CodeIsGo.com

In this article, we introduce Kueue, an open source job queueing controller designed to manage batch jobs as a single unit. Kueue leaves pod-level orchestration to existing stable components of Kubernetes.

In the article you will find:

• Why Kueue?
• How Kueue works
• Resource model
• Example use case

With Kueue we decided to take a different approach to job queueing on Kubernetes that is anchored around the following aspects:

• Not duplicating existing functionalities already offered by established Kubernetes components for pod scheduling, autoscaling and job lifecycle management
• Adding key features that are missing to existing components

Job queueing is a key feature to run batch workloads at scale in both on-premises and cloud environments. The main goal of job queueing is to manage access to a limited pool of resources shared by multiple tenants. Job queueing decides which jobs should wait, which can start immediately, and what resources they can use. Good read!

Before understanding DevSecOps, let’s understand what is DevOps. DevOps is the combination of cultural philosophies, practices, and tools that increase an organization’s ability to deliver applications and services at high velocity. In fast-moving projects, security often lags behind and given low priority which may lead to buggy code and hacks. Let’s see how we can reduce the risk of attack by integrating security in our DevOps pipeline. By Alok Maurya.

The article then reads about:

• What is to DevSecOps (DevOps + Security)
• What are the benefits of using DevSecOps?
• How to make security culture your default state?
• Plan/Design
• Develop
• Build and code analysis
• Test
• Deploy
• Monitoring and Alerting
• Best practices to secure your infrastructure for DevSecOps CI/CD

… and more. Each section above is full fo details, with code and config examples. Implementing DevSecOps best practices reduces the risk of vulnerabilities and hacking. Scanning all parts of your infrastructure and application gives full visibility of potential threats and possible ways to remediate them. “The only way to do security right is to have multiple layers of security” hence we talked about multiple methods and tools that can be used for finding vulnerabilities. Exciting read!

Updates introducing a breaking change are unwelcome, especially when this happens without warning. Semantic versioning is one of the most popular solutions for this. By Tomas Fernandez.

One of the drawbacks with all of these versioning approaches is that they don’t tell us anything about compatibility between releases. The way to find out is to dig through changelogs.

In the article:

• What is semantic versioning?
• Automating versions with semantic-release
• How to get started with semantic-release
• Semantic versioning with CI/CD
• Disable tags on Semaphore
• Continuous delivery pipeline with semantic versioning
• Extending the delivery pipeline

Semantic versioning is a versioning scheme that aims to communicate the level of compatibility between releases at a glance. It uses a three-part numbering system: major.minor.patch (e.g. 1.2.3) which may or may not be suffixed with special identifiers such as -alpha or -rc1. Maintaining consistent version numbers will help you gain the trust of users and other developers. Good read!

When building security solutions using OAuth and OpenID Connect (OIDC), we frequently discuss tokens. Sometimes these systems are even referred to as token-based architectures. By Jonas Iggbom.

The article dives into:

• Types of tokens
  • Access tokens
  • Bearer tokens
  • Sender constrained tokens
  • Refresh tokens
  • ID tokens
• Token formats
  • Opaque tokens
  • JSON Web Tokens (JWT)
• The best of both worlds
  • Phantom tokens
  • Split tokens
  • Token handler

Tokens play a core role in authorizing access to applications, services and APIs. They also enable secure, flexible and scalable access management. Using tokens means applications don’t have to maintain a static API key or, even worse, hold a username and password. Nice one!

Why AI is the perfect accompaniment to modern mobile app development and how it’s already being used to transform the apps we use every day. Artificial intelligence has been breaking into the mobile app development industry and becoming part of more developers’ tools in their wheelhouse. This is because AI and machine learning are able to provide many benefits to not only the team building the application but to the end user as well. By @ninetwothree.co.

The article then guides you through use cases for ai in mobile apps:

• Face recognition
• Facial identification
• Voice recognition
• Vocal identification
• Recommendations for using ai in mobile development

Based on user input, mobile AI can recommend ever better content to the user. Customers save time on finding the products they truly desire. Unknown products that might enhance the individual’s life can pop up on the screen with a higher probability. Good read!

