how Tanzu Application Platform aims to improve the developer experience with features like pre-configured templates, developer tools integration, rapid iteration and centralized management.

Virtual Developer Connect Workshop - English

VMware Tanzu

Tanzu Developer Connect - French

VMware Tanzu

Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023

VMware Tanzu

This document discusses simplifying and scaling enterprise Spring applications in the cloud. It provides an overview of Azure Spring Apps, which is a fully managed platform for running Spring applications on Azure. Azure Spring Apps handles infrastructure management and application lifecycle management, allowing developers to focus on code. It is jointly built, operated, and supported by Microsoft and VMware. The document demonstrates how to create an Azure Spring Apps service, create an application, and deploy code to the application using three simple commands. It also discusses features of Azure Spring Apps Enterprise, which includes additional capabilities from VMware Tanzu components.

SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot

VMware Tanzu

The document discusses 15 factors for building cloud native applications with Kubernetes based on the 12 factor app methodology. It covers factors such as treating code as immutable, externalizing configuration, building stateless and disposable processes, implementing authentication and authorization securely, and monitoring applications like space probes. The presentation aims to provide an overview of the 15 factors and demonstrate how to build cloud native applications using Kubernetes based on these principles.

SpringOne Tour: The Influential Software Engineer

VMware Tanzu

The document discusses the importance of culture in software projects and how to influence culture. It notes that software projects involve people and personalities, not just technology. It emphasizes that culture informs everything a company does and is very difficult to change. It provides advice on being aware of your company's culture, finding ways to inculcate good cultural values like writing high-quality code, and approaches for influencing decision makers to prioritize culture.

SpringOne Tour: Domain-Driven Design: Theory vs Practice

VMware Tanzu

This document discusses domain-driven design, clean architecture, bounded contexts, and various modeling concepts. It provides examples of an e-scooter reservation system to illustrate domain modeling techniques. Key topics covered include identifying aggregates, bounded contexts, ensuring single sources of truth, avoiding anemic domain models, and focusing on observable domain behaviors rather than implementation details.

More from VMware Tanzu (20)

Spring into AI presented by Dan Vega 5/14

What AI Means For Your Product Strategy And What To Do About It

Make the Right Thing the Obvious Thing at Cardinal Health 2023

Enhancing DevEx and Simplifying Operations at Scale

Spring Update | July 2023

Platforms, Platform Engineering, & Platform as a Product

Building Cloud Ready Apps

Spring Boot 3 And Beyond

Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf

Simplify and Scale Enterprise Apps in the Cloud | Boston 2023

Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023

tanzu_developer_connect.pptx

Tanzu Virtual Developer Connect Workshop - French

Tanzu Developer Connect Workshop - English

Virtual Developer Connect Workshop - English

Tanzu Developer Connect - French

Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023

SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot

SpringOne Tour: The Influential Software Engineer

SpringOne Tour: Domain-Driven Design: Theory vs Practice

Recently uploaded

Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management

Utilocate

Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly. The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.

Graspan: A Big Data System for Big Code Analysis

Aftab Hussain

We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs. We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations. These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18. - Accepted in ASPLOS ‘17, Xi’an, China. - Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17. - Invited for presentation at SoCal PLS ‘16. - Invited for poster presentation at PLDI SRC ‘16.

GreenCode-A-VSCode-Plugin--Dario-Jurisic

Green Software Development

Preparing Non - Technical Founders for Engaging a Tech Agency

ISH Technologies

Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au

Transform Your Communication with Cloud-Based IVR Solutions

TheSMSPoint

Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony

SWEBOK and Education at FUSE Okinawa 2024

Hironori Washizaki

Vitthal Shirke Java Microservices Resume.pdf

Vitthal Shirke

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

Alina Yurenko

Codeigniter VS Cakephp Which is Better for Web Development.pdf

Semiosis Software Private Limited

When deliberating between CodeIgniter vs CakePHP for web development, consider their respective strengths and your project requirements. CodeIgniter, known for its simplicity and speed, offers a lightweight framework ideal for rapid development of small to medium-sized projects. It's praised for its straightforward configuration and extensive documentation, making it beginner-friendly. Conversely, CakePHP provides a more structured approach with built-in features like scaffolding, authentication, and ORM. It suits larger projects requiring robust security and scalability. Ultimately, the choice hinges on your project's scale, complexity, and your team's familiarity with the frameworks.

