Cloud Native Diary #9

Devoxx conference and supply chain security, Java and Generative AI, Spring Boot and OpenTelemetry, platform engineering on Kubernetes.

Landscape of Danish beach and sea at sunrise, with surfers and sailboat in the background.

In Cloud Native Diary, I weekly (monthly? quarterly?) share my journey working with application development, platform engineering, and cloud native technologies.

This new edition will cover my experience at Devoxx Belgium, exciting news about Java and Generative AI, platform engineering, cloud native events, and my nominations as CNCF Ambassador and Oracle ACE Pro. Let's get to it!

Devoxx Belgium

This month, I joined for the first time Devoxx Belgium. It was such a fantastic event! After the conference, it took me a week to accept that it was over (yes, it was that good!).

At the conference, I presented about Securing the Supply Chain for Your Java Applications (slides, source code). I demonstrated how to verify the authenticity of Git commits using signatures, how to secure builds for Java applications using SBOMs and VEX, and how to ensure the integrity of software artifacts using Sigstore and SLSA.

Securing the Supply Chain for Your Java Applications by Thomas Vitale | Devoxx Belgium 2023

I was glad to receive lots of positive feedback about the presentation and find out it was in the TOP 5 for popularity and TOP 20 for most highly rated among more than 200 talks!

Thomas Vitale speaking at Devoxx Belgium 2023 (Photo Source)

The conference program was dense with interesting talks, and choosing which one to attend was quite a challenge. The media team at Devoxx did a fantastic job and even uploaded recordings for each presentation after a few hours from the live performance. I recommend checking out the playlist on YouTube with all the recordings from Devoxx Belgium 2023.

Java and Generative AI

Artificial Intelligence was definitely one of the primary topics at Devoxx Belgium and a popular one in the industry. The recent developments around Generative AI and Large Language Models (LLMs) opened up the stage for a new generation of intelligent apps that can consume pre-trained models via convenient APIs and enhance any type of application, including Java ones.

I'm currently working on a series of articles about designing and building Java applications powered by Generate AI and LLMs. I will cover the main theoretical concepts and architectural patterns, and explore implementations using the three primary Java frameworks for orchestrating AI applications: LangChain4J, Spring AI, and Semantic Kernel. Stay tuned! The first article is coming soon.

While working on intelligent apps with Java, I delivered my first pull request to an AI-related project. LangChain4J provides a convenient Spring Boot starter dependency, but it was missing metadata for the custom properties. I have raised the issue on GitHub and submitted a pull request, which the project maintainers quickly merged.

[BUG] Custom properties in Spring Boot starter are missing metadata · Issue #250 · langchain4j/langchain4j
Describe the bug The custom properties defined in the Spring Boot starter are missing metadata, which means IDEs will not be able to validate the properties nor help developers with autocomplete. T…

Java and OpenTelemetry

OpenTelemetry is an incubating CNCF project which changed the space of observability for cloud native applications. It unifies the generation, collection, and query of different types of telemetry data that all together enable complete visibility of software applications.

Getting started with OpenTelemetry in Java is straightforward and fast, thanks to the OpenTelemetry Java Agent. You can include it in your Java applications to capture automatically telemetry data from your code. If you containerize your applications with Buildpacks, you can rely on the OpenTelemetry Buildpack I contributed to the Paketo project and get the Agent automatically included in your container images.

GitHub - paketo-buildpacks/opentelemetry
Contribute to paketo-buildpacks/opentelemetry development by creating an account on GitHub.

For specific frameworks, you can get more fine-grained control over how your code is instrumented and what kind of telemetry is exported. For example, the Spring ecosystem relies on Micrometer to instrument your application code to gather metrics and traces. It does so in a vendor-neutral way, acting as a facade towards specific implementations.

Spring and Micrometer support OpenTelemetry for traces, and they also have some basic support for metrics. I've recently shared some thoughts about consolidating OpenTelemetry support in Spring to cover logs, metrics, and traces consistently. I very much appreciated the quick replies I got from the Spring Boot and Micrometer maintainers, clarifying the design and scope of OpenTelemetry support within these two projects and creating issues on GitHub to keep track of what is missing.

If you're interested in the subject, you can check out the GitHub repository I started to showcase how to achieve full observability of Spring Boot applications using Micrometer and OpenTelemetry. After Spring Boot 3.2 and Spring Framework 6.1 are released (November 2023), I will also start a series of articles on this topic.

Oracle ACE

Last week, I became an Oracle ACE Pro! The Oracle ACE program recognizes, rewards, and promotes technical experts and community leaders for their contributions to the Oracle community. I'm happy that my contributions to the Java and GraalVM communities have been appreciated and rewarded. I want to thank Alina Yurenko for supporting my nomination!

