DEV Community: Sayed Naweed Rizvi

Run VMs alongside Containers in a Kubernetes Custer with KubeVirt

Sayed Naweed Rizvi — Tue, 29 Jul 2025 09:29:42 +0000

As containers continue to dominate modern application deployment models, many organizations still rely heavily on virtual machines (VMs) for legacy workloads, specialized environments, or complex system-level applications. Instead of choosing between the two, what if we could run both—VMs and containers—side by side within a single Kubernetes cluster?

That's exactly what KubeVirt enables.

What Is KubeVirt?

KubeVirt is an open-source project that extends Kubernetes to manage not only containers but also virtual machines. It treats VMs as first-class citizens in the Kubernetes ecosystem by abstracting VMs into custom resources and scheduling them using Kubernetes-native workflows.

Simply put: KubeVirt lets you run VMs like containers, but without sacrificing the advantages of virtualization.

Why Would You Run VMs in Kubernetes?

You might ask: “Isn’t Kubernetes meant for cloud-native, containerized apps?” Yes. But many enterprises face these challenges:

Legacy workloads that can’t be containerized easily.
Specialized software requiring full OS-level control.
Gradual migration where some components are containerized, and others are not.
Hybrid cloud strategies with mixed workloads.
Dev/Test environments needing VM support alongside microservices.

How Does KubeVirt Work?

KubeVirt introduces a new CRD (Custom Resource Definition) called VirtualMachineInstance (VMI). When you define a VM using a YAML manifest, KubeVirt:

Uses libvirt and QEMU to create the VM.
Schedules it on a Kubernetes node using the usual scheduler.
Runs the VM inside a container (usually inside a pod with special privileges).
Exposes networking and storage through standard Kubernetes mechanisms (e.g., Services, PVCs).

Example: Spinning Up a VM Using KubeVirt

Here's a simple manifest to launch a VM inside Kubernetes:

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: ubuntu-vm
spec:
  running: true
  template:
    metadata:
      labels:
        kubevirt.io/domain: ubuntu-vm
    spec:
      domain:
        devices:
          disks:
          - disk:
              bus: virtio
            name: containerdisk
        resources:
          requests:
            memory: 1Gi
      volumes:
      - name: containerdisk
        containerDisk:
          image: kubevirt/ubuntu-cloud-container-disk-demo

This creates a lightweight Ubuntu VM managed like any Kubernetes workload.

Benefits of Using KubeVirt

Unified Platform: Manage both VMs and containers using the same tooling, policies, and CI/CD pipelines.
Reduced Operational Overhead: No need to maintain separate systems like OpenStack or VMware for VMs.
Kubernetes-native APIs: Developers interact with VMs just like any Kubernetes object (via kubectl).
Elasticity: Leverage Kubernetes autoscaling and scheduling for VMs too.
Enhanced Security and Multi-tenancy: Apply Kubernetes-native RBAC, NetworkPolicies, and isolation models to VMs.
Dev/Test Use Cases: Great for developers needing full VMs for OS-level testing or legacy software.

Real-World Use Cases

Use Case	Description
Legacy Modernization	Slowly migrate VMs to containers in the same platform.
Secure Sandboxing	Run apps in full OS environments for added isolation.
Dev/Test Labs	Launch VMs on demand for testing operating systems, agents, etc.
Mixed Workloads	Run microservices and monoliths side-by-side.
Edge Computing	Use lightweight Kubernetes nodes to host both VMs and containers at the edge.

Challenges & Considerations

Performance Overhead: VMs don’t have the same lightweight performance as containers.
Security Boundaries: Running VMs inside pods introduces complexity in isolation.
Persistent Storage: Proper planning required for VM disks and stateful workloads.
Networking: Integrating VMs with container networking (CNI plugins) requires some setup.

Hey, if you have read thus far.
I work in the Cloud & DevOps space, often exploring the intersections of emerging tools and infrastructure patterns. If you're into cloud-native tech, platform engineering, or DevOps transformations—feel free to follow me here for more hands-on insights and real-world discussions.

Learning Dependency Injection in PHP Was a Game Changer. Here's Why

Sayed Naweed Rizvi — Thu, 03 Jul 2025 13:01:20 +0000

Back in around 2013, I was neck-deep in a project where we had to upgrade a legacy PHP application built on Zend Framework. It was a mix of old-school PHP, some custom abstractions, and a whole lot of things just glued together to work.

At the time, I had heard about Dependency Injection (DI) in passing — mostly in conversations but during this upgrade, DI went from a buzzword to something I couldn’t live without.

What We Started With

The legacy codebase followed a pretty procedural approach. Controllers would instantiate models, helpers, and services directly — like this:

class ReportController extends Zend_Controller_Action {
    public function generateAction() {
        $db = new Database();
        $user = $db->getUser($this->_getParam('user_id'));

        $mailer = new Mailer();
        $mailer->send($user->email, "Your report is ready");

        echo "Report generated.";
    }
}

Everything was tightly coupled. There was no way to replace the Mailer or Database without modifying the controller directly.

