Posts Tagged ‘devops’
[RivieraDev2025] Dhruv Kumar – Platform Engineering + AI: The Next-Gen DevOps
At Riviera DEV 2025, Dhruv Kumar delivered an engaging presentation on platform engineering, a discipline reshaping software delivery by addressing modern development challenges. Stepping in for Silva Devi, Dhruv, a senior product manager at CloudBees, explored how platform engineering, augmented by artificial intelligence, streamlines workflows, enhances developer productivity, and mitigates the complexities of cloud-native environments. His talk illuminated the transformative potential of internal developer platforms (IDPs) and AI-driven automation, offering a vision for a more efficient and secure software development lifecycle (SDLC).
The Challenges of Modern Software Development
Dhruv began by highlighting the evolving responsibilities of developers, who now spend only about 11% of their time coding, according to a survey by software.com. The remaining time is consumed by non-coding tasks such as testing, deployment, and managing security vulnerabilities. The shift-left movement, while intended to empower developers by integrating testing and deployment earlier in the process, often burdens them with tasks outside their core expertise. This is compounded by the transition to cloud environments, which introduces complex microservices architectures and distributed systems, creating navigation challenges and integration headaches.
Additionally, the rise of AI has accelerated software development, increasing code volume and tool proliferation, while supply chain attacks exploit these complexities, demanding constant vigilance from developers. Dhruv emphasized that these challenges—fragmented workflows, heightened security risks, and tool overload—necessitate a new approach to streamline processes and empower teams.
Platform Engineering: A Unified Approach
Platform engineering emerges as a solution to these issues, providing a cohesive framework for software delivery. Dhruv defined it as the discipline of designing toolchains and workflows that enable self-service capabilities for engineering teams in the cloud-native era. Central to this is the concept of an internal developer platform (IDP), which integrates tools and processes across the SDLC, from coding to deployment. By establishing a common SDLC model and vocabulary, platform engineering ensures that stakeholders—developers, QA, and security teams—share a unified understanding, reducing miscommunication and enhancing actionability.
Dhruv highlighted three pillars of effective platform engineering: a standardized SDLC model, secure best practices embedded in workflows, and the freedom for developers to use familiar tools. This last point, supported by a Forbes study from September 2023, underscores that happier developers, using tools they prefer, complete tasks 10% faster. By fostering collaboration and reducing context-switching, platform engineering creates an environment where developers can focus on innovation rather than operational overhead.
AI as a Catalyst for Optimization
Artificial intelligence plays a pivotal role in amplifying platform engineering’s impact. Dhruv explained that AI’s value lies not in generating code but in filtering noise and optimizing practices. By leveraging a robust SDLC data model, AI can provide actionable insights, provided it is fed high-quality data. For instance, AI-driven testing can prioritize time-intensive issues, streamline QA processes, and run only relevant tests based on code changes, reducing costs and feedback cycles. Dhruv cited examples like AI agents identifying vulnerabilities in code components or assessing risks in production ecosystems, automating fixes where appropriate.
He also introduced the Model Context Protocol (MCP), an open standard that enables applications to provide context to large language models, enhancing AI’s ability to deliver precise recommendations. From troubleshooting CI/CD pipelines to onboarding new developers, AI, when integrated with platform engineering, empowers teams to address bottlenecks and scale efficiently in a cloud-native world.
Empowering Developers and Securing the Future
Dhruv concluded by emphasizing that platform engineering, bolstered by AI, re-engages all actors in the software delivery process, from developers to leadership. By normalizing data across tools and providing metrics like DORA (DevOps Research and Assessment), IDPs offer visibility into bottlenecks and investment opportunities. This holistic approach not only secures the tech stack against supply chain attacks but also fosters a culture of productivity and developer satisfaction.
He encouraged attendees to explore CloudBees’ platform, which exemplifies these principles by breaking free from traditional platform limitations. Dhruv’s call to action urged developers to adopt platform engineering practices, leverage AI for optimization, and provide feedback to refine these evolving methodologies, ensuring a future where software delivery is both efficient and resilient.
Links:
[DevoxxFR2025] Dagger Modules: A Swiss Army Knife for Modern CI/CD Pipelines
Continuous Integration and Continuous Delivery (CI/CD) pipelines are the backbone of modern software development, automating the process of building, testing, and deploying applications. However, as these pipelines grow in complexity, they often become difficult to maintain, debug, and port across different execution platforms, frequently relying on verbose and platform-specific YAML configurations. Jean-Christophe Sirot, in his presentation, introduced Dagger as a revolutionary approach to CI/CD, allowing pipelines to be written as code, executable locally, testable, and portable. He explored Dagger Functions and Dagger Modules as key concepts for creating and sharing reusable, language-agnostic components for CI/CD workflows, positioning Dagger as a versatile “Swiss Army knife” for modernizing these critical pipelines.