In this article, Google Cloud Product Manager Rachel Tsao explores how to save on compute costs with modern container platforms. Many tech companies and startups are built to operate under a certain degree of pressure and to efficiently manage costs and resources. These pressures have only increased with inflation, geopolitical shifts, and supply chain concerns, however, creating urgency for companies to find ways to preserve capital while increasing flexibility. The right approach to containers can be crucial to navigating these challenges. By Rachel Tsao.

The ways to control compute costs with containers:

• Identify opportunities to reduce cluster administration
• Consider serverless to maximize developer productivity
• Save with committed use discounts
• Leverage cost management features
• Match workload needs to pricing models

Beyond cost savings, many tech and startup companies are seeking improved business agility, which is the ability to deploy new products and features frequently and with high quality. Excellent read!

Tutorial describing how to deploy a webhooks application on a real production cluster. We will create this cluster on Civo. Civo is a cloud provider with a unique offering of managed Kubernetes clusters based on k3s. By Luc Juggery.

Tutorial then dives straight into:

• Creation of a k3s cluster
• Installation of a Ingress Controller
• Running the application
• Testing the whole thing

Civo clusters are shipped with a StorageClass as well, we’ll use it in a next article adding persistent storage to the application’s database. Traefik ingress controller, helm, Let’s Encrypt for TLS certificates - are all used together with newly created cluster. You also get plenty of screenshots and code together with config fiels used in the article. Nice one!

In the microservices world, it’s essential to design applications carefully so they scale and function efficiently. When we build services, it’s also important to keep performance in mind so that microservices remain performant as they grow in size. By Vyom Srivastava.

Asynchronous communication is when one service sends a message to another service without waiting for a response. This allows a microservice to continue with its work instead of waiting for a response before proceeding further. Author covers everything you need to know about designing microservices with AsyncAPI:

• What is AsyncAPI?
• Specifications
• Tutorial
• Code explanation

AsyncAPI is specifically designed for use with message-based architectures such as Pub/Sub systems, queues, and event streams. AsyncAPI specifications are written in YAML or JSON and are composed of three main sections: AsyncAPI version, info and channels. Good read!

Introduction to workerd, the JavaScript/Wasm runtime based on the same code that powers Cloudflare Workers. workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more portable to other environments. By Kenton Varda.

This introduction walks through:

• Self-hosting workers
• Local development and testing
• Programmable proxies
• Server-first
• Web standard APIs
• Nanoservices
• Homogeneous deployment
• Capability bindings: cleaner configuration and SSRF safety
• Always backwards compatible

workerd is not just another way to run JavaScript and Wasm. Our runtime is uniquely designed in a number of ways. It’s important to note that workerd is not, on its own, a secure way to run possibly-malicious code. If you wish to run code you don’t trust using workerd, you must enclose it in an additional sandboxing layer, such as a virtual machine configured for sandboxing. Nice one!

In this post, we’ll be looking at Kotlin JDSL Reactive modules. While many of you might have a preconceived notion that JPA cannot be reactive, Hibernate released a reactive JPA library called Hibernate Reactive. By Hyunsik Kang.

Before the release of Hibernate Reactive, we used R2DBC as there were no existing reactive libraries for JPA. However, R2DBC doesn’t support object relations and automatic change detection, which are some of JPA’s greatest advantages. Simply put, R2DBC is basically an SQL mapper. If you can’t use R2DBC, you can use Reactor with synchronous JPA as an alternative.

The main sections of the article:

• Introducing Hibernate Reactive
• Things to improve on Hibernate Reactive
• Introducing Kotlin JDSL Reactive
• The classes and interfaces required for generating reactive queries
• Kotlin JDSL Reactive vs Hibernate Reactive

Hibernate Reactive is quite difficult to use because of the inherent characteristics of the asynchronous code in Criteria API and Hibernate Reactive. Kotlin JDSL Reactive was designed to improve upon these shortcomings. Good read!