When we began upgrading to Zend Framework 2, it came with a proper ServiceManager — Zend’s way of introducing Dependency Injection Containers. That’s where things clicked for me.

My First Real Refactor

Instead of hardcoding dependencies, we started defining services in the module.config.php like this:

'service_manager' => [
    'factories' => [
        Mailer::class => MailerFactory::class,
        ReportService::class => ReportServiceFactory::class,
    ],
],

And in the ReportServiceFactory:

class ReportServiceFactory implements FactoryInterface {
    public function __invoke(ContainerInterface $container, $requestedName, array $options = null) {
        $db = $container->get(Database::class);
        $mailer = $container->get(Mailer::class);
        return new ReportService($db, $mailer);
    }
}

Now, ReportService just looked like this:

class ReportService {
    protected $db;
    protected $mailer;

    public function __construct(Database $db, Mailer $mailer) {
        $this->db = $db;
        $this->mailer = $mailer;
    }

    public function generate($userId) {
        $user = $this->db->getUser($userId);
        $this->mailer->send($user->email, "Report ready.");
    }
}

Why This Changed How I Write Code

Looking back, this was an important lesson I learned as a PHP developer. Here's why:

✅ It Made Testing Feasible

Before, testing ReportService meant spinning up a DB and suppressing email sending. Now, I could inject mocks and focus purely on logic:

$mockDb = new MockDatabase();
$mockMailer = new SpyMailer();

$service = new ReportService($mockDb, $mockMailer);
$service->generate(101);

No real database. No real emails. Just clean, fast unit tests.

✅ It Forced Better Design

I started thinking in interfaces instead of concrete classes. When you pass dependencies in, you start asking: “What should this class really depend on?” That naturally pushed me toward Single Responsibility Principle and cleaner separation of concerns.

✅ It Simplified Maintenance

When a new requirement came in — say, queue emails instead of sending them instantly — I didn’t have to touch ReportService. I just changed the binding in the factory:

$container->set(Mailer::class, QueueMailer::class);

Zero changes to business logic. That felt like magic.

Dependency Injection Isn’t a Framework Feature — It’s a Design Choice

I used to think DI was something Laravel or Symfony gave you. But in reality, it’s a principle: don’t create your dependencies; accept them from the outside.

Zend just gave me the tools to see what was possible — and once I got it, I started applying the same approach even in plain PHP projects.

Final Thoughts

That Zend upgrade taught me more about architecture, at the time, we were just trying to get the app to a newer version — but what I walked away with was a deeper appreciation for how good architecture enables flexibility, testability, and long-term maintainability.

Making Sense of Cloud Costs with the FOCUS Framework

Sayed Naweed Rizvi — Thu, 26 Jun 2025 04:39:05 +0000

Why the FOCUS Framework Matters in Real-World FinOps

When you’ve worked with cloud bills for long enough, a few truths become obvious.

Every cloud provider structures data differently
Normalizing cost and usage data across teams is a pain
Building dashboards is easy — making them reliable and actionable is not

That’s where the FOCUS Framework steps in.

What Is the FOCUS Framework?

FOCUS stands for FinOps Open Cost and Usage Specification. It's a standard schema for representing cloud cost and usage data — regardless of provider.

Think of it as a common language for cloud billing data, whether you’re using AWS, Azure, GCP, or all three. It’s open, extensible, and vendor-neutral — built by practitioners through the FinOps Foundation.

Why It Matters?

Cloud cost optimization often breaks down not because of tools, but because of inconsistent data.

Here’s what usually happens in practice:

Finance gets raw billing data in different formats
Engineering builds cost dashboards off inconsistent or incomplete tagging
Leadership wants a clean view of business unit or product-level cost
Everyone spends hours aligning spreadsheets — not solving the real issue

With FOCUS, you start from a standardized foundation — meaning:

One data structure to query across clouds
Simplified onboarding of new business units or teams
Easier integration with BI tools, cost platforms, or internal reporting systems

Use Cases

Multi-Cloud Reporting
If your org is using more than one cloud provider, you’ve probably written glue code to make their billing data look “sort of” the same. With FOCUS, you define one schema and load every provider’s data into it. Reporting becomes provider-agnostic.
Business Unit Showback
Finance teams need to allocate cloud spend by department, project, or BU. If tagging or account hierarchies vary across cloud providers, FOCUS helps normalize the key dimensions — so you can reliably report and drive accountability.
Benchmarking and KPIs
Want to track cost per environment (dev/test/prod) or cost per user? FOCUS provides standard dimensions like environment, resource_type, and product_family — making it easier to define and compare key metrics over time.
Feeding FinOps Tools or Internal Platforms
Whether you're using a commercial FinOps platform or an in-house data warehouse, FOCUS can serve as the source of truth. Many vendors are already adopting it as a supported input format — making future integrations easier.