The Pain Points of Traditional CI/CD
Jean-Christophe began by outlining the common frustrations associated with traditional CI/CD pipelines. Relying heavily on YAML or other declarative formats for defining pipelines can lead to complex, repetitive, and hard-to-read configurations, especially for intricate workflows. Debugging failures within these pipelines is often challenging, requiring pushing changes to a remote CI server and waiting for the pipeline to run. Furthermore, pipelines written for one CI platform (like GitHub Actions or GitLab CI) are often not easily transferable to another, creating vendor lock-in and hindering flexibility. This dependency on specific platforms and the difficulty in managing complex workflows manually are significant pain points for development and DevOps teams.
Dagger: CI/CD as Code
Dagger offers a fundamentally different approach by treating CI/CD pipelines as code. It allows developers to write their pipeline logic using familiar programming languages (like Go, Python, Java, or TypeScript) instead of platform-specific configuration languages. This brings the benefits of software development practices – such as code reusability, modularity, testing, and versioning – to CI/CD. Jean-Christophe explained that Dagger executes these pipelines using containers, ensuring consistency and portability across different environments. The Dagger engine runs the pipeline logic, orchestrates the necessary container operations, and manages dependencies. This allows developers to run and debug their CI/CD pipelines locally using the same code that will execute on the remote CI platform, significantly accelerating the debugging cycle.
Dagger Functions and Modules
Key to Dagger’s power are Dagger Functions and Dagger Modules. Jean-Christophe described Dagger Functions as the basic building blocks of a pipeline – functions written in a programming language that perform specific CI/CD tasks (e.g., building a Docker image, running tests, deploying an application). These functions interact with the Dagger engine to perform container operations. Dagger Modules are collections of related Dagger Functions that can be packaged and shared. Modules allow teams to create reusable components for common CI/CD patterns or specific technologies, effectively creating a library of CI/CD capabilities. For example, a team could create a “Java Build Module” containing functions for compiling Java code, running Maven or Gradle tasks, and building JAR or WAR files. These modules can be easily imported and used in different projects, promoting standardization and reducing duplication across an organization’s CI/CD workflows. Jean-Christophe demonstrated how to create and use Dagger Modules, illustrating their potential for building composable and maintainable pipelines. He highlighted that Dagger’s language independence means that modules can be written in one language (e.g., Python) and used in a pipeline defined in another (e.g., Java), fostering collaboration between teams with different language preferences.
The Benefits: Composable, Maintainable, Portable
By adopting Dagger, teams can create CI/CD pipelines that are:
– Composable: Pipelines can be built by combining smaller, reusable Dagger Modules and Functions.
– Maintainable: Pipelines written as code are easier to read, understand, and refactor using standard development tools and practices.
– Portable: Pipelines can run on any platform that supports Dagger and containers, eliminating vendor lock-in.
– Testable: Individual Dagger Functions and modules can be unit tested, and the entire pipeline can be run and debugged locally.
Jean-Christophe’s presentation positioned Dagger as a versatile tool that modernizes CI/CD by bringing the best practices of software development to pipeline automation. The ability to write pipelines in code, leverage reusable modules, and execute locally makes Dagger a powerful “Swiss Army knife” for developers and DevOps engineers seeking more efficient, reliable, and maintainable CI/CD workflows.
Links:
- Jean-Christophe Sirot: https://www.linkedin.com/in/jcsirot/
- Decathlon: https://www.decathlon.com/
- Dagger: https://dagger.io/
- Devoxx France LinkedIn: https://www.linkedin.com/company/devoxx-france/
- Devoxx France Bluesky: https://bsky.app/profile/devoxx.fr
- Devoxx France Website: https://www.devoxx.fr/
[DevoxxUK2025] Platform Engineering: Shaping the Future of Software Delivery
Paula Kennedy, co-founder and COO of Cintaso, delivered a compelling lightning talk at DevoxxUK2025, tracing the evolution of platform engineering and its impact on software delivery. Drawing from over a decade of experience, Paula explored how platforms have shifted from siloed operations to force multipliers for developer productivity. Referencing the journey from DevOps to PaaS to Kubernetes, she highlighted current trends like inner sourcing and offered practical strategies for assessing platform maturity. Her narrative, infused with lessons from the past and present, underscored the importance of a user-centered approach to avoid the pitfalls of hype and ensure platforms drive innovation.
