DEV Community: Jose Roman Martin Gil

📛 Improving a GitHub Repo (II)!

Jose Roman Martin Gil — Tue, 20 Jun 2023 07:00:00 +0000

My first post of 📛 Improving a GitHub Repo describes many good things to add in any GitHub repository to be more productive and professional. However, that stuff can be hard to do every time a new repository is created, and we can forget to add something great. I found a way to accelerate this process and also do not forget to add anything great: GitHub Repository templates.

GitHub template repository is the best way to replicate an standard structure, including folders, documentation, workflows, branches, and any file required to set up a new project. Using this pattern we can homogenize the structure of any repository of your organization, or also your own projects, easily and saving a lot of time. If you need to standardize your projects, or you need to create many projects on demand, definitely a template repository is your tool.

As summary, the most great benefits of using repository template I found are:

⌛ Spend less time repeating code
🌟 Focus on building new things
🦾 Less manual configuration
📝 Sharing boilerplate code across the code base

And, the main features of a repository template are:

Copy the entire repository files to a brand new repository
Every template has a new url endpoint called /generate
Share repository template through your organization or other GitHub users

My own repository template

I create mw own GitHub Template repository in here: https://github.com/rmarting/gh-repo-template including all the things described in my previous post, or new things added along the time.

My template repository includes things such as:

Initial content files aligned with the common patterns in any Open Source project: Contribution guide, Code of Conduct, contributors, …
GitHub templates to report issues or open Pull Requests.
Standard badges to summarize the repository.
Standard workflows to release versions, or to implement Continuous Integration pipelines

So, creating a new repository and setting up it takes few seconds and steps. Amazing!!!

Do you have ideas, or comments about how to improve a template repository? Looking forward to hearing you with more contributions into my template repo, or adding comments in this post.

🤖🚩 Happy creation of new projects!!! 🤖🚩

🖭 How to resize a virtual disk

Jose Roman Martin Gil — Fri, 16 Jun 2023 07:00:00 +0000

If you work with VMs it is very common that sometimes you need more space, but your VMs were defined with an estimated size. I started to use Virtual Machine Manager to manage my VMs when I joined to Red Hat (sorry but in my previous life I usually used Oracle VM VirtualBox) and sometimes I need to resize my image files but I didn’t know how to do it.

Thanks to Oscar Arribas Arribas I learned to do it using a fewvirt-xxx commands. It is very possible to do it using other commands/steps/alternatives however this way is good for me.

Step 0️⃣ - Checking current VM disk size

Inside of your VM you can check the size of the each disk with the df command:

[rhmw@f38mw01 ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 977M 0 977M 0% /dev/shm
tmpfs 391M 1.3M 390M 1% /run
/dev/vda3 19G 4.7G 14G 26% /
tmpfs 977M 40K 977M 1% /tmp
/dev/vda3 19G 4.7G 14G 26% /home
/dev/vda2 974M 257M 650M 29% /boot
tmpfs 196M 56K 196M 1% /run/user/42
tmpfs 196M 40K 196M 1% /run/user/1000

Here the home has 20G allocated. I would like to extend it to 40G.

Step 1️⃣ - Creating a new disk image

Your VM must be stopped before starting to resize it using a new disk image with the desired size.

We can create a new disk using the qemu-img tool, something like this:

on 🎩 ❯ qemu-img create -f qcow2 f38mw01-resized.qcow2 40G
Formatting 'f38mw01-resized.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=42949672960 lazy_refcounts=off refcount_bits=16

Or creating the new image file by the Storage tab in the virt-manager Connection Details option (Edit -> Connection Details):

Step 2️⃣ - Renaming the old disk image

Rename the old image file as a backup file (it could be needed to use in a roll-back case):

mv f38mw01.qcow2 f38mw01.qcow2.backup

You can also describe the file systems in the old image file:

on 🎩 ❯ sudo virt-filesystems --long -h --all -a f38mw01.qcow2.backup
Name Type VFS Label MBR Size Parent
/dev/sda1 filesystem unknown - - 1.0M -
/dev/sda2 filesystem ext4 - - 973M -
/dev/sda3 filesystem btrfs fedora_localhost-live - 19G -
btrfsvol:/dev/sda3/home filesystem btrfs fedora_localhost-live - - -
btrfsvol:/dev/sda3/root filesystem btrfs fedora_localhost-live - - -
btrfsvol:/dev/sda3/root/var/lib/machines filesystem btrfs fedora_localhost-live - - -
/dev/sda1 partition - - - 1.0M /dev/sda
/dev/sda2 partition - - - 1.0G /dev/sda
/dev/sda3 partition - - - 19G /dev/sda
/dev/sda device - - - 20G -

Step 3️⃣ - Truncating the new disk image

Truncate the old image file and resize the new image file with the new space:

on 🎩 ❯ sudo truncate -r f38mw01.qcow2.backup f38mw01-resized.qcow2
on 🎩 ❯ sudo truncate -s +20G f38mw01-resized.qcow2

Step 4️⃣ - Expanding the new disk image

Expand the new image file using as base the old image file. In this step I am expanding the physical disk mounted for the home folder.

on 🎩 ❯ sudo virt-resize --expand /dev/sda3 f38mw01.qcow2.backup f38mw01-resized.qcow2
[0.0] Examining f38mw01.qcow2.backup
**********

Summary of changes:

virt-resize: /dev/sda1: This partition will be left alone.

virt-resize: /dev/sda2: This partition will be left alone.

virt-resize: /dev/sda3: This partition will be resized from 19.0G to 39.0G. 
 The filesystem btrfs on /dev/sda3 will be expanded using the 
‘btrfs-filesystem-resize’ method.

**********
[2.6] Setting up initial partition table on f38mw01-resized.qcow2
[13.4] Copying /dev/sda1
[13.4] Copying /dev/sda2
 100% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒⟧ --:--
[15.8] Copying /dev/sda3
 100% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒⟧ 00:00
[48.0] Expanding /dev/sda3 using the ‘btrfs-filesystem-resize’ method

virt-resize: Resize operation completed with no errors. Before deleting 
the old disk, carefully check that the resized disk boots and works 
correctly.

Step 5️⃣ - Starting the VM with the new disk image

Rename the new disk image as the original one used by the VM:

on 🎩 ❯ mv f38mw01-resized.qcow2 f38mw01.qcow2

Start the VM and the check that our home has more space:

[rhmw@f38mw01 ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 977M 0 977M 0% /dev/shm
tmpfs 391M 1.3M 390M 1% /run
/dev/vda3 39G 4.7G 34G 13% /
tmpfs 977M 40K 977M 1% /tmp
/dev/vda2 974M 257M 650M 29% /boot
/dev/vda3 39G 4.7G 34G 13% /home
tmpfs 196M 56K 196M 1% /run/user/42
tmpfs 196M 40K 196M 1% /run/user/1000

The /dev/vda3 now is 34G (in the step 0, the size was 19G). Great!!!

Bonus Track 💡 - Resizing Microsoft Windows VMs

I know, I know what you are thinking 🤔 … this stuff works because I am using a Linux OS 😇. However, this process also works for Windows VMs.

Here an example of a Windows 10 with a hard disk of 40G to extend to 50G:

The process is exactly the same:

Create new disk image:

on 🎩 ❯ qemu-img create -f qcow2 win10-resized.qcow2 50G
Formatting 'win10-resized.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=53687091200 lazy_refcounts=off refcount_bits=16

Back the original disk image:

on 🎩 ❯ mv win10.qcow2 win10.qcow2.backup

Check the file systems of the old image:

on 🎩 ❯ sudo virt-filesystems --long -h --all -a win10.qcow2.backup 
Name Type VFS Label MBR Size Parent
/dev/sda1 filesystem ntfs System Reserved - 579M -
/dev/sda2 filesystem ntfs - - 39G -
/dev/sda1 partition - - 07 579M /dev/sda
/dev/sda2 partition - - 07 39G /dev/sda
/dev/sda device - - - 40G -

Truncate the new disk image:

on 🎩 ❯ sudo truncate -r win10.qcow2.backup win10-resized.qcow2 
on 🎩 ❯ sudo truncate -s +10G win10-resized.qcow2

Expand the new disk image:

on 🎩 ❯ sudo virt-resize --expand /dev/sda2 win10.qcow2.backup win10-resized.qcow2 
[0.0] Examining win10.qcow2.backup
**********

Summary of changes:

virt-resize: /dev/sda1: This partition will be left alone.

virt-resize: /dev/sda2: This partition will be resized from 39.4G to 49.4G. 
 The filesystem ntfs on /dev/sda2 will be expanded using the 
‘ntfsresize’ method.

**********
[1.9] Setting up initial partition table on win10-resized.qcow2
[2.8] Copying /dev/sda1
[3.6] Copying /dev/sda2
 100% ⟦▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒⟧ 00:00
[55.7] Expanding /dev/sda2 using the ‘ntfsresize’ method

virt-resize: Resize operation completed with no errors. Before deleting 
the old disk, carefully check that the resized disk boots and works 
correctly.

Rename the new disk using the original name

on 🎩 ❯ mv win10-resized.qcow2 win10.qcow2

Start the VM and check the new disk size:

🚩 Happy resizing!!! 🤖

📛 Improving a GitHub Repo!

Jose Roman Martin Gil — Mon, 12 Jun 2023 07:00:00 +0000

I have been using GitHub for a long time and I spent time on a daily basis reviewing repos in the Open Source space. One of the most important things , from my point of view, is to get a good overview of the repository, a good documentation, but also good highlights, such as releases, status of the project, Changelogs, Contribution Guides, emojis (why not?) … so I can get faster a good summary of the repository. This is not easy and there are many different ways to do it, but I found some of them very easy to add in any repository.