Artificia Intellicence and XPath Extension Functions

Octavian Nadolu

AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App

Google

AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App 👉👉 Click Here To Get More Info 👇👇 https://sumonreview.com/ai-fusion-buddy-review AI Fusion Buddy Review: Key Features ✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini ✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique! ✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs! ✅Fully automated AI articles bulk generation! ✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more. ✅With one keyword or URL, generate complete websites, landing pages, and more… ✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7. ✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches. ✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all! ✅Save over $5000 per year and kick out dependency on third parties completely! ✅Brand New App: Not available anywhere else! ✅ Beginner-friendly! ✅ZERO upfront cost or any extra expenses ✅Risk-Free: 30-Day Money-Back Guarantee! ✅Commercial License included! See My Other Reviews Article: (1) AI Genie Review: https://sumonreview.com/ai-genie-review (2) SocioWave Review: https://sumonreview.com/sociowave-review (3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review (4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review #AIFusionBuddyReview, #AIFusionBuddyFeatures, #AIFusionBuddyPricing, #AIFusionBuddyProsandCons, #AIFusionBuddyTutorial, #AIFusionBuddyUserExperience #AIFusionBuddyforBeginners, #AIFusionBuddyBenefits, #AIFusionBuddyComparison, #AIFusionBuddyInstallation, #AIFusionBuddyRefundPolicy, #AIFusionBuddyDemo, #AIFusionBuddyMaintenanceFees, #AIFusionBuddyNewbieFriendly, #WhatIsAIFusionBuddy?, #HowDoesAIFusionBuddyWorks

OpenMetadata Community Meeting - 5th June 2024

OpenMetadata

The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features. * How to run your own data quality framework * What is the performance impact of running data quality frameworks * How to run the test cases in your own ETL pipelines * How the Incident Manager is integrated * Get notified with alerts when test cases fail Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Neo4j

Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...

kalichargn70th171

A dynamic process unfolds in the intricate realm of software development, dedicated to crafting and sustaining products that effortlessly address user needs. Amidst vital stages like market analysis and requirement assessments, the heart of software development lies in the meticulous creation and upkeep of source code. Code alterations are inherent, challenging code quality, particularly under stringent deadlines.

DDS-Security 1.2 - What's New? Stronger security for long-running systems

Gerardo Pardo-Castellote

Introducing Crescat - Event Management Software for Venues, Festivals and Eve...

Crescat

Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry. Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events. With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use. Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements. If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io

Energy consumption of Database Management - Florina Jonuzi

Green Software Development

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Neo4j

socradar-q1-2024-aviation-industry-report.pdf

SOCRadar

SOCRadar's Aviation Industry Q1 Incident Report is out now! The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers. SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.

APIs for Browser Automation (MoT Meetup 2024)

Boni García

Recently uploaded (20)

Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management

Graspan: A Big Data System for Big Code Analysis

GreenCode-A-VSCode-Plugin--Dario-Jurisic

Preparing Non - Technical Founders for Engaging a Tech Agency

Transform Your Communication with Cloud-Based IVR Solutions

SWEBOK and Education at FUSE Okinawa 2024

Vitthal Shirke Java Microservices Resume.pdf

GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)

Codeigniter VS Cakephp Which is Better for Web Development.pdf

Artificia Intellicence and XPath Extension Functions

AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App

OpenMetadata Community Meeting - 5th June 2024

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...

DDS-Security 1.2 - What's New? Stronger security for long-running systems

Introducing Crescat - Event Management Software for Venues, Festivals and Eve...

Energy consumption of Database Management - Florina Jonuzi

Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris

socradar-q1-2024-aviation-industry-report.pdf

APIs for Browser Automation (MoT Meetup 2024)

Bulletproof Microservices with Spring and Kubernetes

1. Bullet-proof Microservices with Spring & Kubernetes September 2–3, 2020 springone.io 1

2. About us 2 ● Bella Bai ○ Yuxin Bai ○ 白玉欣 ● Servant of two rescued kitties

3. About us 3 ● Oliver Hughes ○ Ollie ○ @olliehughes82

4. 4 What is a Bullet-proof microservice?