The Evolution of Platforms
Paula began by framing platforms as foundations that elevate development, drawing on Gregor Hohpe’s analogy of a Volkswagen chassis enabling diverse car models. She recounted her career, starting in 2002 at Acturus, a SaaS provider with rigid silos between developers and operations. The DevOps movement, sparked in 2009, sought to bridge these divides, but its “you build it, you run it” mantra often overwhelmed teams. The rise of Platform-as-a-Service (PaaS), exemplified by Cloud Foundry, simplified infrastructure management, allowing developers to focus on code. However, Paula noted, the complexity of Kubernetes led organizations to build custom internal platforms, sometimes losing sight of the original value proposition.
Current Trends and Challenges
Today, platform engineering is at a crossroads, with Gartner predicting that by 2026, 80% of large organizations will have dedicated teams. Paula highlighted principles like self-service APIs, internal developer portals (e.g., Backstage), and golden paths that guide developers to best practices. She emphasized treating platforms as products, applying product management practices to align with user needs. However, the 2024 DORA report reveals challenges: while platforms boost organizational performance, they often fail to improve software reliability or delivery throughput. Paula attributed this to automation complacency and “platform complacency,” where trust in internal platforms leads to reduced scrutiny, urging teams to prioritize observability and guardrails.
Links:
[PHPForumParis2023] You Build It, You Run It: Observability for Developers – Smaïne Milianni
Smaïne Milianni, a former taxi driver turned PHP developer, delivered an engaging talk at Forum PHP 2023, exploring the “You Build It, You Run It” philosophy and the critical role of observability in modern development. Now an Engineering Manager at Yousign, Smaïne shared insights from his decade-long journey in PHP, emphasizing how observability tools like logs, metrics, traces, and alerts empower developers to maintain robust applications. His practical approach and humorous delivery offered actionable strategies for PHP developers to enhance system reliability and foster a culture of continuous improvement.
The Essence of Observability
Smaïne introduced observability as the cornerstone of the “You Build It, You Run It” model, where developers are responsible for both building and maintaining their applications. He explained how observability encompasses logs, metrics, traces, and custom alerts to monitor system health. Using real-world examples, Smaïne illustrated how these tools help identify issues, such as application errors or system outages, before they escalate. His emphasis on proactive monitoring resonated with developers seeking to ensure their PHP applications remain stable and performant.
Implementing Observability in PHP
Diving into practical applications, Smaïne outlined how to integrate observability into PHP projects. He highlighted tools like Datadog for collecting metrics and traces, and demonstrated how to set up alerts for critical incidents, such as P1 outages that trigger SMS and email notifications. Smaïne stressed the importance of prioritizing alerts based on severity to avoid notification fatigue. His examples, drawn from his experience at Yousign, provided a clear roadmap for developers to implement observability, ensuring rapid issue detection and resolution.
The Power of Post-Mortems
Smaïne concluded by emphasizing the role of post-mortems in fostering a virtuous cycle of improvement. Responding to an audience question, he explained how his team conducts weekly manager reviews to track post-mortem actions, ensuring they are prioritized and addressed. By treating errors as learning opportunities rather than failures, Smaïne’s approach encourages developers to refine their code and systems iteratively. His talk inspired attendees to adopt observability practices that enhance both technical reliability and team collaboration.
Links:
[DevoxxBE 2023] Introducing Flow: The Worst Software Development Approach in History
In a satirical yet insightful closing keynote at Devoxx Belgium 2023, Sander Hoogendoorn and Kim van Wilgen, seasoned software development experts, introduced “Flow,” a fictional methodology designed to expose the absurdities of overly complex software development practices. With humor and sharp critique, Sander and Kim drew from decades of experience to lampoon methodologies like Waterfall, Scrum, SAFe, and Spotify, blending real-world anecdotes with exaggerated principles to highlight what not to do. Their talk, laced with wit, ultimately transitioned to earnest advice, advocating for simplicity, autonomy, and human-centric development. This presentation offers a mirror to the industry, urging developers to critically evaluate methodologies and prioritize effective, enjoyable work.
The Misadventure of Methodologies
Sander kicked off with a historical detour, debunking the myth of Waterfall’s rigidity. Citing Winston Royce’s 1970 paper, he revealed that Waterfall was meant to be iterative, allowing developers to revisit phases—a concept ignored for decades, costing billions. This set the stage for Flow, a methodology born from a tongue-in-cheek desire to maximize project duration for consultancy profits. Kim explained how they cherry-picked the worst elements from existing frameworks: endless sprints from Scrum, gamification to curb autonomy, and an alphabet soup of roles from SAFe.