This post covers two of these mechanisms to improve any GitHub Repository:

📛 Repository Badges
✅ Changelogs and 🤖🚩automatic releasing process

📛 Repository Badges

How does it look like a repo with badges? Something like this:

Nice 🫶, right?

Badges are an easy way to summarize a repo with information about topics such as building, test results, license, pipelines or workflows, versions, … This information provides quality metadata coming from many different resources. So meanwhile you are browsing, you get all this information in a single view. Incredible!

I found a simple way to integrate almost any badge in my repository …Shields.io. It is a service providing badges in different formats to integrate in GitHub readme files. This service supports a bunch of continuous integration services, package registries, distributions, app stores, social networks, code coverage services, and code analysis services (anything else? 🤷🏽‍♀️).

In short, using the web site you can customize your badge to your own requisites and 3rd party services, getting a code to add in your GitHub readme easily.

For example, the previous image is rendered using the next entries in my readme file of my Blog site repository:

![License](https://img.shields.io/github/license/rmarting/rmarting.github.io?style=plastic)
![Main Lang](https://img.shields.io/github/languages/top/rmarting/rmarting.github.io)
![Languages](https://img.shields.io/github/languages/count/rmarting/rmarting.github.io)
![Last Commit](https://img.shields.io/github/last-commit/rmarting/rmarting.github.io)

Easy ✅, and powerful 💪! So, don’t forget to add your badges in your repo to help me, and others 🤗!

✅ Changelogs and 🤖🚩automatic releasing process

Changelog, as a comprehensive and up-to-date file, is crucial for effective project management and collaboration. A changelog serves as a documented record of all the notable changes, enhancements, and bug fixes made to your software over time. It not only provides transparency and accountability but also facilitates communication among team members and external contributors. This file enables users and developers to easily track the evolution of the project, understand the latest features and improvements, and quickly identify any potential issues or compatibility concerns.

Getting all these benefits require a regular updating of that file, usually after releasing a new version or iteration of our software. But, how to track all the changes between versions? Who should do it? When? … It seems that it could be tedious every time if we have to do it manually … we can forget something to add, or we can forget to update it at all.

As fan of …

There is a way to automatically update the changelog file every time a new version is released. This blog post summarizes this process.

Step 1️⃣ - Create your Changelog file

Create a file, usually called CHANGELOG.md, with the following content:

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

To delve deeper into the significance of changelog files and learn about best practices for creating and maintaining them, I recommend checking out Keep a Changelog. This resource offers a comprehensive guide and industry-accepted standards for crafting informative and well-structured changelogs.

Step 2️⃣ - Use a Release workflow to publish new releases

The Release Drafter GitHub Action is an incredible GitHub action to automate a new release of the repository. The action is initially designed to draft a new release, but it is also valid to release automatically the version. In my case, I will automatically release the version as soon as a new tag is pushed.

The following release-drafter.yml file inside of the .github/workflows folder will publish a new release after a new tag is pushed into the repository. The tag must be aligned with theSemantic Versioning:

name: 🔖 Release Drafter 🔖

on:
  push:
    tags:
      - v[0-9]+.[0-9]+.[0-9]+

permissions:
  contents: read

jobs:
  update_release_draft:
    name: Release drafter
    runs-on: ubuntu-latest
    permissions:
      # write permission is required to create a github release
      contents: write

    steps:
      - name: Update Release Draft
        uses: release-drafter/release-drafter@v5
        with:
          publish: true
          prerelease: false
        env:
          # Instead of GITHUB_TOKEN Ref: https://github.com/stefanzweifel/changelog-updater-action/discussions/30
          GITHUB_TOKEN: $

The publish: true attribute publishes the release as final, just because the prerelease attribute is marked as false.

Step 3️⃣ - Format the Release content

The content of the release will include information coming from the different pull request, issues, and commits. This information can be included automatically into the release notes using different patterns. These patterns are described in the release-drafter.yml file inside .github folder:

The following example is a full example using different categories of information to add into the release notes.

# This release drafter follows the conventions from https://keepachangelog.com

name-template: 'v$RESOLVED_VERSION'
tag-template: 'v$RESOLVED_VERSION'
template: |
  ## What Changed 👀

  $CHANGES

  **Full Changelog** : https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...v$RESOLVED_VERSION
categories:
  - title: 🚀 Features
    labels:
      - feature
      - enhancement
  - title: 🐛 Bug Fixes
    labels:
      - fix
      - bug
  - title: ⚠️ Changes
    labels:
      - changed
  - title: ⛔️ Deprecated
    labels:
      - deprecated
  - title: 🗑 Removed
    labels:
      - removed
  - title: 🔐 Security
    labels:
      - security
  - title: 📄 Documentation
    labels:
      - docs
      - documentation      
  - title: 🧩 Dependency Updates
    labels:
      - deps
      - dependencies
    collapse-after: 5

change-template: '* $TITLE (#$NUMBER)'
change-title-escapes: '\<*_&' # You can add # and @ to disable mentions, and add ` to disable code blocks.

exclude-labels:
  - skip-changelog

Step 4️⃣ - Update Changelog file

After a new version is released, we want to update the changelog with the latest changes, as we are doing with the release notes. We can automate it using another amazing GitHub Action - Changelog Updater.

This action can be integrated into another workflow (i.e: update-changelog.yml inside of the .github/workflows folder). This workflow can be similar to:

name: 📄 Update Changelog 📄

on:
  release:
    types: [released]

jobs:
  update:
    name: Update Changelog
    runs-on: ubuntu-latest
    permissions:
      # Give the default GITHUB_TOKEN write permission to commit and push the 
      # updated CHANGELOG back to the repository.
      # https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
      contents: write    

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Update Changelog
        uses: stefanzweifel/changelog-updater-action@v1
        with:
          latest-version: $
          release-notes: $

      - name: Commit updated Changelog
        uses: stefanzweifel/git-auto-commit-action@v4
        with:
          branch: main
          commit_message: '🔖 Update changelog'
          file_pattern: CHANGELOG.md

So, this workflow will start when a new release is released (types: [released]), including the changes from previous release and committing the change into the main branch of our repo.

Step 5️⃣ - Linking release and update changelog workflows

There is an issue reported hereabout how to automatically trigger the update changelog workflow from the release workflow. The workaround to fix it requires adding a new secret (i.e: PERSONAL_ACCESS_TOKEN) into your repo:

Step 6️⃣ - Release a new version

Now, it is very simple, just follow your development workflow, using your pull-request life cycle, add the labels of your own repository, and then tag a new version when you are ready to do it.

Push it into your repo:

git tag v1.2.1 -m "Version 1.2.1"
git push origin v1.2.1

The workflows run as expected:

… a new release is created, including the notes:

… and the changelog is updated too:

This is …

🤖🚩 Happy automating releasing!!! 🤖🚩

References

This blog post is my own summary about this process, but it was based from the content and experience of others, such as:

My kudos ❤️ to all of them!!!

Cloud Native CICD Pipelines in OpenShift

Jose Roman Martin Gil — Fri, 01 Apr 2022 00:00:00 +0000

Cloud Native CICD Pipelines in OpenShift

My first Continuous Integration andContinuous Delivery pipelines (from now CICD) were created with Hudson(I know, I know !! I am very old 👴 on this space), and after that with Jenkinsfor longer time. During this long period I used it (and others similar) to build, test, package, and deploy many different kind of applications (Monolith, SOA Services, Microservices, standalone apps, …) into many different kind of platforms (Tomcat, Red Hat JBoss Enterprise Applications,WebLogic, …) and of course on containers platform such as Red Hat OpenShift.

However, in cloud environments with cloud native applications in some cases I found so much complexity not easy to deal with it. Basically these tools were defined to run on Virtual Machines, required IT operations for maintenance, conflicts between teams or projects with shared plugins or extensions, no native interoperability with Kubernetes resources, …

… and nowadays I found a new player in this scenario to improve my CICD pipelines in the new Cloud Native World, with containers, Kubernetes, and OpenShift. This player is Tekton, orRed Hat OpenShift Pipelines as the enterprise version for OpenShift.

Tekton is a cloud-native solution for building CICD systems, providing a set of building blocks, components and an extended catalog (Tekton Hub) with great resources to use, making it a complete ecosystem. It is part of the CD Foundation with a great community, very active.

As Tekton is installed as a Kubernetes Operator, providing Custom Resources Definitionsto define the building blocks, it is very easy to create, and reuse them in the pipelines. As other Kubernetes or OpenShift objects, Tekton CRDs are first-citizens, so many of the processes uses to manage your OpenShift platform are valid for them. For example, as a fan of Everything as Codepractice, I can define my CICD pipelines as code and store them in a Git repository.

Tekton uses the services provides by the OpenShift, so it is designed for containers, and scalability. It means that the pipelines and tasks are executed on-demand with containers, so it is easy to scale them. We, as CICD designers, don’t need to deal with the platform, or infrastructure, as OpenShift provides us the services, and Tekton the objects to design the flow of our CICD pipeline.

In that integration with OpenShift services, the building images processes are now really native and we could use any of the technologies available, such as source-to-image,buildah, kaniko,jib, … Not more needed creating a custom image for a Jenkins-agent to build our application.

The same to integrate the deployment processes of your application, as you can interact natively with the platform … but in this scenario I am more fan to move the Continuous Delivery following the GitOps approach with another amazing tool as ArgoCD (but that is another story, and other blog-post 😉).

At last, but not least, Tekton provides a set of amazing tooling to use on your favorite IDE, command-line tool and so on, and accelerate the adoption by your side, and make your life easier:

So, let’s go through across the main components of this amazing project.

Tekton Components

Tekton provides a set of different components to design and build your pipelines:

Tasks
Pipelines
Workspaces
Triggers

There are others too, but these ones are the base.

