CodeIsGo.com

Watch this two-part video series on understanding root inside and outside of containers and how user namespaces work. By Brian Smith (Red Hat).

The first video, Overview of Rootless Podman: Part 1—Understanding Root Inside and Outside a Container, author covers the four different options when running containers with podman:

• Running podman as root, with processes in the container running as root
• Running podman as root, with processes in the container running as non-root
• Running podman as an unprivileged user (rootless), with processes in the container running as root
• Running podman as an unprivileged user (rootless), with processes in the container running as non-root (also known as rootless as a non-root user)

In the second video, Overview of Rootless Podman: Part 2—How User Namespaces Work in Rootless Containers, I dive deep into how user namespaces work in rootless podman, and demo the following topics:

• Running a container with rootless podman
• View user namespaces with the lsns command
• Review the /etc/subuid file, which defines subordinate UID ranges
• Review the /proc//uid_map file, which shows the UID map for a process
• Calculate the UID number that a process will use on the host
• Use the podman top command to view the mapping of users between the container and the host
• Use the podman unshare command to run a command within a container’s user namespace

Excellent series, in total about 20 minutes of high quality video tutorial. Well done!

Observability is an application state that gives you both the insight you need to understand what went wrong, and the tracing and tracking capabilities that help you understand why an error occurred. By Emrah Samdan.

In any application, high observability is a prerequisite for high availability. And to achieve observability in serverless applications, it’s important to get a complete picture - not just the snapshots of a single function call that most providers focus on.

The article content is split into:

• Defining observability
• Observability challenges in serverless applications
• Observability using AWS tools
• Observability with open source software
• Fully automated observability with Thundra
• The journey toward ultimate observability

Open source tools let you build on top of these limitations, yielding a more complete and customizable picture of your application. Open source tools, however, tend to be labor-intensive when implemented at scale, and simple customizations can run into issues as they are spread throughout your organization. Good read!

Flutter is based on Google’s programming language called Dart. In fact, it is a typed and object-oriented programming language that can be compiled to machine code or transpiled to JavaScript. By Marwa Mejri – Mobile Software Developer @Proxym.

In fact, Dart is a typed and object-oriented programming language that can be compiled to machine code or transpiled to JavaScript. Moreover, Dart can be run as like an interpreted language on its own VM using JIT Compilation. In reality, JIT compilation holds both of the speed of compiled code and the flexibility of interpretation. In fact, the source code is compiled at runtime as bytecode, then it is interpreted (executed) using the Dart virtual machine.

The article then read about:

• What makes flutter a good choice?
• How does flutter work?
  • Flutter framework architecture
  • Flutter engine
  • Flutter base component
  • Flutter widget lifecycle

… and more. You will also be provided with great explanatory charts and code examples to demonstrate the functionality Flutter provides. Good read!

A service mesh is an architectural pattern that provides common network services as a feature of the infrastructure. This typically includes features such as service discovery and policy enforcement to control how services within the mesh can communicate with each other. By Luke Addison.

In addition to the core features, Istio also supports powerful extension points, as well as the ability to apply custom configuration to the Envoy sidecars. Here we will describe how Istio can be configured to manage the OpenID Connect (OIDC) authentication flow for applications running within the mesh to allow both authentication and authorisation decisions to be offloaded to Istio. There are a number of ways to achieve this with Istio however here we look at two solutions and how their integration points have been affected by changes to Istio’s architecture.

The article main parts are:

• OIDC - an identity layer built upon the OAuth 2.0 protocol
• Istio 1.4
• Istio 1.5 and Above
• Authentication
• oauth2-proxy

As we have demonstrated, a really powerful aspect of this is that our backend service can be completely unaware that OIDC is being used and does not need to support it itself. However, if the service has support for parsing the JWT, then it can also be used to authorise granular access to different features of the service.

All the code is explained and you will get plenty of links to further reading. With the provided configuration in place, you will be able to make further authorisation decisions based on the attached JWT and corresponding claims. Nice one!

NoSQL databases enable you to store data with flexible schema and a variety of data models. These databases are relatively easy for developers to use, and have the high performance and functionality needed for modern applications. NoSQL databases can hold large volumes of data while still providing low latency. By Yifat Perry.

As part of AWS database offerings, there are six types of NoSQL databases you can select from along with a variety of managed and self-managed database services. These database services are designed to support your cloud-native workloads and smoothly integrate with existing AWS resources.

The article then reads about:

• A Brief History of the NoSQL movement
• Models of NoSQL databases offered on AWS
• AWS NoSQL databases services
• AWS NoSQL with NetApp cloud volumes ONTAP

You will learn a bit about each database which will hopefully enable you to choose whatever is best in your circumstances. Nice one!

AWS Lambda is the platform for deploying functions to the AWS cloud. You can use it to develop functions that respond to AWS events (eg S3 uploads, DynamoDB inserts), AWS API calls, or via HTTP endpoints using the API Gateway. By Jason Swartz.