Their critique was grounded in real-world failures. Sander shared a Belgian project where misestimated sprints and 300 outsourced developers led to chaos, exacerbated by documentation in Dutch and French. Kim highlighted how methodologies like SAFe balloon roles, sidelining customers and adding complexity. By naming Flow with trendy buzzwords—Kaizen, continuous disappointment, and pointless—they mocked the industry’s obsession with jargon over substance.
The Flow Framework: A Recipe for Dysfunction
Flow’s principles, as Sander and Kim outlined, are deliberately counterproductive. Sprints, renamed “mini-Waterfalls,” ensure repeated failures, with burn charts (not burn-down charts) showing growing work without progress. Meetings, dubbed “Flow meetings,” are scheduled to disrupt developers’ focus, with random topics and high-placed interruptions—like a 2.5-meter-tall CEO bursting in. Kim emphasized gamification, stripping teams of real autonomy while offering trivial perks like workspace decoration, exemplified by a ball pit job interview at a Dutch e-commerce firm.
The Flow Manifesto, a parody of the Agile Manifesto, prioritizes “extensive certification over hands-on experience” and “meetings over focus.” Sander recounted a project in France with a 20-column board so confusing that even AI couldn’t decipher its French Post-its. Jira, mandatory in Flow, becomes a tool for obfuscation, with requirements buried in lengthy tickets. Open floor plans and Slack further stifle communication, with “pair slacking” replacing collaboration, ensuring developers remain distracted and disconnected.
Enterprise Flow: Scaling the Absurdity
In large organizations, Flow escalates into the Big Flow Framework (BFF), starting at version 3.0 to sound innovative. Kim critiqued the blind adoption of Spotify’s model, designed for 8x annual growth, which saddles banks with excessive managers—sometimes a 1:1 ratio with developers. Sander recounted a client renaming managers as “tech leads,” adding 118 unnecessary roles to a release train. Certifications, costing €10,000 per recertification, parody the industry’s profit-driven training schemes.
Flow’s tooling, like boards with incomprehensible columns and Jira’s dual Scrum-Kanban confusion, ensures clients remain baffled. Kim highlighted how Enterprise Flow thrives on copying trendy startups like Basecamp, debating irrelevant issues like banning TypeScript or leaving public clouds. Research, they noted, shows no methodology—including SAFe or LeSS—outperforms having none, underscoring Flow’s satirical point: complexity breeds failure.
A Serious Turn: Principles for Better Development
After the laughter, Sander and Kim pivoted to their true beliefs, advocating for a human-centric approach. Software, they stressed, is built by people, not tools or methodologies. Teams should evolve their own practices, using Scrum or Kanban as starting points but adapting to context. Face-to-face communication, trust, and psychological safety are paramount, as red sprints and silencing voices drive talent away.
Focus is sacred, requiring quiet spaces and flexible hours, as ideas often spark outside 9–5. Continuous learning, guarded by dedicating at least one day weekly, prevents stagnation. Autonomy, though initially uncomfortable, empowers teams to make decisions, as Sander’s experience with reluctant developers showed. Flat organizations with minimal hierarchy foster trust, while experienced developers, like those born in the ’60s and ’70s, mentor through code reviews rather than churning out code.
Conclusion: Simplicity and Joy in Development
Sander and Kim’s Flow is a cautionary tale, urging developers to reject bloated methodologies and embrace simplicity. By reducing complexity, as Albert Einstein suggested, teams can deliver value effectively. Above all, they reminded the audience to have fun, celebrating software development as the best industry to be in. Their talk, blending satire with wisdom, inspires developers to craft methodologies that empower people, foster collaboration, and make work enjoyable.
Links:
Hashtags: #SoftwareDevelopment #Agile #Flow #Methodologies #DevOps #SanderHoogendoorn #KimVanWilgen #SchubergPhilis #iBOOD #DevoxxBE2023
[NodeCongress2021] Machine Learning in Node.js using Tensorflow.js – Shivay Lamba
The fusion of machine learning capabilities with server-side JavaScript environments opens intriguing avenues for developers seeking to embed intelligent features directly into backend workflows. Shivay Lamba, a versatile software engineer proficient in DevOps, machine learning, and full-stack paradigms, illuminates this intersection through his examination of TensorFlow.js within Node.js ecosystems. As an open-source library originally developed by the Google Brain team, TensorFlow.js democratizes access to sophisticated neural networks, allowing practitioners to train, fine-tune, and infer models without forsaking the familiarity of JavaScript syntax.