Oracle ACE Pro

Carvel and Supply Chain Security

I'm glad to see that the Carvel community is growing and that there's more and more interest in this powerful suite of tools for managing configuration, packaging, deployment, and operations of cloud native applications and platforms.

My proposal to introduce cryptographic signatures for all Carvel artifacts has been approved, and it's now ready for implementation. I'm currently working on subsequent proposals to enhance the supply chain security posture of the project by introducing signed SBOMs and SLSA attestations for all the Carvel tools.

Proposal - Signatures for Carvel Artifacts by ThomasVitale · Pull Request #668 · carvel-dev/carvel
Proposal for introducing signatures for all Carvel artifacts as previously suggested in #619.

If you'd like to know more about the project or start contributing to the Carvel project, you can contact the maintainers and the community in the #carvel channel (Kubernetes Slack).

Developer Productivity Tooling

A few weeks ago, Oracle announced a new Java Platform extension for Visual Studio Code. The Oracle Java Platform extension "brings full-featured Java development (edit-compile-debug & test cycle) for Maven and Gradle projects to VSCode". 

One of the main features of this extension is the fact that its language server is based on the OpenJDK javac compiler, making it possible to support new JDK features as soon as they are introduced. Thanks to that, this is the only extension currently available from the VSCode Marketplace with support for Java 21. The Spring Boot Tools for Visual Studio Code don't provide an integration with the Oracle Java Platform extension yet. I've started a discussion on GitHub about this topic. If you have any ideas or suggestions on how to implement this integration, feel free to join the conversation.

VS Code - Support the Oracle Java Platform Extension · Issue #1132 · spring-projects/sts4
Expected Behavior Oracle has recently introduced a Java Platform Extension for Visual Studio Code. It would be great if the Spring Boot Tools extension could work with it rather than requiring the…

As you might know from my previous article, I like working with Podman and Podman Desktop. My experience on macOS is extremely positive. However, in some Windows corporate setups, there's still room for improvement to ensure a smooth developer experience. I've recently suggested two features. One is for Podman Desktop to automatically load custom CA certificates from the Windows trust store into the Podman machine. The other one is for Podman to support access to Podman services from the Windows LAN. I've just been assigned to this task. I'm not familiar with the inner workings of Windows networks, but I'll give it a try. If you'd like to collaborate on this, let me know. I'm going to need some help!

Support accessing Podman services from Windows LAN · Issue #19890 · containers/podman
Is your enhancement related to a problem? Please describe When running Podman Desktop on Windows, containers running in the Podman machine are accessible from the Windows host from localhost. Howev…

CNCF Ambassador

CNCF Ambassadors are "an extension of CNCF, furthering the mission of making cloud native ubiquitous through community leadership and mentorship". Each year, two groups of Ambassadors are selected (one in spring and one in fall), and they keep the role for twelve months.

The logo of the Ambassador program of the Cloud Native Computing foundation.

I'm honored to share that I've been accepted as a CNCF Ambassador for the Fall 2023 program, and I'm really excited to contribute even more to the cloud native community!

Platform Engineering on Kubernetes

This past week marks a huge milestone for my friend Mauricio Salatino (Salaboy). His book Platform Engineering on Kubernetes has been officially published. Big congratulations, Mauricio! You can find the book on the publisher's website (Manning) and soon in all the main bookstores.

The book cover of "Platform Engineering on Kubernetes" by Mauricio Salatino, published by Manning.

This book brims with Mauricio’s unique experience, insights, and deep understanding of the cloud native ecosystem, how to provide business value on top of Kubernetes, and how to build an engineering platform to enable that end goal. It's a must-read for any cloud native practitioner who wants to level up in this highly-dynamic landscape. I can highly recommend this book!

KCD Denmark

For the past few months, I've been working on organizing the first Kubernetes Community Days Denmark together with a fantastic team! The conference will take place in Aarhus (Denmark) on November 14th.

The schedules for the conference and the workshops are ready, the tickets are sold out, and we can't wait to welcome attendees and speakers to the event. KCDs are global events supported by the CNCF focused on sharing knowledge and engaging with the local cloud native community. 

Furthermore, all profits from KCD Denmark will be donated to Coding Piratesa non-profit organization dedicated to empowering kids through coding.

Illustration promoting the Kubernetes Community Days Denmark, taking place on November 14 in Aarhus.

Cloud Native Aarhus

On December 5th, I'll join the Cloud Native Aarhus meetup and talk about Supercharging your Kubernetes Platform with Carvel. I'll showcase how to use Carvel for managing configuration, standard packaging, safe and air-gapped deployment, and operations of cloud native applications and platforms.