Tasks

Tasks is a collection of Steps that you define and arrange in a specific order of execution as part of your continuous integration flow.

Tasks can have more than one step, allowing to specialize the task with more detailed steps. The steps will run in the order in which they are defined in the steps array.

A Task is available within a specific namespace, while a ClusterTask is available across the entire cluster.

A Task is executed as a Pod on your OpenShift cluster.

This is the typical Hello World Task.

apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: hello-task
spec:
  steps:
    - name: say-hello
      image: registry.redhat.io/ubi7/ubi-minimal
      command: ['/bin/bash']
      args: ['-c', 'echo Hello World']

Meanwhile a Task is a definition, the execution of the task with the results and outputs is a TaskRun.

An execution of previous task should be similar to (simplified and omitted some fields):

apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
  generateName: hello-task-run-
  name: hello-task-run-9d8hs
  uid: f3c8d81b-3e8d-4ad5-a01b-bf9b147485f6
  creationTimestamp: '2022-03-31T16:34:41Z'
  namespace: pipelines-demo
  labels:
    app.kubernetes.io/managed-by: tekton-pipelines
    tekton.dev/task: hello-task
spec:
  taskRef:
    kind: Task
    name: hello-task
status:
  completionTime: '2022-03-31T16:34:47Z'
  conditions:
    - lastTransitionTime: '2022-03-31T16:34:47Z'
      message: All Steps have completed executing
      reason: Succeeded
      status: 'True'
      type: Succeeded
  podName: hello-task-run-9d8hs-pod-kqcjv
  startTime: '2022-03-31T16:34:41Z'
  steps:
    - container: step-say-hello
      imageID: >-
        registry.redhat.io/ubi7/ubi-minimal@sha256:700ec6f27ae8380ca1a3fcab19b5630d5af397c980628fa1a207bf9704d88eb0
      name: say-hello
      terminated:
        containerID: cri-o://346b671912a63a98b310f0f06f0bcd9d9e3fab3b24a75246aed4921863b1d146
        exitCode: 0
        finishedAt: '2022-03-31T16:34:46Z'
        reason: Completed
        startedAt: '2022-03-31T16:34:46Z'

OpenShift provides a great dashboard to browse and inspect the Tasks and TasksRun

Pipelines

Pipelines are a collection of Tasks that you define and arrange in a specific order of execution as part of your continuous integration flow. In fact, tasks should do one single thing so you can reuse them across pipelines or even within a single pipeline.

You can configure various execution conditions to fit your business needs.

This example could give you a general view of a pipeline. This pipeline should be represented as:

Each Task in a Pipeline executes as a Pod on your OpenShift cluster.

Meanwhile a Pipeline is a definition, the execution of the pipeline with the results and outputs is a PipelineRun.

OpenShift provides a great dashboard to browse and inspect the Tasks and TasksRun

Workspaces

Workspaces allow Tasks to declare parts of the filesystem that need to be provided at runtime by TaskRuns. The main use cases are:

Storage of inputs and/or outputs
Sharing data among Tasks
Mount points for configurations held in Secrets or ConfigMaps
A cache of build artifacts that speed up jobs

Workspaces are similar to Volumes except that they allow a Task author to defer to users and their TaskRuns when deciding which class of storage to use.

Triggers

Triggers are the components ready to detect and extract information from events from a variety of sources and execute Tasks or Pipelines to respond them.

Triggers are a set of different objects:

EventListener: listens for events at a specified port on your OpenShift cluster. Specifies one or more Triggers or TriggerTemplates.
Trigger: specifies what happens when the EventListener detects an event. It is defined with a TriggerTemplate, a TriggerBinding, and optionally, an Interceptor.
TriggerTemplate: specifies a blueprint for the resource, such as a TaskRun or PipelineRun, that you want to instantiate and/or execute when your EventListener detects an event.
TriggerBinding: specifies the fields in the event payload from which you want to extract data and the fields in your corresponding TriggerTemplate to populate with the extracted values. You can then use the populated fields in the TriggerTemplate to populate fields in the associated TaskRun or PipelineRun.

The most common use case of the Triggers and EventListeners is integrated with Git repositories through the use of WebHooks. A Git mechanism to get data from any change in a Git repository.

Show me the code

But, you could do more things with OpenShift Pipelines, to design you cloud native pipelines. This is a small briefing of the main characteristics and features. But if you want to play with this new toy, I created a sample GitHub repository with a demo of tasks, pipelines and triggers.

https://github.com/rmarting/ocp-pipelines-demo

From here, only your imagination, use cases and Tekton could help you to create amazing pipelines in a easy, descriptive and simple way.

And if you want to dive deeper, don't miss to check the following references:

Tekton Documentation
Pipelines as Code, an opinionated CI based on OpenShift Pipelines / Tekton.
Tekton Chains for supply chain security.

Happy cloud-native pipelining 😃!!!

Monorepo, GitOps, CICD and beyond

Jose Roman Martin Gil — Fri, 25 Mar 2022 10:00:00 +0000

GitOps Product Monorepo Sample

Developing cloud native products following Agile, and DevOps practices could require to use different approaches, patterns and processes to do it in a fast pace. Many of the most common patterns in this space are:

Product Monorepo
Trunk-based development
GitOps
Cloud Native Application
Continuous Integration, Continuous Delivery and Continuous Deployment
Sealed Secrets

Use all of them at the same time could be a challenge for a new team, but it is possible getting the best benefits from each of them. I have working in many different use cases and products for a long time, many times using these patterns in somehow, learning from the pitfalls, and getting the best benefits. This repo represents an opinionated manner to do it for a new product team, combining all these practices in the same place.

Hoping this approach could help in your use case. Use carefully all the assess, and land into your specif use case.

The product is the software solution created for a business scenario, adding the value and solution to achieve the goals of the business. We build software to resolve business scenarios.

❗ Soon a blog post will try to clarify many of the aspects related with this repo. Stay tunned!❗

Product Monorepo

Product Monorepo means to have everything related with a software product in one single place, shared with the product team, to implement the full Software Delivery Life cycle of the product.

One of the most important topics for a Product Monorepo is to have a clear folder structure, otherwise you could get a chaotic layout with more pains that gains.

This repo is organized as:

bootstrap folder includes the initial components to setup the environment, mainly tools to define the base of the rest of the solution.
apps folder includes the list of applications or components of the product.
charts folder includes the Helm Charts to accelerate the deployment of any component, tool or application related with the product.
argocd folder includes the items related with ArgoCD and GitOps.
tekton folder includes the items related with Tekton and Pipelines.
e2e-test folder includes the end-to-end test suites of the product.

Trunk-based Development

A Monorepo is a specific Trunk-Based Development implementation where the product team puts its source for all applications/services/libraries/frameworks into one repository and forces team members to commit together in that trunk - atomically.

The trunk branch is defined basically as productive and any change merged there is candidate to be deployed in any environment, including production. There are not any other starting point to promote changes, as everything is integrated in the trunk. Other branches are considered ephemeral, to manage short pieces of changes, with a review process (by pair programming or by a Pull Request) before to be merged into the trunk.

This method allows the team members to develop fast small chunks (many times as features flagsor not), with sooner integrations cycles, reducing merge conflicts, and promoting changes to others faster.

GitOps

GitOps defines the source of truth a Git repository, where everything starts from there and defining the desired state of our product.

Cloud Native Application

Designing our product as a Cloud Native solution will bring us many benefits in cloud environments. Most of the cases a Microservice architecture following the Twelve-Factor Appmethodology is the right starting point. Our product will implement that methodology.

Continuous Integration, Continuous Delivery and Continuous Deployment

Any product in the new automated era must be done without the most well-known benefits ofContinuous Integration,Continuous Delivery andContinuous Deployment. Otherwise you are failing from the beginning.

Sealed Secrets

GitOps means “if it’s not in Git, it’s NOT REAL” , so it is a challenge to store sensitive data, like credentials, in Git repositories, where many people can access?. OpenShift provides a good way to manage sensitive data in the platform, but we need to extend it with other great tools to store sensitive data in Git without any break of security.

Here Sealed Secrets arrives to help us.

Playing with our Product Monorepo

Now, it is time to play 🎲.

This repository defines a sample product with the following applications:

A sample Angular application as frontend for the final users. Details here
A sample Quarkus application as backend to manage the business logic of our product. Details here

Requirements

This repository had been developed and tested in the following environment:

Red Hat OpenShift Container Platform 4.10
Red Hat OpenShift GitOps 1.4.3 (ArgoCD)
Red Hat OpenShift Pipelines 1.6.2 (Tekton)
Sealed Secrets Helm Chart 1.16.1

Bootstrapping Red Hat OpenShift Container Platform

To prepare your OCP environment, review and follow the bootstrap instructions

If everything goes fine, your environment should look like as:

GitOps with ArgoCD

To prepare the GitOps scenario with ArgoCD, review and follow the instructions.

If everything goes fine, your ArgoCD should look like as:

CICD with Tekton Pipelines

This Product Monorepo has a set of different pipelines to cover the Software Delivery Life cycle, integrated in our GitOps approach. The pipelines are described here.

Feedback, Comments, and improvements

As this is an opinionated approach, from my field experience in real scenarios and use cases, I am always open to learn from other experiences and use cases. Feel free to comment, improve or change my mind with your great ideas. Don’t forget to review our Contribution Guide do it in many different ways (issues, pull-request, comments, …), don’t miss the chance to do it.

I also open to share this approach, techniques and tools in community, meetup or simple group of colleagues around topics such as DevOps, Agile, GitOps, Cloud Native, … If you think that I can participate, please, let me know it.