Shivay’s narrative commences with the foundational allure of TensorFlow.js: its seamless portability across browser and Node.js contexts, underpinned by WebGL acceleration for tensor operations. This universality sidesteps the silos often encountered in traditional ML stacks, where Python dominance necessitates cumbersome bridges. In Node.js, the library harnesses native bindings to leverage CPU/GPU resources efficiently, enabling tasks like image classification or natural language processing to unfold server-side. Shivay emphasizes practical onboarding—install via npm, import tf, and instantiate models—transforming abstract algorithms into executable logic.
Consider a sentiment analysis endpoint: load a pre-trained BERT variant, preprocess textual inputs via tokenizers, and yield probabilistic outputs—all orchestrated in asynchronous handlers to maintain Node.js’s non-blocking ethos. Shivay draws from real-world deployments, where such integrations power recommendation engines or anomaly detectors in e-commerce pipelines, underscoring the library’s scalability for production loads.
Streamlining Model Deployment and Inference
Deployment nuances emerge as Shivay delves into optimization strategies. Quantization shrinks model footprints, slashing latency for edge inferences, while transfer learning adapts pre-trained architectures to domain-specific corpora with minimal retraining epochs. He illustrates with a convolutional neural network for object detection: convert ONNX formats to TensorFlow.js via converters, bundle with webpack for serverless functions, and expose via Express routes. Monitoring integrates via Prometheus metrics, tracking inference durations and accuracy drifts.
Challenges abound—memory constraints in containerized setups demand careful tensor management, mitigated by tf.dispose() invocations. Shivay advocates hybrid approaches: offload heavy training to cloud TPUs, reserving Node.js for lightweight inference. Community extensions, like @tensorflow/tfjs-node-gpu, amplify throughput on NVIDIA hardware, aligning with Node.js’s event-driven architecture.
Shivay’s exposition extends to ethical considerations: bias audits in datasets ensure equitable outcomes, while federated learning preserves privacy in distributed training. Through these lenses, TensorFlow.js transcends novelty, evolving into a cornerstone for ML-infused Node.js applications, empowering creators to infuse intelligence without infrastructural overhauls.
Links:
[DevoxxPL2022] Data Driven Secure DevOps – Deliver Better Software, Faster! • Raveesh Dwivedi
Raveesh Dwivedi, a digital transformation expert from HCL Technologies, captivated the Devoxx Poland 2022 audience with a compelling exploration of data-driven secure DevOps. With over a decade of experience at HCL, Raveesh shared insights on how value stream management (VSM) can transform software delivery, aligning IT efforts with business objectives. His presentation emphasized eliminating inefficiencies, enhancing governance, and leveraging data to deliver high-quality software swiftly. Through a blend of strategic insights and a practical demonstration, Raveesh showcased how HCL Accelerate, a VSM platform, empowers organizations to optimize their development pipelines.
The Imperative of Value Stream Management
Raveesh opened by highlighting a common frustration: business stakeholders often perceive IT as a bottleneck, blaming developers for delays. He introduced value stream management as a solution to bridge this gap, emphasizing its role in mapping the entire software delivery process from ideation to production. By analyzing a hypothetical 46-week delivery cycle, Raveesh revealed that 80% of the time—approximately 38 weeks—was spent waiting in queues due to resource constraints or poor prioritization. This inefficiency, he argued, could cost businesses millions, using a $200,000-per-week feature as an example. VSM addresses this by identifying bottlenecks and quantifying the cost of delays, enabling better decision-making and prioritization.
Raveesh explained that VSM goes beyond traditional DevOps automation, which focuses on continuous integration, testing, and delivery. It incorporates the creative aspects of agile development, such as ideation and planning, ensuring a holistic view of the delivery pipeline. By aligning IT processes with business value, VSM fosters a cultural shift toward business agility, where decisions prioritize urgency and impact. Raveesh’s narrative underscored the need for organizations to move beyond siloed automation and embrace a system-wide approach to software delivery.
Leveraging HCL Accelerate for Optimization
Central to Raveesh’s presentation was HCL Accelerate, a VSM platform designed to visualize, govern, and optimize DevOps pipelines. He described how Accelerate integrates with existing tools, pulling data into a centralized data lake via RESTful APIs and pre-built plugins. This integration enables real-time tracking of work items as they move from planning to deployment, providing visibility into bottlenecks, such as prolonged testing phases. Raveesh demonstrated how Accelerate’s dashboards display metrics like cycle time, throughput, and DORA (DevOps Research and Assessment) indicators, tailored to roles like developers, DevOps teams, and transformation leaders.