5. 5 🧑 💼 As developers, we want… 💻 🍕🎮

6. Pod 6 Deploying apps to Kubernetes Pod Animal Rescue Spring Boot App Container Image Registry Partner Adoption Center Node.js App Container ReplicaSet Deployment ReplicaSet Deployment Service Service 👩 🧑 💻

7. Demo - Deploy Animal Rescue

8. 8 🧑 💻 Basic Authentication Username Password

9. Demo - Add Basic Auth

10. So, back to this diagram... 10 🧑 💼 Username Password ✓

11. Non-Spring apps? 11 🧑 ❔ ✓

12. Add a layer in between! 12 🧑 💼

13. Demo - Use Ingress

14. Wait, HTTP is not encrypted... 14 🙅 ♀️ Username Password 🧑 🧑 ♀️

15. Need to enable TLS, but how? 15 ● Pick a Certificate Authority (CA) ● Manage certificates (issue/update/renew) ● Enable TLS on servers Or Ingress

16. ACME HTTP01 Challenge 16 🙋 Need a cert for animalrescue.online plzzzz.

17. ACME HTTP01 Challenge 17 🙆 Here is a token, Serve it up with your server, I will check later. Token

18. ACME HTTP01 Challenge 18 🧑 💻 📄 with token

19. ACME HTTP01 Challenge 19 💁 Ready for action!

20. ACME HTTP01 Challenge 2 0 💁 Retrieve and verify the file from http://animalrescue.online/.well- known/acme-challenge/<TOKEN>

21. ACME HTTP01 Challenge 21 🙇 I trust this account. I will grant a valid cert - On their next request.

22. ACME HTTP01 Challenge 2 2 🧑 Retrieve cert

23. ACME HTTP01 Challenge 2 3 🧑 ♀️ Retrieve cert

24. Demo - Enable TLS

25. Now the communication is secured 2 5 💁 Username Password 🙈

26. But I want to use my GitHub account! 2 6 🙅 ♀️ Username Password

27. OAuth 2 2 7 🙋 ♀️

28. Demo - OAuth 2 with oauth-proxy

29. But OAuth2 is for users, what about machines? 2 9 🧑

30. Clients can prove their identities too! 3 0 🧑 ⚖️ Private Certificate Authority IssueIssue Mutual TLS

31. How to mTLS in k8s? 31 Create CA certificate with a self-signed issuer Create CA issuer with the created CA certificate Issue certificates with the created CA issuer Mount certificates on app deployments Update apps to use the mounted certificate for mTLS Step by step guide: https://blog.jetstack.io/blog/securing-mysql-with-cert-manager/

32. Autocert makes mTLS easier 3 2 Create CA certificate with a self-signed issuer Create CA issuer with the created CA certificate Create certificates with the created CA issuer Mount certificates on app deployments Update apps to use the mounted certificate for mTLS

33. Demo - mTLS with Autocert

34. A few notes about Autocert 3 4 ● Pros: ○ Certificates are generated and only available within the pod ○ Easy to set up and run - just one annotation needed ○ Perfect for apps that already know how to handle mTLS ● Cons: ○ Need to add some code to: ■ Load the certs and keys ■ Watch for file changes on cert rotation ○ No fine-grained access control

35. Automating mTLS with Service Mesh 3 5 Tanzu Service Mesh Istio Tanzu Service Mesh: https://docs.vmware.com/en/VMware-Tanzu-Service-Mesh/services/concepts-guide/GUID-9E3F1F90-4310-415B-98C8-C06E59B8A5EE.html Traefik: https://docs.traefik.io/https/tls/#client-authentication-mtls Istio: https://istio.io/latest/docs/concepts/security/#mutual-tls-authentication Linkerd: https://linkerd.io/2/features/automatic-mtls/

36. https://github.com/LittleBaiBai/animal-rescue Check out our repo

37. Bella Bai LittleBaiBai bellalleb_bai Oliver Hughes @olliehughes82 #springone@s1p Stay Connected.

Bulletproof Microservices with Spring and Kubernetes

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Bulletproof Microservices with Spring and Kubernetes

Similar to Bulletproof Microservices with Spring and Kubernetes (20)

More from VMware Tanzu

More from VMware Tanzu (20)

Recently uploaded

Recently uploaded (20)

Bulletproof Microservices with Spring and Kubernetes