If you are here, thank you so much. 😄 🎉

Lessons learned migrating Spring Boot to Quarkus

Jose Roman Martin Gil — Fri, 03 Dec 2021 09:15:00 +0000

This blog post describes a set of lessons learned from my personal experience migrating Spring Boot applications to Quarkus. The article does not cover all the topics, approaches, architectures or designs to keep in mind for an enterprise full migration project, but it includes a set of conclusions from a personal perspective.

Cloud Native Applications, Microservices Architectures, Event-Driven Architectures, Serverless, … are the most common patterns, designs and topics used by Enterprise, Start-ups, and Software Companies to design and deploy new applications in this new Cloud Era (a.k.a Kubernetes Era). To build these kinds of new applications exists a list of different technologies, frameworks and languages (Go, Node.JS, Java, …) however one of the most extended and used is Spring Boot.

Spring Boot is a well-known framework, with a large community of developers, long history and friendly for many developers. However Spring Boot has other behaviors that could not fit well in a Cloud Native environment (resources consumption, startup time, response time, development lifecycle, …).

Quarkus is the new player in the playground to design new applications under these paradigms.

Quarkus is a full-stack, Kubernetes-native Java framework made for Java Virtual Machines and native compilation. Quarkus is crafted from best-of-breed Java libraries and standards with amazingly fast boot times and incredibly low memory in container orchestration platforms like Kubernetes.

Quarkus has a clear vision based in:

Container First: Optimized for low memory usage and fast startup times.
Imperative and Reactive: Designed with this new world in mind and provides first-class support for these different paradigms.
Developer Joy: Designed to make happy and fun the developer’s life.
Community and Standards: No need to learn new technologies, designed on top of proven standards (Eclipse MicroProfile, JAX-RS, JPA, …)
Kube-native: Providing tools optimized for Kubernetes.

Houston, we have a problem! Quarkus versus Spring Boot? Quarkus? Spring Boot? Which one?

In many migration projects (frameworks, application servers, jdk, …) the effort to adapt the source code to the new platform was one key. Refactoring code implies a range effort between trivial to epic and it could decline the decision to go or not to go. Refactoring from Spring Boot to Quarkus could be another one.

This article describes the following migration approaches from Spring Boot to Quarkus:

Migrating to Quarkus Extensions for Spring Boot
Refactoring to Standard Libraries and Quarkus Extensions

🚨🚨 Disclaimer and Spoiler Alert This article is not an official migration guide. 🚨🚨

Any kind of migration requires analyzing different things to answer questions such as why?, who?, when?, how?, where?. These questions are not easy to analyze and describe in a single article because they involve a large number of aspects like: processes, people, management, testing, … but who does not listen to sentences such as: Java is dead now; XX framework is better for cloud containers, Java consumes a lot of resources, … Well, Quarkus changes many of those sentences.

This article only wants to focus on some aspects of how to code/refactor the source code from Spring Boot to Quarkus. It does not cover all the features or capabilities of both frameworks but it summarizes a set of lessons learned from my personal experience. Quarkus is a highly active community so some of these lessons could change in the future (maybe in a few days).

Application to migrate

This blog post is based on a Spring Boot application with the following modules or components:

Spring Boot 2
REST Endpoints based in Spring Web
Apache Kafka as messaging system
Apicurio Service Registry as API schema registry
Avro schemas

It is a base to start to analyze this migration, where some other common features are not included (e.g: Persistence in Databases) to reduce the scope of this migration.

The original code of this application is available here.

The original application starts in 5 seconds:

2021-12-03 09:33:56.724 INFO 1 --- [main] com.rmarting.kafka.Application : Started Application in 5.132 seconds (JVM running for 5.76)

Migrating to Quarkus Extensions for Spring Boot

This approach is focused on reducing the number of changes and reuse as much code as possible. This approach is available thanks to a set of Quarkus Extensions for Spring Boot, designed to provide a compatibility layer for Spring Boot. At the time of writing this article the following Quarkus Extensions for Spring are available:

spring-di : Compatibility layer for Spring dependency injection.
spring-web : Compatibility layer for Spring Web.
spring-boot-properties : Compatibility layer to set up your Spring Boot using @ConfigurationProperties annotations.
spring-security : Compatibility layer for Spring Security.
spring-cache : Compatibility layer for Spring Cache annotations.
spring-data-jpa : Compatibility layer for Spring Data JPA repositories.
spring-scheduled : Compatibility layer for Spring Scheduled.
spring-cloud-config-client : Compatibility layer to read configuration properties at runtime from the Spring Cloud Config Server.

NOTE : Some extensions are considered preview, so backward compatibility and presence in the ecosystem is not guaranteed.

The main list of changes done to migrate the application is:

Quarkus requires JDK 11.
spring-di, spring-web and spring-boot-properties extensions are basically mandatory for any Spring Boot applications. We could say that they are the base for any migration to Quarkus Spring.
These extensions provide the base features of Spring Boot such as: Dependency Injection, Web, Configuration.
Although the compatibility layer supports most of the Spring DI capabilities, some arcane features may not be supported.
Spring Web Annotations could be maintained exactly equals.
Swagger annotations must be refactored to use MicroProfile OpenAPI. This refactor basically needs to use classes fromorg.eclipse.microprofile.openapi.annotations package.
OpenAPI and Swagger capabilities are provided now by thequarkus-smallrye-openapi extension, not needed by other OpenAPI or Swagger dependencies.
Health checks (actuators provided by spring-boot-starter-actuator) are now provided by quarkus-smallrye-health extensions. It requires new liveness and readiness proves in your deployment in Kubernetes.
Integration with Kafka using the Kafka Producer and Consumer API (provided by the Kafka Clients) only requires the use of quarkus-kafka-client extension.
Spring Kafka has not an equivalent compatible Spring extension, however Quarkus provides quarkus-smallrye-reactive-messaging-kafka extension with a set of new annotations to consume, produce or data streaming with Apache Kafka. It means a small set of changes.

The result of this migration is available here.

This new application starts in less of 2 seconds:

Dec 03, 2021 9:51:17 AM io.quarkus.bootstrap.runner.Timing printStartupTime
INFO: kafka-clients-sb-sample 3.0.0-SNAPSHOT on JVM (powered by Quarkus 1.13.7.Final) started in 1.887s. Listening on: http://0.0.0.0:8181

Refactoring to Standard Libraries and Quarkus Extensions

This approach implies a change in the mindset of your application, aligning with standards and refactoring your code. However you will get a full-compliant Quarkus application and then you are able to use all its empowerment.

For this approach I need to map the Spring Boot features with the right Quarkus Extensions:

Spring Boot Feature	Quarkus Extension
spring-di	Quarkus CDI
spring-boot-starter-web	JAX-RS Services
spring-boot-starter-actuator	MicroProfile Health
springdoc-openapi-ui	OpenAPI and Swagger UI
spring-kafka	Kafka with Reactive Messaging

The main list of changes done to migrate the application is:

Quarkus requires JDK 11.
Refactor @Service, @Component, @Autowired Spring annotations to @Singleton, @ApplicationScoped, @Inject CDI annotations.
Refactor @Configuration, @Value Spring annotations to@ApplicationScoped, @ConfigProperty Quarkus annotations
Refactor Spring Web Annotations to JAX-RS Annotations. This guide includes a conversion table.
Swagger annotations must be refactored to use MicroProfile OpenAPI. This refactor basically needs to use classes fromorg.eclipse.microprofile.openapi.annotations package.
OpenAPI and Swagger capabilities are provided now by quarkus-smallrye-openapi extension, not needed by other OpenAPI or Swagger dependencies.
Health checks (actuators provided by spring-boot-starter-actuator) are now provided by quarkus-smallrye-health extension. It requires new liveness and readiness proves in your deployment in Kubernetes.
Integration with Kafka using the Kafka Producer and Consumer API (provided by the Kafka Clients) only requires the use of quarkus-kafka-client extension.
Spring Kafka has not an equivalent compatible Spring extension, however Quarkus provides quarkus-smallrye-reactive-messaging-kafka extension with a set of new annotations to consume, produce or data streaming with Apache Kafka. It means a small set of changes.

The result of this refactoring is available here.

This application starts in 1.4 seconds:

Dec 03, 2021 10:21:17 AM io.quarkus.bootstrap.runner.Timing printStartupTime
INFO: kafka-clients-sb-sample 3.0.0-SNAPSHOT on JVM (powered by Quarkus 1.13.7.Final) started in 1.387s. Listening on: http://0.0.0.0:8181

Lessons Learned

Both migration experiences could be summarized in the next lessons learned:

Migration to Quarkus has been feasible with less effort migration. Both approaches did not require a full investment or hard work.
Quarkus Extensions for Spring Boot are enough for most common modules (di, web, jpa, security, …) but maybe not cover yours (jta, web-services, complex injection references, …). Analyzing the application is mandatory to get the gap.
Quarkus Extensions for Spring Boot could not cover all Spring features, then a refactor to Quarkus could be needed (Health Endpoints, OpenAPI, Swagger UI, Messaging Integration). However, the effort to refactor it was not so hard.
Refactoring to Quarkus involves moving your code to standard libraries (that hopefully you already know like for instance JAX-RS), so the learning curve to start with Quarkus is minimal.
Refactor to Quarkus will give you the full-power of Quarkus and its extensions.
Bugs and issues could appear in both migrations. Quarkus is stable and it is growing up so fast, resolving them and adding new features. You can check it in the releases page.
Full Quarkus migrated application was the faster one after completing the refactoring, as you can see in the following chart. It is not a complete performance test, but it might give you an idea about the performance capabilities of Quarkus:

Implementation	Startup
Spring Boot	5 seconds
Quarkus extensions for Spring	1.7 seconds 🚀
Quarkus	1.4 seconds 🚀
Quarkus Native	0.042 seconds 🚀🚀

There is a list of other components not covered (e.g: testing, JPA, Cloud integration, security, …) in this blog post because it will extend the scope and length of this article. Quarkus is a highly active community where every day new features, issues and extensions are moving so some of these lessons learned could be covered, resolved or fixed soon.