The platform’s strength lies in its ability to automate governance and release management. For instance, it can update change requests automatically upon deployment, ensuring compliance and traceability. Raveesh showcased a demo featuring a loan processing value stream, where work items appeared as dots moving through phases like development, testing, and deployment. Red dots highlighted anomalies, such as delays, detected through AI/ML capabilities. This real-time visibility allows teams to address issues proactively, ensuring quality and reducing time-to-market.
Enhancing Security and Quality
Security and quality were pivotal themes in Raveesh’s talk. He emphasized that HCL Accelerate integrates security scanning and risk assessments into the pipeline, surfacing results to all stakeholders. Quality gates, configurable within the platform, ensure that only robust code reaches production. Raveesh illustrated this with examples of deployment frequency and build stability metrics, which help teams maintain high standards. By providing actionable insights, Accelerate empowers developers to focus on delivering value while mitigating risks, aligning with the broader goal of secure DevOps.
Cultural Transformation through Data
Raveesh concluded by advocating for a cultural shift toward data-driven decision-making. He argued that while automation is foundational, the creative and collaborative aspects of DevOps—such as cross-functional planning and stakeholder alignment—are equally critical. HCL Accelerate facilitates this by offering role-based access to contextualized data, enabling teams to prioritize features based on business value. Raveesh’s vision of DevOps as a bridge between IT and business resonated, urging organizations to adopt VSM to achieve faster, more reliable software delivery. His invitation to visit HCL’s booth for further discussion reflected his commitment to fostering meaningful dialogue.
Links:
[SpringIO2019] Cloud Native Spring Boot Admin by Johannes Edmeier
At Spring I/O 2019 in Barcelona, Johannes Edmeier, a seasoned developer from Germany, captivated attendees with his deep dive into managing Spring Boot applications in Kubernetes environments using Spring Boot Admin. As the maintainer of this open-source project, Johannes shared practical insights into integrating Spring Boot Admin with Kubernetes via the Spring Cloud Kubernetes project. His session illuminated how developers can gain operational visibility and control without altering application code, making it a must-know tool for cloud-native ecosystems. This post explores Johannes’ approach, highlighting its relevance for modern DevOps.
Understanding Spring Boot Admin
Spring Boot Admin, a four-and-a-half-year-old project boasting over 17,000 GitHub stars, is an Apache-licensed tool designed to monitor and manage Spring Boot applications. Johannes, employed by ConSol, a German consultancy, dedicates 20% of his work time—and significant personal hours—to its development. The tool provides a user-friendly interface to visualize metrics, logs, and runtime configurations, addressing the limitations of basic monitoring solutions like plain metrics or logs. For Kubernetes-deployed applications, it leverages Spring Boot Actuator endpoints to deliver comprehensive insights without requiring code changes or new container images.
The challenge in cloud-native environments lies in achieving visibility into distributed systems. Johannes emphasized that Kubernetes, a common denominator across cloud vendors, demands robust monitoring tools. Spring Boot Admin meets this need by integrating with Spring Cloud Kubernetes, enabling service discovery and dynamic updates as services scale or fail. This synergy ensures developers can manage applications seamlessly, even in complex, dynamic clusters.
Setting Up Spring Boot Admin on Kubernetes
Configuring Spring Boot Admin for Kubernetes is straightforward, as Johannes demonstrated. Developers start by including the Spring Boot Admin starter server dependency, which bundles the UI and REST endpoints, and the Spring Cloud Kubernetes starter for service discovery. These dependencies, managed via Spring Cloud BOM, simplify setup. Johannes highlighted the importance of enabling the admin server, discovery client, and scheduling annotations in the application class to ensure health checks and service updates function correctly. A common pitfall, recently addressed in the documentation, is forgetting to enable scheduling, which prevents dynamic service updates.
For Kubernetes deployment, Johannes pre-built a Docker image and configured a service account with role-based access control (RBAC) to read pod, service, and endpoint data. This minimal RBAC setup avoids unnecessary permissions, enhancing security. An ingress and service complete the deployment, allowing access to the Spring Boot Admin UI. Johannes showcased a wallboard view, ideal for team dashboards, and demonstrated real-time monitoring by simulating a service failure, which triggered a yellow “restricted” status and subsequent recovery as Kubernetes rescheduled the pod.
Enhancing Monitoring with Actuator Endpoints
Spring Boot Admin’s power lies in its integration with Spring Boot Actuator, which exposes endpoints like health, info, metrics, and more. By default, only health and info endpoints are exposed, but Johannes showed how to expose all endpoints using a Kubernetes environment variable (management.endpoints.web.exposure.include=*). This unlocks detailed views for metrics, environment properties, beans, and scheduled tasks. For instance, the health endpoint provides granular details when set to “always” show details, revealing custom health indicators like database connectivity.