In this tutorial you’ll learn how to create a new Lambda function in Scala, accessible via an API Gateway HTTP endpoint but also testable locally with Docker. This tutorial has been tested with Scala 2.12.8, SBT 0.13.18, and SAM-CLI 0.15.0.

The article is a straight step by step tutorial covering:

• Requirements
• The Project
• About The SBT Build
• About The Java Entrypoint
• About The Scala Handler
• About The SAM Configuration
• Execution
• Deploying The Function To AWS

… and much more. Author points out that also worth exploring is the GraalVM to compile a Scala function to a native executable and then invoke it with the custom AWS Lambda runtime. The startup time for a GraalVM native Scala app should be in the milliseconds. Plenty of detailed screen grabs and all code explained. Great article!

Learn what a cyber security policy is and why it’s important for protecting your small business. Whilst many businesses have expanded into the world of ecommerce and online shopping in recent months, strong cyber security is essential to protect both you and your customers. By fsb.org.uk.

A cyber security policy provides working guidelines for how your online systems and software should be used to minimise risk. It helps everyone in your business to understand the processes you have in place to protect your company, data and assets.

Your cyber security policy should cover lots of areas, including:

• The measures you’ve put in place to minimise threats
• What data will be backed up and how you will manage this
• Best practice processes, such as what you should or shouldn’t do
• The different responsibilities your employees have

… and more. It’s estimated that 43 per cent of data losses are caused by internal factors – half of which are accidental. Training your employees and making them aware of cyber security best practices through your cyber security policy is vital. Whether it’s being aware of malicious emails, unknown attachments or best password practices, make sure they’re in the know. Good read!

Why does Kubernetes need a unified application model? It would be the final piece needed to run a seamless deployment model. By Joab Jackson.

With a solid application model in place, a developer could finally build a cloud native application on a laptop, and have it work seamlessly — with no modifications — in a production environment, Prasek said. Without a solid app model, the deployment workflow gets too quickly mired in complexities, slowing things down.

A model connecting the developer to production, asserted Phil Prasek, a principal product manager at cloud services provider Upbound, in a breakout session at the KubeCon + CloudNativeCon Europe.

Source: https://thenewstack.io/oam-the-kubernetes-application-model-bridging-development-and-deployment/

The mission of the newly-formed Cloud Native Computing Foundation‘s sig-app-delivery Special Interest Group is to provide a standard way of defining the operational requirements for applications running across Kubernetes.

The Open Application Model (OAM), from Microsoft and Alibaba, is one such model. The goals of OAM are twofold, according to OAM contributor Ryan Zhang:

• Provide a standard application context for any microservice platform
• Define a team-centric model that supports a clear separation of concerns between developers and operators

Plenty of resources and explanations in this article together with link to the talk about “Towards a Standardized Application Definition Model for Kubernetes”. Great job!

Come 2009, and mysteriously out of the blocks emerged a cryptocurrency, Bitcoin, coded using a technique described in 1991 as blockchain. Bitcoin attracted sustained attention, and blockchain, which until then was largely unnoticed, basked in the dawn of a new era of promise. By Girish.

Not only is blockchain considered highly scalable, as per a survey by Deloitte Insights, but is also one of the fastest growing skills, as per a survey by Upwork. From start-ups to tech giants and industry leaders, from e-commerce companies to financial and global banking firms, everyone is hiring those with blockchain-related skills.

The article then guides you through:

• Get a handle on blockchain by studying Bitcoin & Ethereum
• Explore Java-based blockchain projects like BitcoinJ & FundRequest
• Master emerging blockchain technologies like Solidity & Hyperledger
• Take courses like IBM Bitcoin 101: Quick-start guide for developers

Excellent resource for any Java developer learning about and exploring the blockchain!

In this blog series, we will dig into specific challenge areas for multi-cluster Kubernetes and service mesh architecture, considerations and approaches in solving them. In our first post, we looked at service discovery and in this post we’ll look at failover and fallback routing across multiple clusters. By Denis Jannot.

When building applications on cloud platforms like Kubernetes (ie, ones where compute/network/storage is ephemeral and unreliable), planning for failures isn’t just nice it’s a prerequisite to these architectures. Instead of only working to prevent failures, implementing a strategy to gracefully handle an unplanned failure is critical to the customer experience and to avoid any potential cascading failures across other dependent services. Microservices architecture exacerbates this as there are many layers (physical or abstracted infrastructure, applications) and locations (distributed and dynamic) where the failure can happen.

The article describes these:

• What is failover and fallback routing?
• Challenges in handling failures across clusters
• Service Mesh Hub in action

Service Mesh Hub was updated and open sourced in May and has recently started community meetings to expand the conversation around service mesh. Great read, with detailed commands, configuration files and links to further resources!