Getting starting my migration

Migrating Spring Boot to Quarkus requires an effort to identify the best approach from the current state (AS-IS) to the final state (TO-BE) . There is not a silver bullet to migrate applications but there are some tools and references that could help:

Red Hat Migration Toolkit for Applications: This tool could analyze your code to identify the main migration issues. The latest version includes a set of rules to check your code and identify the main issues to migrate to Quarkus.
Quarkus Guides are a great resource for getting started in Quarkus.
Quarkus QuickStarts is a large repository of code with many samples.
Quarkus Blog.
Migrating SpringBoot PetClinic REST to Quarkus by Jonathan Vila as another migration reference from Spring Boot.
Migrating a Spring Boot microservices application to Quarkus
Migrating Spring Boot tests to Quarkus

🎉 Enjoy your journey to Quarkus. 🎉

Migrating Kafka clusters with MirrorMaker2 and Strimzi

Jose Roman Martin Gil — Fri, 19 Nov 2021 00:00:00 +0000

In this article we (my colleague Manuel Schindler
and I) would like to focus on the most common challenges to migrate Apache
Kafka clusters between different OpenShift platforms, and how to overcome
them by using Apache MirrorMaker and Strimzi Operators.

🗞️ ℹ️ LATEST NEWS ℹ️ 🗞️ This article has
been accepted and published in the Strimzi Blog
community 🎉 here. We are glad 🤩 to help and contribute in the Strimzi Community with our
experience and knowledge of this amazing Open Source project.

Thank you so much Strimzi Community!!! 💪 🎉

Greetings

Many thanks to some great colleagues for help us reviewing this content:

Hugo Guerrero
Jakub Scholz
Rafael Yanez
Paolo Patierno

Integrating Quarkus with Apicurio Service Registry

Jose Roman Martin Gil — Fri, 18 Dec 2020 09:15:00 +0000

Step by step most of the new cloud native applications and microservices designs are based inevent-driven architecture (EDA) to respond to real-time information based on sending and receiving of information about individual events. This kind of architecture is based on asynchronous non-blocking communication between event producers and consumers through a event streaming backbone, such as Apache Kafka running on top of Kubernetes. In these scenarios, where a large number of different events are managed, is very important to define a governance model where each event could be defined as an API to allow producers and consumers to produce and consume checked and validated events. A Service Registry will help us.

From my field experience with many projects I found that the most typical landscape is based in the most well-know next components:

Strimzi to deploy Apache Kafka clusters as streaming backbone.
Apicurio Service Registry as datastore for events API.
OpenShift Container Platform to deploy and run the different components.
Quarkus as framework to develop client applications.
Avro as data serialization system to declare schemas as events API.

This article describes how easy is to integrate your Quarkus applications with Apicurio Service Registry.

🤖 Apicurio Service Registry

Service Registry is a datastore for sharing standard event schemas and API designs across API and event-driven architectures. Service Registry decouples the structure of your data from your client applications, and to share and manage your data types and API descriptions at runtime. Decouples your data structure from your client applications reduces costs by decreasing overall message size, creates efficiencies by increasing consistent reuse of schemas and API designs across your organization.

Some of the most common uses cases where Service Registry helps us are:

Client applications can dynamically push or pull the latest schema updates to or from Service Registry at runtime without needing to redeploy.
Developer teams can query the registry for existing schemas required for services already deployed in production.
Developer teams can register new schemas required for new services in development or rolling to production.
Store schemas used to serialize and deserialize messages, which can then be referenced from your client applications to ensure that the messages that they send and receive are compatible with those schemas.

Apicurio is a open source project that provides a Service Registry ready to be involved in this scenario with the following main features:

Support for multiple payload formats for standard event schemas and API specifications.
Pluggable storage options including AMQ Streams, embedded Infinispan, or PostgreSQL database.
Registry content management using a web console, REST API command, Maven plug-in, or Java client.
Rules for content validation and version compatibility to govern how registry content evolves over time.
Full Apache Kafka schema registry support, including integration with Kafka Connect for external systems.
Client serializer/deserializer (Serdes) to validate Kafka and other message types at runtime.
Cloud-native Quarkus Java runtime for low memory footprint and fast deployment times.
Compatibility with existing Confluent schema registry client applications.
Operator-based installation of Service Registry on OpenShift.

💻 Client Applications Workflow

The typical workflow when we introduce a Service Registry in our architecture is:

Declare the event schema using some of the most data formats like Apache Avro, JSON Schema, Google Protocol Buffers, OpenAPI, AsyncAPI, GraphQL, Kafka Connect schemas, WSDL or XML schemas (xsd).
Register the schema as artifact in Service Registry through the Service Registry UI, API REST, Maven PlugIn or Java clients. From there client applications can then use that schema to validate that messages conform to the correct data structure at runtime.
Kafka Producer applications use a serializer to encode messages that conform to a specific event schema.
Kafka Consumer applications then use a deserializer to validate that messages have been serialized using that correct schema, based on a specific schema ID.

This workflow ensures consistent schema use and helps to prevent data errors at runtime.

📄 Avro Schemas into Service Registry

Avro provides a JSON schema specification to declare a large variety of data structures, such as our simple example:

{
  "name": "Message",
  "namespace": "io.jromanmartin.kafka.schema.avro",
  "type": "record",
  "doc": "Schema for a Message.",
  "fields": [
    {
      "name": "timestamp",
      "type": "long",
      "doc": "Message timestamp."
    },
    {
      "name": "content",
      "type": "string",
      "doc": "Message content."
    }
  ]
}

This schema will define a simple message event.

Avro also provides a Maven Plugin to autogenerate Java classes based in the schema definitions (.avsc files)

Now we could publish it into Service Registry to be used in runtime for our client applications. Apicurio Maven Plugin is an easy way to publish the schemas into the Service Registry with a simple definition in our pom.xml file.

<plugin>
   <groupId>io.apicurio</groupId>
   <artifactId>apicurio-registry-maven-plugin</artifactId>
   <version>${apicurio.version}</version>
   <executions>
      <execution>
         <phase>generate-sources</phase>
         <goals>
            <goal>register</goal>
         </goals>
         <configuration>
            <registryUrl>${apicurio.registry.url}</registryUrl>
            <artifactType>AVRO</artifactType>
            <artifacts>
               <!-- Schema definition for TopicIdStrategy strategy -->
               <messages-value>${project.basedir}/src/main/resources/schemas/message.avsc</messages-value>
            </artifacts>
         </configuration>
      </execution>
   </executions>
</plugin>

Using Apicurio Maven Plugin in the our application Maven Lifecycle could help us to define or extend our ALM (also our CI/CD pipelines) to publish or update the schemas every time we released new versions of them. It is not an objective of this article, but something that you could analyze more.

As soon we published our schema into Service Registry we could manage from the UI as:

🚀 Quarkus, Apache Kafka and Service Registry

Quarkus provides a set of dependencies to allow in our application to produce and consume messages to and from Apache Kafka. It is very straight forward to use it onces we add the dependency in our pom.xml file:

<!-- Kafka Clients -->
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-kafka-client</artifactId>
</dependency>
<!-- Reactive Messaging -->
<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-smallrye-reactive-messaging-kafka</artifactId>
</dependency>

Connect your application with the Apache Kafka cluster is so easy with the following property in your application.properties file:

kafka.bootstrap.servers = my-kafka-kafka-bootstrap:9092

Apicurio Service Registry provides Kafka client serializer/deserializer for Kafka producer and consumer applications. To add them into our application, you must add the next dependency:

<!-- Apicurio Serializer/Deserializer -->
<dependency>
    <groupId>io.apicurio</groupId>
    <artifactId>apicurio-registry-utils-serde</artifactId>
    <version>${apicurio.version}</version>
</dependency>

📥 Producing Messages from Quarkus

Quarkus provides a set of properties and beans to declare Kafka Producers to send messages (in our case Avro-schema instances) to Apache Kafka. The most important properties to set up are:

key.serializer: Identifies the serializer class to serialize the key of the Kafka record.
value.serializer: Identifies the serializer class to serialize the value of the Kafka record.

Here we have to add some specific values in these properties to allow the serialization process using Avro schemas registered in the Service Registry. Basically we need to identify the following concepts:

Serializer class to use Avro schemas, this class is provider by the Apicurio SerDe class: io.apicurio.registry.utils.serde.AvroKafkaSerializer
Apicurio Service registry endpoint to validate schemas: apicurio.registry.url
Apicurio Service strategy to look up the schema definition: apicurio.registry.artifact-id

So a sample definition for a producer bean to send messages could be similar to:

    @Produces
    @RequestScoped
    public Producer<String, Message> createProducer() {
        Properties props = new Properties();

        // Kafka Bootstrap
        props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, kafkaBrokers);

        // Security
        props.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG, kafkaSecurityProtocol);
        props.put(SaslConfigs.SASL_MECHANISM, "SCRAM-SHA-512");
        props.put(SaslConfigs.SASL_JAAS_CONFIG,
                "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" + kafkaUser
                        + "\" password=\"" + kafkaPassword + "\";");

        // Producer Client
        props.putIfAbsent(ProducerConfig.CLIENT_ID_CONFIG, producerClientId + "-" + getHostname());

        // Serializer for Keys and Values props.putIfAbsent(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
        props.putIfAbsent(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, AvroKafkaSerializer.class.getName());

        // Service Registry props.putIfAbsent(AbstractKafkaSerDe.REGISTRY_URL_CONFIG_PARAM, serviceRegistryUrl);
        // Topic Id Strategy (schema = topicName-(key|value)) - Default Strategy
        props.putIfAbsent(AbstractKafkaSerializer.REGISTRY_ARTIFACT_ID_STRATEGY_CONFIG_PARAM, TopicIdStrategy.class.getName());

        // Acknowledgement
        props.putIfAbsent(ProducerConfig.ACKS_CONFIG, acks);

        return new KafkaProducer<>(props);
    }

And you could finally send Messages (storing the artifact ID from Service Registry) to Apache Kafka:

    @Inject
    Producer<String, Message> producer;

    private MessageDTO publishRawMessage(final @NotEmpty String topicName,
                                         final @NotNull MessageDTO messageDTO,
                                         final boolean async) {
        // ... 
        RecordMetadata metadata = producer.send(record).get();
        // ....
    }

The message will be serialized adding the global ID associated to the schema used for this record. That global ID will be very important to consume later the message by the Kafka Consumer applications.