Johannes also highlighted advanced features, such as rendering Swagger UI links via the info endpoint’s properties, simplifying access to API documentation. For security, he recommended isolating Actuator endpoints on a separate management port (e.g., 9080) to prevent public exposure via the main ingress. Spring Cloud Kubernetes facilitates this by allowing developers to specify the management port for discovery, ensuring Spring Boot Admin accesses Actuator endpoints securely while keeping them hidden from external traffic.
Customization and Security Considerations
Spring Boot Admin excels in customization, catering to specific monitoring needs. Johannes demonstrated how to add top-level links to external tools like Grafana or Kibana, or embed them as iframes, reducing the need to memorize URLs. For advanced use cases, developers can create custom views using Vue.js, as Johannes did to toggle application status (e.g., setting a service to “out of service”). This flexibility extends to notifications, supporting Slack, Microsoft Teams, and email via simple configurations, with a test SMTP server like MailHog for demos.
Security is a critical concern, as Spring Boot Admin proxies requests to Actuator endpoints. Johannes cautioned against exposing the admin server publicly, citing an unsecured instance found via Google. He outlined three security approaches: no authentication (not recommended), session-based authentication with cookies, or OAuth2 with token forwarding, where the target application validates access. A service account handles background health checks, ensuring minimal permissions. For Keycloak integration, Johannes referenced a blog post by his colleague Tomas, showcasing Spring Boot Admin’s compatibility with modern security frameworks.
Runtime Management and Future Enhancements
Spring Boot Admin empowers runtime management, a standout feature Johannes showcased. The loggers endpoint allows dynamic adjustment of logging levels, with a forthcoming feature to set levels across all instances simultaneously. Other endpoints, like Jolokia for JMX interaction, enable runtime reconfiguration but require caution due to their power. Heap and thread dump endpoints aid debugging but risk exposing sensitive data or overwhelming resources. Johannes also previewed upcoming features, like minimum instance checks, enhancing Spring Boot Admin’s robustness in production.
For Johannes, Spring Boot Admin is more than a monitoring tool—it’s a platform for operational excellence. By integrating seamlessly with Kubernetes and Spring Boot Actuator, it addresses the complexities of cloud-native applications, empowering developers to focus on delivering value. His session at Spring I/O 2019 underscores its indispensable role in modern software ecosystems.
Links:
[SpringIO2019] Zero Downtime Migrations with Spring Boot by Alex Soto
Deploying software updates without disrupting users is a cornerstone of modern DevOps practices. At Spring I/O 2019 in Barcelona, Alex Soto, a prominent figure at Red Hat, delivered a comprehensive session on achieving zero downtime migrations in Spring Boot applications, particularly within microservices architectures. With a focus on advanced deployment techniques and state management, Alex provided actionable insights for developers navigating the complexities of production environments. This post delves into his strategies, enriched with practical demonstrations and real-world applications.
The Evolution from Monoliths to Microservices
The shift from monolithic to microservices architectures has transformed deployment practices. Alex began by contrasting the simplicity of monolithic deployments—where a single application could be updated during off-hours with minimal disruption—with the complexity of microservices. In a microservices ecosystem, services are interconnected in a graph-like structure, often with independent databases and multiple entry points. This distributed nature amplifies the impact of downtime, as a single service failure can cascade across the system.
To address this, Alex emphasized the distinction between deployment (placing a service in production) and release (routing traffic to it). This separation is critical for zero downtime, allowing teams to test new versions without affecting users. By leveraging service meshes like Istio, developers can manage traffic routing dynamically, ensuring seamless transitions between service versions.
Blue-Green and Canary Deployments
Alex explored two foundational techniques for zero downtime: blue-green and canary deployments. In blue-green deployments, a new version (green) is deployed alongside the existing one (blue), with traffic switched to the green version once validated. This approach minimizes disruption but risks affecting all users if the green version fails. Canary deployments mitigate this by gradually routing a small percentage of traffic to the new version, allowing teams to monitor performance before a full rollout.
Both techniques rely on robust monitoring, such as Prometheus, to detect issues early. Alex demonstrated a blue-green deployment using a movie store application, where a shopping cart’s state was preserved across versions using an in-memory data grid like Redis. This ensured users experienced no loss of data, even during version switches, highlighting the power of stateless and ephemeral state management in microservices.
