Cloud Native Diary #6

A lot happened in the past few weeks. YouTube shows, meetups, cloud native platforms, Java, Kustomize, Carvel, Cartographer, Keycloak.

Leafless trees and wooden table on meadow in countryside

In Cloud Native Diary, I weekly share my journey working with application development, platform engineering, and cloud native technologies.

A lot happened in the past few weeks. YouTube shows, meetups, cloud native platforms, Java, Kustomize, Carvel, Cartographer, Keycloak, and more. Let's get to it!

Java, Cloud Native, Kubernetes

In the past few weeks, I had the pleasure of joining a few interesting events. First, I met with the Java community in Bucharest. I talked about some of the exciting new features in Spring Boot 3, including core support for GraalVM native images, observability, Java 17, and Jakarta EE 10 (slides, source code).

Then, I was invited to participate in a brilliant show hosted by Whitney Lee and Viktor Farcic called Choose Your Own Adventure: The Treacherous Trek to Production. The goal is to navigate the entire CNCF Landscape and try out all the tools. I joined the third episode focused on configuration management tools for Kubernetes, and I talked about Kustomize. It was really fun, and I even got to play my ukulele. Each episode covers a few technologies, and the audience chooses the one to use, determining how to move forward with the adventure.

Whitney is also the host of one of my favorite shows, Enlightening, which is all about learning cloud native concepts and tools. I joined the show as a guest in the latest episode to explain Kustomize and how it works. I've been following the show since the beginning, so participating in it was a very special experience.

I've also enjoyed joining The Golden Path to SpringOne show and discussing resilience, security, and observability with Spring Boot, Spring Cloud Gateway, and the Grafana stack (slides, source code). The audience was engaged and asked interesting questions. And it was great to meet again with Cora Iberkleid, which hosted the episode.

While working with Spring Cloud Gateway and GraalVM, I had some problems with defining circuit breakers. I raised the issue on GitHub and look forward to finding a solution to achieve full GraalVM-compatibility in my cloud native samples.

Cloud Native Platforms

For the past few months, I've been involved with the CNCF Platforms Working Group to collaborate on a whitepaper about cloud native platforms, what problems they solve, how to implement them, and which organizational structures and processes are necessary to succeed in building one.

During February, we went through one last round of discussions and updates, and the final draft is now going through a formal acceptance review. The goal is to publish the whitepaper in early April, in time for KubeCon+CloudNativeCon Europe 2023. If you'd like to know more about the working group, you can join the #wg-platforms channel on the CNCF Slack.

Cloud native platforms are a fascinating topic. On March 23rd, I'll talk about platforms in a new episode of The Golden Path to SpringOne titled A Paved Path to Production hosted by Dashaun Carter. On April 16th, I'll join Cloud Native Rejekts in Amsterdam and talk about Paved Paths to Production: There And Back Again. I'm also working on a series of articles on building a cloud native platform. Stay tuned for more news!


Carvel, a CNCF Sandbox project, has been very active recently. The onboarding as a CNCF Sandbox project has been completed, and the roadmap for this year has been defined based on feedback from the community.

I provided my input for the roadmap. I'm particularly glad about the support that one of my proposals got from the maintainers and the community about introducing signatures and SLSA attestations for all Carvel artifacts to improve the supply chain security posture of the project.

I've also been working on a recently proposed feature to enhance the kctrl CLI to create a namespace automatically when adding a new package repository to a Kubernetes cluster.

Carvel is one of my favorite projects in the CNCF Landscape. One of the reasons is the team behind the project, which is awesome! They are really keen to help the community when asking questions in the #carvel channel on the Kubernetes Slack. I keep receiving incredible support from the team, and I'm very grateful for that.

If you're attending KubeCon+CloudNativeCon Europe 2023 in Amsterdam, come check out the Carvel booth in the CNCF Projects Pavillion and learn more about the project.


Cartographer is a powerful framework for building paved and secure paths to production on Kubernetes. It's one of the tools I will discuss in my future presentations on cloud native platforms I mentioned earlier.

I joined the last few community meetings and was glad to meet with the Cartographer team and learn more about the latest features added to the project and the future roadmap. In the last meeting, I presented a proof of concept for a Cartographer CLI aimed to provide a convenient access point to some features currently implemented in separate CLIs as well as new features to improve the experience of both Cartographer users and supply chain authors.


Keycloak is an open-source identity and access management solution. I've been using it for many years and wrote articles about using Keycloak to secure Java applications here on my blog. They are a bit outdated, though. That's why I'm also working on a plan to refresh them and publish new articles.

Besides updating the existing content on standard authentication flows, I'm working on new articles about more advanced flows like step-up authentication. That's one of the topics I'm analyzing at the moment. I've raised an issue on the Keycloak GitHub project to understand better the implication of using such a flow when different identity providers are involved.

In my book Cloud Native Spring in Action, I demonstrate how to use Keycloak with Spring Security to handle authentication and authorization via the OpenID Connect and OAuth2 standards. I also presented on this subject at Devoxx Ukraine 2021, including what changes are needed when the system we want to secure includes single-page applications (slides, source code).

If you're using Keycloak in your Java projects, I recommend checking out the Testcontainers implementation for Keycloak by Niko Köbler. I use it in my book to write reliable integration tests for security. You can find an example in my GitHub repository showcasing Spring Security and Keycloak.

Cover picture from Pexels.