NOTE: This approach uses KafkaProducer API, however Quarkus includes the Emitter class to send messages easily. I developed my sample with the first approach to check that Kafka API is still valid using Quarkus.

📤 Consuming Messages from Quarkus

Quarkus also provides a set of properties and beans to declare Kafka Consumers to consume messages (in our case Avro-schema instances) from the Apache Kafka cluster. The most important properties to set up are:

key.deserializer: Identifies the deserializer class to deserialize the key of the Kafka record.
value.deserializer: Identifies the deserializer class to deserialize the value of the Kafka record.

Here we have to add some specific values in these properties to allow the deserialization process using Avro schemas registered in the Service Registry. Basically we need to identify the following concepts:

Deserializer class to use Avro schemas, this class is provider by the Apicurio SerDe class: io.apicurio.registry.utils.serde.AvroKafkaDeserializer
Apicurio Service registry endpoint to get valid schemas: apicurio.registry.url

So a sample configuration for a consumer template could be similar to:

# Configure the Kafka source (we read from it)
mp.messaging.incoming.messages.connector=smallrye-kafka
mp.messaging.incoming.messages.group.id=${app.consumer.groupId}-mp-incoming-channel
mp.messaging.incoming.messages.topic=messages.${app.bg.mode}
mp.messaging.incoming.messages.key.deserializer=org.apache.kafka.common.serialization.StringDeserializer
mp.messaging.incoming.messages.value.deserializer=io.apicurio.registry.utils.serde.AvroKafkaDeserializer
mp.messaging.incoming.messages.properties.partition.assignment.strategy=org.apache.kafka.clients.consumer.RoundRobinAssignor
mp.messaging.incoming.messages.apicurio.registry.url=${apicurio.registry.url}
mp.messaging.incoming.messages.apicurio.registry.avro-datum-provider=io.apicurio.registry.utils.serde.avro.ReflectAvroDatumProvider

You could declare a listener to consume messages (based in our Message schema) as:

    @Incoming("messages")
    public CompletionStage handleMessages(Message message) {
        IncomingKafkaRecord<String, io.jromanmartin.kafka.schema.avro.Message> incomingKafkaRecord =
                (IncomingKafkaRecord<String, io.jromanmartin.kafka.schema.avro.Message>) message.unwrap(IncomingKafkaRecord.class);

        LOGGER.info("Received record from Topic-Partition '{}-{}' with Offset '{}' -> Key: '{}' - Value '{}'",
                incomingKafkaRecord.getTopic(),
                incomingKafkaRecord.getPartition(),
                incomingKafkaRecord.getOffset(),
                incomingKafkaRecord.getKey(),
                incomingKafkaRecord.getPayload());

        // Commit message
        return message.ack();
    }

The schema is retrieved by the deserializer using the global ID written into the message being consumed from the Service Registry. Done!

📑 Summary

Your Quarkus applications integrate easily with the Service Registry and Apache Kafka to build your event-driven architecture. Thanks all these components you could get the following main benefits:

Ensure consistent schema use between your client applications.
Help to prevent data errors at runtime.
Define a governance model in your data schemas (versions, rules, validations).
Easy integration with client applications and components.

You could invest and analyse more to adapt or build your event-drive architecture with these components in the following reference links.

🔬 Show me the code

Everything seems great and cool, but you want to see how it is really working … then this GitHub repository is your reference.

Enjoying API eventing 😃!!!

🎉 Bonus Track

Quarkus 1.10.5.Final includes the native compilation of the Avro schemas capability. This command will compile as native my sample application:

❯ mvn package -Dquarkus.native.container-build=true -Dquarkus.native.container-runtime=podman -Pnative

But this is other story to write in other post! 😎

Connecting Apicurio Registry with secured Strimzi clusters

Jose Roman Martin Gil — Tue, 08 Dec 2020 09:15:00 +0000

Apicurio Registry is a datastore for sharing standard event schemas and API designs across API and event-driven architectures. Apicurio Registry decouples the structure of your data from your client applications, and enables you to share and manage your data types and API descriptions at runtime. Decoupling your data structure from your client applications reduces costs by decreasing overall message size, creates efficiencies by increasing consistent re-use of schemas and API designs across your organization.

Some of the most common uses cases where Apicurio Registry helps us are:

Client applications can dynamically push or pull the latest schema updates to or from Apicurio Registry at runtime without needing to redeploy.
Developer teams can query the registry for existing schemas required for services already deployed in production.
Developer teams can register new schemas required for new services in development or rolling to production.
Store schemas used to serialize and deserialize messages, which can then be referenced from your client applications to ensure that the messages that they send and receive are compatible with those schemas.

Apicurio provides a open sourced Schema Registry, ready to be involved in this scenario.

Apicurio Registry includes a set of pluggable storage options to store the APIs, rules and validations. The Kafka-based storage option, provided by Strimzi, is suitable for production environments when persistent storage is configured for Kafka clusters running on OpenShift.

In production environments security is not an option and it is something that must be provided by Strimzi for the different components connected to. Security will be defined by:

Authentication to ensure a secure client connection to the Kafka cluster.
Authorization to define which users have access to which resources.

This blog post describes the high level topics to keep in mind to connect Apicurio Registry to a secure Apache Kafka cluster.

🤖 OpenShift Operators

Strimzi and Apicurio Registry provides a set of OpenShift Operators, available through Operator Hub, to manage the life cycle of each component. Operators are a method of packaging, deploying, and managing OpenShift applications.

Strimzi Operators provide a set of Custom Resources Definitions (CRD) to describe the different components of the Kafka deployment (Zookeeper, Brokers, Users, Connect, …) These objects will provide the API to manage our Kafka cluster.

Strimzi Operators manage the authentication, authorization and users life cycle with the following custom resources:

Kafka Schema: Declares the Kafka topology and features to use. This object is managed by the Cluster Operator.
KafkaUser Schema: Declares a user for an instance of Strimzi, including the authentication, authorization and quotas definitions. This object is managed by the User Operator.

Apicurio Registry Operatorprovides a set of CRD to describe the different components of the Apicurio Registry deployment (storage, security, replicas, …) These objects will provide the API to manage our Apicurio Registry instance.

Apicurio Registry Operator manages the Apicurio Registry life cycle with the following custom resources:

ApicurioRegistry Schema: Declares the Apicurio Registry topology and main features to use. This object is managed by the Apicurio Operator.

👮 Authentication

Strimzi supports the following authentication mechanisms:

SASL SCRAM-SHA-512
TLS client authentication
OAuth 2.0 token based authentication

These mechanisms are declared in the authentication block in the Kafka definition for each listener. Each listener will implement the authentication mechanism defined so the client applications must authenticate with the mechanism identified.

How to activate each mechanism in the Strimzi cluster is described below.

On the other hand we need to identify in the Apicurio Registry the authentication mechanism activated in the Strimzi cluster. Apicurio Registry only allows the following authentication mechanisms:

SCRAM-SHA-512
TLS

Strimzi Authentication

Using SCRAM-SHA-512

The following Kafka definition declares a Kafka cluster secured with SCRAM-SHA-512 authentication for the secured listener (TLS):

apiVersion: kafka.strimzi.io/v1beta1
kind: Kafka
metadata:
  name: my-kafka
spec:
  kafka:
    listeners:
      tls:
        authentication:
          type: scram-sha-512

Applying this configuration will create a set of ㊙️ secrets where TLS certificates are stored. The secret we need to know to allow the secured connections is declared as my-kafka-cluster-ca-cert. We will need this value later.

The following KafkaUser definition declares a Kafka user with SCRAM-SHA-512 authentication:

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: service-registry-scram
  labels:
    strimzi.io/cluster: my-kafka
spec:
  authentication:
    type: scram-sha-512

Applying this configuration a new ㊙️ secret is created, with the same name of the user, where credentials are stored. This secret contains the generated password to authenticate to the Kafka cluster.

❯ oc get secrets
NAME TYPE DATA AGE
service-registry-scram Opaque 1 4s

Using TLS

The following Kafka definition declares a Kafka cluster secured with TLS authentication for the secured listener (TLS):

apiVersion: kafka.strimzi.io/v1beta1
kind: Kafka
metadata:
  name: my-kafka
spec:
  kafka:
    listeners:
      tls:
        authentication:
          type: tls

The following KafkaUser definition declares a Kafka user with TLS authentication:

apiVersion: kafka.strimzi.io/v1beta1
kind: KafkaUser
metadata:
  name: service-registry-tls
  labels:
    strimzi.io/cluster: my-kafka
spec:
  authentication:
    type: tls

Applying this configuration will create a ㊙️ secret, with the same name of the user, where user credentials are stored. This secret contains the valid client certificates to authenticate to the Kafka cluster.

❯ oc get secrets
NAME TYPE DATA AGE
Service-registry-tls Opaque 1 4s

Apicurio Registry Authentication

Identifying the authentication mechanism activated in the Strimzi cluster, we need to deploy the Apicurio Registry defining accordingly the ApicurioRegistry definition.