Managing Persistent State
Persistent state, such as database schemas, poses a significant challenge in zero downtime migrations. Alex illustrated this with a scenario involving renaming a database column from “name” to “full_name.” A naive approach risks breaking compatibility, as some users may access the old schema while others hit the new one. To address this, he proposed a three-step migration process:
- Dual-Write Phase: The application writes to both the old and new columns, ensuring data consistency across versions.
- Data Migration: Historical data is copied from the old column to the new one, often using tools like Spring Batch to avoid locking the database.
- Final Transition: The application reads and writes exclusively to the new column, with the old column retained for rollback compatibility.
This methodical approach, demonstrated with a Kubernetes-based cluster, ensures backward compatibility and uninterrupted service. Alex’s demo showed how Istio’s traffic management capabilities, such as routing rules and mirroring, facilitate these migrations by directing traffic to specific versions without user impact.
Leveraging Istio for Traffic Management
Istio, a service mesh, plays a pivotal role in Alex’s strategy. By abstracting cross-cutting concerns like service discovery, circuit breaking, and security, Istio simplifies zero downtime deployments. Alex showcased how Istio’s sidecar containers handle traffic routing, enabling techniques like traffic mirroring for dark launches. In a dark launch, requests are sent to both old and new service versions, but only the old version’s response is returned to users, allowing teams to test new versions in production without risk.
Istio also supports chaos engineering, simulating delays or timeouts to test resilience. Alex cautioned, however, that such practices require careful communication to avoid unexpected disruptions, as illustrated by anecdotes of misaligned testing efforts. By integrating Istio with Spring Boot, developers can achieve robust, scalable deployments with minimal overhead.
Handling Stateful Services
Stateful services, particularly those with databases, require special attention. Alex addressed the challenge of maintaining ephemeral state, like shopping carts, using in-memory data grids. For persistent state, he recommended strategies like synthetic transactions or throwaway database clusters to handle mirrored traffic during testing. These approaches prevent unintended database writes, ensuring data integrity during migrations.
In his demo, Alex applied these principles to a movie store application, showing how a shopping cart persisted across blue-green deployments. By using Redis to replicate state across a cluster, he ensured users retained their cart contents, even as services switched versions. This practical example underscored the importance of aligning infrastructure with business needs.
Lessons for Modern DevOps
Alex’s presentation offers a roadmap for achieving zero downtime in microservices. By combining advanced deployment techniques, service meshes, and careful state management, developers can deliver reliable, user-focused applications. His emphasis on tools like Istio and Redis, coupled with a disciplined migration process, provides a blueprint for tackling real-world challenges. For teams like those at Red Hat, these strategies enable faster, safer releases, aligning technical excellence with business continuity.
Links:
[DotSecurity2017] DevOps and Security
In development’s dynamic deluge, where velocity’s vortex vanquishes venerable verities, security’s synthesis with speed spawns safer sanctums. Zane Lackey, Signal Sciences’ CTO and Etsy alumnus, shared this synthesis at dotSecurity 2017, recounting Etsy’s evolution from waterfall’s wane to DevOps’ dawn—100 deploys diurnal, security self-sufficiency’s sunrise. A sentinel schooled in scaling safeguards, Zane’s zeitgeist: shift from gatekeeper’s glower to enabler’s embrace, visibility’s vista vitalizing vigilance.
Zane’s zeitgeist zeroed on transformations: velocity’s vault (18 months to moments), infrastructure’s illusion (cloud’s churn, containers’ cadence), ownership’s osmosis (devs’ dominion over deploys). Security’s schism: outsourced obstruction to integrated impetus—feedback’s flux fostering fixes. Etsy’s ethos: blameless postmortems’ balm, chatops’ chorus—vulnerabilities vocalized via Slack’s summons, fixes’ fanfare.
Visibility’s vanguard: dashboards’ dawn, signals’ symphony—Signal Sciences’ sentry sensing surges. Feedback’s finesse: CI’s critique, pull requests’ probes—vulnerabilities voiced in vernacular. Zane’s vignette: researcher’s rapport, exploits eclipsed by ephemeral emends—positive parleys from proactive patches.
DevOps’ dividend: safety’s surge in speed’s slipstream—mortals empowered, mishaps mitigated.
Transformations’ Tide and Security’s Shift
Zane zeroed on zeal: velocity’s vault, cloud’s churn—ownership’s osmosis. Gatekeeper’s glower to enabler’s embrace.
Visibility’s Vista and Feedback’s Flux
Dashboards’ dawn, chatops’ chorus—CI’s critique, pull’s probes. Zane’s vignette: researcher’s rapport, ephemeral emends.