NOTE : Apicurio Registry can only connect, at the time of writing this blog, to Strimzi_tls_ listener (normally in 9093 port), whatever the authentication mechanism is activated in that listener. It means that the boostrapServers property in ApicurioRegistry must point to that listener port:

apiVersion: apicur.io/v1alpha1
kind: ApicurioRegistry
metadata:
  name: service-registry
spec:
  configuration:
    persistence: "streams"
    streams:
      bootstrapServers: "my-kafka-kafka-bootstrap:9093"

Using SCRAM-SHA-512

The following ApicurioRegistry definition declares a secured connection with a user with SCRAM-SHA-512 authentication:

apiVersion: apicur.io/v1alpha1
kind: ApicurioRegistry
metadata:
  name: service-registry
spec:
  configuration:
    persistence: "streams"
    streams:
      bootstrapServers: "my-kafka-kafka-bootstrap:9093"
      security:
        scram:
          user: service-registry-scram
          passwordSecretName: service-registry-scram
          truststoreSecretName: my-kafka-cluster-ca-cert

The values that we need to identify in this object are:

user : Name of the user to connect.
passwordSecretName : Name of the secret where the password is saved.
truststoreSecretName : Name of secret with the CA certs of the Kafka cluster deployed.

Using TLS

The following ApicurioRegistry definition declares a secured connection with a user with TLS authentication:

apiVersion: apicur.io/v1alpha1
kind: ApicurioRegistry
metadata:
  name: service-registry
spec:
  configuration:
    persistence: "streams"
    streams:
      bootstrapServers: "my-kafka-kafka-bootstrap:9093"
      security:
        tls:
          keystoreSecretName: service-registry-tls
          truststoreSecretName: my-kafka-cluster-ca-cert

The values that we need to identify in this object are:

keystoreSecretName : Name of the user secret with the client certificates.
truststoreSecretName : Name of secret with the CA certs of the Kafka cluster deployed.

🛂 Authorization

Strimzi supports authorization using SimpleACLAuthorizer globally for all listeners used for client connections. This mechanism uses Access Control Lists (ACLs) to define which users have access to which resources.

Denying is the default ACL if authorization is applied in the Kafka cluster. That requires to declare the different rules for each user that wants to operate with the Kafka cluster.

The following Kafka definition activates authorization in the Kafka cluster:

apiVersion: kafka.strimzi.io/v1beta1
kind: Kafka
metadata:
  name: my-kafka
spec:
  kafka:
    authorization:
      type: simple

ACLs are declared for each user in the KafkaUser definition in the acls section. That section includes a list of resources to declare, each of them as a new rule:

Resource Type : Identifies the type of object managed in Kafka, objects such as topics, consumer groups, cluster, transaction ids and delegation tokens.
Name of the resource : Identifies the resource where to apply the rule. It could be defined as literal, to identify one resource, or a prefix pattern, to identify a list of resources.
Operation : Which kind of operation is allowed to do. A full list of operations available for each resource type is available here.

To allow the Apicurio Registry user to work successfully with our secured Strimzi cluster we must declare the following list of rules to specify what the user is allowed to do:

Read its own consumer group.
Create, read, write and describe on global ids topic (global-id-topic).
Create, read, write and describe on storage topic (storage-topic).
Create, read, write and describe on its own local changelog topics.
Describe and write transactional ids on its own local group.
Read on consumer offset topic (__consumer_offsets).
Read on transaction state topics (__transaction_state).
Idempotently write on cluster.

ACLs will be similar to the following definition:

    acls:
      # Group Id to consume information for the different topics used by the Service Registry.
      # Name equals to metadata.name property in ApicurioRegistry object
      - resource:
          type: group
          name: service-registry
        operation: Read
      # Rules for the Global global-id-topic
      - resource:
          type: topic
          name: global-id-topic
        operation: Read
      - resource:
          type: topic
          name: global-id-topic
        operation: Describe
      - resource:
          type: topic
          name: global-id-topic
        operation: Write
      - resource:
          type: topic
          name: global-id-topic
        operation: Create
      # Rules for the Global storage-topic
      - resource:
          type: topic
          name: storage-topic
        operation: Read
      - resource:
          type: topic
          name: storage-topic
        operation: Describe
      - resource:
          type: topic
          name: storage-topic
        operation: Write
      - resource:
          type: topic
          name: storage-topic
        operation: Create
      # Rules for the local topics created by our Service Registry instance
      # Prefix value equals to metadata.name property in ApicurioRegistry object
      - resource:
          type: topic
          name: service-registry-
          patternType: prefix
        operation: Read
      - resource:
          type: topic
          name: service-registry-
          patternType: prefix
        operation: Describe
      - resource:
          type: topic
          name: service-registry-
          patternType: prefix
        operation: Write
      - resource:
          type: topic
          name: service-registry-
          patternType: prefix
        operation: Create
      # Rules for the local transactionalsIds created by our Service Registry instance
      # Prefix equals to metadata.name property in ApicurioRegistry object
      - resource:
          type: transactionalId
          name: service-registry-
          patternType: prefix
        operation: Describe
      - resource:
          type: transactionalId
          name: service-registry-
          patternType: prefix
        operation: Write
      # Rules for internal Apache Kafka topics
      - resource:
          type: topic
          name: __consumer_offsets
        operation: Read
      - resource:
          type: topic
          name: __transaction_state
        operation: Read
      # Rules for Cluster objects
      - resource:
          type: cluster
        operation: IdempotentWrite

Activating authorization in Strimzi has no effect in the ApicurioRegistry definition, because this is only related to the correct ACL definitions in KafkaUser objects.

📑 Summary

Apicurio Registry includes the security capabilities to connect to secure Strimzi clusters, so your production environment could complain about your security requirements easily. This blog post demonstrates that these technical components in your event-driven architecture are concerned with security requirements and allow you to apply successfully.

To deeper understand and analysis, please, refer to the following references:

Enjoying API eventing 😃!!!

containers - The GNOME Shell Extension to manage podman containers

Jose Roman Martin Gil — Sun, 25 Oct 2020 08:00:00 +0000

In my daily I usually start linux containers with podman to have easily and quickly tools; such as databases, brokers or systems. This method allow me to avoid to install locally and administrate them locally.

To manage these linux containers I have usually local scripts with the arguments, parameters and set up to my use cases (I forget very easily the commands … yes, I know! the history command could help me but I am lazy 😁). These scripts include the typical options to start, stop, delete and so on. For many of my colleagues use these kind of commands are very common, however for me it is a little tedious and bored 😒 so to have a graphical tool will be great and better for me 😋.

So here is when I found a great tool to integrate with my Fedora laptop …

containers - the GNOME shell extension to the rescue 🚑

Containers is a gnome-shell extension to manage linux containers, run by podman. A simple menu allows us to execute the most typical actions 📋, such as:

start
stop
remove
pause
restart
top resources: opens the top command output 📈 (user,cpu,elapsed,time,command) in a new terminal.
shell: opens a shell in a new terminal 💻.
stats: open statistics 📈 (cpu,memory,networking,io) in a new terminal with updating live.
logs: following logs in a new terminal 📄.

The menu also showed most of the inspect info ℹ️ of the container, such as:

status: running, stopped, exited, …
id
image
command
Created time
Started time
IP address
ports

A sample screenshot 📷 of this amazing tool is similar to:

Managing containers

The extension manages the current pods created in your local environment, basically from podman ps -a command. So the first time to add containers you must to start them with the right arguments and setup for your use case.

For example to start a local MongoDB instance, the command could be similar to:

❯ podman run -d -p 27017:27017 --name mongodb mongo
649cc435939a66537e11686c8d400c83250de5314b6735a8ade2a00a0a49b8b2

Or to start a local MariaDB instance could be similar to:

❯ podman run -d -p 3306:3306 -e MYSQL_ROOT_PASSWORD=mypass --name mariadb mariadb:latest
744cfc9b4013f4f0db111aa96dd1ae4cf53bbd85f920c19470bef857b0836846

👉 Note: The -d argument starts detached the pod from the terminal (similar to execute in background).

These commands will start two new pods as we could check with:

❯ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
744cfc9b4013 docker.io/library/mariadb:latest mysqld 28 seconds ago Up 28 seconds ago 0.0.0.0:3306->3306/tcp mariadb
649cc435939a docker.io/library/mongo:latest mongod 40 minutes ago Up 40 minutes ago 0.0.0.0:27017->27017/tcp mongodb

These pods will be showed in the shell-menu as:

Managing pods

podman-compose allows to start pods (a group of containers as an unit), very useful when you have to compose a set of containers in one place.

For example, the following docker-compose-kafka.yml file describes a pod definition to start an Apache Kafka topology instance (zookeeper + broker):

version: '3'

services:
  zookeeper:
    image: strimzi/kafka:0.20.0-kafka-2.5.0
    command: [
      "sh", "-c",
      "bin/zookeeper-server-start.sh config/zookeeper.properties"
    ]
    ports:
      - "2181:2181"
    environment:
      LOG_DIR: /tmp/logs

  kafka:
    image: strimzi/kafka:0.20.0-kafka-2.5.0
    command: [
      "sh", "-c",
      "bin/kafka-server-start.sh config/server.properties --override listeners=PLAINTEXT://0.0.0.0:9092 --override advertised.listeners=PLAINTEXT://localhost:9092 --override zookeeper.connect=zookeeper:2181"
    ]
    depends_on:
      - zookeeper
    ports:
      - "9092:9092"
    environment:
      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092
      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
      LOG_DIR: /tmp/logs

To start up this pod, we could use the following command:

❯ podman-compose -f docker-compose-kafka.yml -t 1podfw -p kafka up -d
podman pod create --name=kafka --share net -p 2181:2181 -p 9092:9092
e21fb80e3e5ce6f156253277b14fbb66b013afdcae9fec468c42c6afde3a6668
0
podman run --name=kafka_zookeeper_1 -d --pod=kafka --label io.podman.compose.config-hash=123 --label io.podman.compose.project=kafka --label io.podman.compose.version=0.0.1 --label com.docker.compose.container-number=1 --label com.docker.compose.service=zookeeper -e LOG_DIR=/tmp/logs --add-host zookeeper:127.0.0.1 --add-host kafka_zookeeper_1:127.0.0.1 --add-host kafka:127.0.0.1 --add-host kafka_kafka_1:127.0.0.1 strimzi/kafka:0.20.0-kafka-2.5.0 sh -c bin/zookeeper-server-start.sh config/zookeeper.properties
c6eba2decd63be4f28366546c96e00842d84442b48fdcc97a691a058cccd46dd
0
podman run --name=kafka_kafka_1 -d --pod=kafka --label io.podman.compose.config-hash=123 --label io.podman.compose.project=kafka --label io.podman.compose.version=0.0.1 --label com.docker.compose.container-number=1 --label com.docker.compose.service=kafka -e KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092 -e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://localhost:9092 -e KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 -e LOG_DIR=/tmp/logs --add-host zookeeper:127.0.0.1 --add-host kafka_zookeeper_1:127.0.0.1 --add-host kafka:127.0.0.1 --add-host kafka_kafka_1:127.0.0.1 strimzi/kafka:0.20.0-kafka-2.5.0 sh -c bin/kafka-server-start.sh config/server.properties --override listeners=PLAINTEXT://0.0.0.0:9092 --override advertised.listeners=PLAINTEXT://localhost:9092 --override zookeeper.connect=zookeeper:2181
87a8e215f0ccf48a5e976444b5d4e7650879a4ab9e4a4c0ce5a88138e7eb99fe
0

Now you have an Apache Kafka pod instance up and running 💪.

Summary

This amazing GNOME shell extension will help you to manage easily your local linux containers, and since I started to use it … I feel more productive 😆.

Enjoy it!

References

Blue / Green deployments in OpenShift with Eclipse JKube

Jose Roman Martin Gil — Fri, 23 Oct 2020 08:00:00 +0000

Blue Green Deployment is an application release model very well-known that gradually transfers user traffic from a previous version of an application or microservice to a nearly identical new release—both of which are running in production.

The old version of the application or microservice is identified with a color (e.g: Blue) while the new version is identified with the other color (e.g: Green). This model allows to manage the production traffic from one color (old version) to the other (new version), and the old version can standby in case of rollback or pulled from production and updated to become the template upon which the next update is made 💫.

This model requires a Continuous Deployment model or pipeline 📨 to orchestrate the promotion between each color and manage the down times or rolling process. CD pipelines could be implemented using the capabilities provided by Eclipse JKube 🎇💡.

Eclipse JKube is a collection of plugins that are used for building container images using Docker, JIB or S2I build strategies. In addition, Eclipse JKube generates and deploys Kubernetes/OpenShift manifests (YAML configuration files) at compile time too.

This article describes an approach to integrate a Blue/Greendeployment with Eclipse JKube. This approach is based inMaven Profilesand filtering resources. Of course, this is only an integration sample and it is open to have other approaches. For example, I would like to dig into the Eclipse JKube Profiles as other approach 👍. However, feel free to add your ideas, comments or suggestions 💘.

Identifying Blue / Green Version

Every time we want to deploy a new version it is needed to identify the right color to be used to deploy it. This process should be done in the CD pipeline before to deploy our next application version.

For example we could use a variable called app.bg.version in the pom.xml file. To declare each version a Maven Profile could help us. This variable will be used to filter some resources at deployment time.

Sample Maven profile for Blue Deployment:

<profile>
    <id>blue</id>
    <properties>
        <app.bg.version>blue</app.bg.version>
    </properties>
</profile>

Sample Maven profile for Green Deployment:

<profile>
    <id>green</id>
    <properties>
        <app.bg.version>green</app.bg.version>
    </properties>
</profile>

This value could also be used to define the version of the image built. A sample of that could be using the jkube.generator.name property in the pom.xml file as:

<jkube.generator.name>${project.artifactId}-${app.bg.version}:${project.version}</jkube.generator.name>

Defining Blue/Green Objects

Each Blue and Green version should use its own resources at deployment time to avoid replace or redeploy the other deployment. To do that we would useEclipse JKube resource fragmentsto declare specific definitions of some Kubernetes or OpenShift objects.

In our case we will declare a custom deployment object creating a deployment.yml file in the jkube folder. This custom deployment will override some properties to use the active version at deployment time.

A sample of this file could be similar to:

metadata:
  name: ${project.artifactId}-${app.bg.version}
  labels:
    group: ${project.groupId}
    project: ${project.artifactId}
    version: ${project.version}-${app.bg.version}
    provider: jkube
spec:
  template:
    spec:
      containers:
        - env:
          - name: APP_BG_VERSION
            value: ${app.bg.version}

To access the version deployed a service is needed to map it. This service should be aligned with the right version. A service.yml file in the jkube folder similar to the next one could be similar to:

metadata:
  name: ${project.artifactId}-${app.bg.version}
  labels:
    group: ${project.groupId}
    project: ${project.artifactId}
    version: ${project.version}-${app.bg.version}
    provider: jkube
    expose: "true"
spec:
  selector:
    deploymentconfig: ${project.artifactId}-${app.bg.version}

Deploying the Blue Version

Now, we could deploy the Blue version easily using the Maven Profile. For example, using the OpenShift Maven Plugin the command will be similar to:

❯ mvn clean package oc:resource oc:build oc:apply -Pblue

Deploying the Green Version

On the other hand, we could deploy the Green version easily using the Maven Profile. For example, using the OpenShift Maven Pluginthe command will be similar to:

❯ mvn clean package oc:resource oc:build oc:apply -Pgreen

Blue/Green Resources Deployed

This process generates the following objects:

Image Streams 📷 for each version:

❯ oc get is
NAME IMAGE REPOSITORY TAGS UPDATED
kafka-clients-quarkus-sample-blue default-route-openshift-image-registry.apps-crc.testing/amq-streams-demo/kafka-clients-quarkus-sample-blue 1.0.0-SNAPSHOT,1.2.0-SNAPSHOT 38 hours ago
kafka-clients-quarkus-sample-green default-route-openshift-image-registry.apps-crc.testing/amq-streams-demo/kafka-clients-quarkus-sample-green 1.1.0-SNAPSHOT,1.3.0-SNAPSHOT 38 hours ago

Build Config 👷 for each version:

❯ oc get bc
NAME TYPE FROM LATEST
kafka-clients-quarkus-sample-blue-s2i Source Binary 4
kafka-clients-quarkus-sample-green-s2i Source Binary 2

Deployments ✨ for each version:

❯ oc get dc
NAME REVISION DESIRED CURRENT TRIGGERED BY
kafka-clients-quarkus-sample-blue 7 1 1 config,image(kafka-clients-quarkus-sample-blue:1.0.0-SNAPSHOT)
kafka-clients-quarkus-sample-green 5 1 1 config,image(kafka-clients-quarkus-sample-green:1.1.0-SNAPSHOT)

Services 👀 for each version:

❯ oc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kafka-clients-quarkus-sample-blue ClusterIP 172.25.180.88 <none> 8181/TCP 38h
kafka-clients-quarkus-sample-green ClusterIP 172.25.87.170 <none> 8181/TCP 38h

Thanks of all these objects we could manage both versions at the same time, and in combination with a CD pipeline and other resources could manage the traffic to activate the right version (Blue or Green) to the final users.

For example, we could have an OpenShift route to balance the application between each versions. That route could be similar to:

kind: Route
apiVersion: route.openshift.io/v1
metadata:
  name: kafka-clients-quarkus-sample-lb
  labels:
    app: kafka-clients-quarkus-sample
spec:
  to:
    kind: Service
    name: kafka-clients-quarkus-sample-blue
    weight: 100

Rolling from Blue to Green

To roll from Blue to Green version it is only to path the load balancer route (in the case of OpenShift) as:

❯ oc patch route kafka-clients-quarkus-sample-lb --type=merge -p '{"spec": {"to": {"name": "kafka-clients-quarkus-sample-green"}}}'

Rolling from Green to Blue

To roll from Green to Blue version it is only to path the load balancer route (in the case of OpenShift) as:

❯ oc patch route kafka-clients-quarkus-sample-lb --type=merge -p '{"spec": {"to": {"name": "kafka-clients-quarkus-sample-blue"}}}'

Show me the code

If you want to test and verify this approach, I developed a sample case in one of my favoriteGitHub repo. This repo includes amazing frameworks as Quarkus, Schemas Avroand Apache Kafka in a small Event-Driven Architecture.

Enjoy it! 💪

References

New Minishift Cheat Sheet!

Jose Roman Martin Gil — Mon, 05 Oct 2020 07:00:00 +0000

Is OpenShift 3 “legacy” 👵 👴? Maybe, however in some organizations is already the current Platform as a Service deployed and running in production.

From time to time I have to work on that platform, reviewing deployments, architectures, or designing migration approaches to OpenShift 4 using operators. Whatever it is the cause, I need to run locally an OpenShift 3 cluster, and hereminishift helps me a lot … so:

🎉 I am pleasure to announce that a new Cheat Sheet is available 🎉

Minishift Cheat Sheet

I hope this new cheat sheet helps you when you need to install, deploy and operate your own local OpenShift 3 cluster.

My full list of Cheat Sheets are available for your records here. As usual, comments, ideas, PRs are welcomed!

Happy reading !!! 📚