Getting Started

Adopting FOCUS doesn't mean throwing out everything you have.
Most teams start by:

Mapping their existing cost data (e.g., CUR, Azure Usage, GCP Billing Export) to FOCUS
Building a transformation layer (ETL or dbt, for example) to load it into a FOCUS-compliant model
Validating key metrics (e.g., total spend, daily cost by project) to ensure parity
Slowly moving downstream dashboards and reports to use the FOCUS model

If you’re using BigQuery, Snowflake, or Redshift — this is very doable with the open schema and transformation templates the community provides.

Final Thoughts

FOCUS isn’t a silver bullet. It won’t tag your resources or fix broken cost allocations on its own. But it does give your team a clean, consistent foundation — and that’s something most FinOps programs are sorely missing.

As cloud adoption grows and multi-cloud becomes the norm, standards like FOCUS are how we keep FinOps practices scalable and measurable.

If you’re serious about moving beyond cloud cost monitoring to true cloud accountability, FOCUS is worth looking into.

LocalStack: Simulating AWS Locally for Faster Development and Testing

Sayed Naweed Rizvi — Mon, 26 May 2025 04:38:51 +0000

Working with AWS is powerful, but developing and testing cloud-native applications can be time-consuming, expensive, and error-prone — especially when you're deploying frequently just to test small changes.

That’s where LocalStack comes in.

LocalStack lets you run a fully functional local AWS cloud stack. It simulates key AWS services on your machine so you can prototype, build, and test against real APIs — without ever hitting the cloud.

This blog walks you through what LocalStack is, when to use it, how to get started, and a few real-world scenarios where it can save time and cost.

What is LocalStack?

LocalStack is an open-source tool that emulates a wide range of AWS services locally. It’s built for developers who want to avoid the friction of deploying to AWS just to verify whether something works.

It supports services like:

S3
DynamoDB
Lambda
API Gateway
SQS
SNS
CloudWatch (limited)
And many more

You can run it using Docker and interact with it using the AWS CLI or SDKs just like you would with the real AWS environment.

Why Use LocalStack?

1. Faster Feedback Loop

No need to wait for cloud provisioning. You can deploy, test, and debug in seconds.

2. Offline Development

Perfect for working in environments with limited or no internet access.

3. Cost Efficiency

Running AWS services locally during development avoids incurring unnecessary cloud bills.

4. Safe Testing

You can simulate failure scenarios and edge cases without impacting real infrastructure.

Getting Started with LocalStack

Step 1: Install Docker

LocalStack runs in a Docker container, so you need Docker installed and running.

Step 2: Pull and Run LocalStack

docker pull localstack/localstack
docker run -d -p 4566:4566 -p 4571:4571 localstack/localstack

Step 3: Set Up Your AWS CLI

Configure your AWS CLI to point to LocalStack:

aws configure

Use dummy credentials (LocalStack doesn't verify them):

AWS Access Key ID [None]: test
AWS Secret Access Key [None]: test
Default region name [None]: us-east-1

Then set the endpoint URL when calling services:

aws --endpoint-url=http://localhost:4566 s3 mb s3://my-test-bucket

Sample Use Case: Testing S3 Uploads

Let’s say you have an app that uploads files to S3. You can simulate that like this:

# Create a bucket
aws --endpoint-url=http://localhost:4566 s3 mb s3://demo-bucket

# Upload a file
aws --endpoint-url=http://localhost:4566 s3 cp sample.txt s3://demo-bucket/

# List contents
aws --endpoint-url=http://localhost:4566 s3 ls s3://demo-bucket/

This gives you the exact same experience as AWS, without using real cloud storage.

What LocalStack Can’t Do (Yet)

While LocalStack is incredibly powerful, it’s not a 100% replacement for AWS:

Not all AWS services are fully supported
Some advanced features (like IAM roles, VPC configurations) are limited
Behavior may differ slightly from production under certain edge cases

Use it for development and early testing, but always validate final behavior in real AWS environments.

Conclusion

LocalStack fills a much-needed gap in cloud-native development. If you’re building apps that use AWS services, adding LocalStack to your workflow can significantly improve your speed, confidence, and local testing experience.

It’s not a replacement for real-world staging environments, but it’s a solid step toward more efficient and cost-effective development.

Try out setting up S3 bucket on LocalStack now, it's easy 👇

Sayed Naweed Rizvi

Jun 11 '22

Setup AWS S3 bucket locally with LocalStack

#localstack #aws #s3 #terraform

Comments 1

2 min read

What Is the Purpose of main() in Java?

Sayed Naweed Rizvi — Wed, 14 May 2025 17:39:49 +0000

When you're first introduced to Java, one of the first things you’ll write is:

public class HelloWorld {
    public static void main(String[] args) {
        System.out.println("Hello, world!");
    }
}

It works, it prints something, and you're told that main() is the "entry point" of your application.

But why is main() the method that Java looks for? Why does it have to be public static void main(String[] args) and not anything else?

Let's take a look through a practical lens.

Java Needs a Starting Point

Every program needs an entry point — a location where execution begins. In Java, this role is filled by the main() method.
When you run a Java application using: java HelloWorld
the Java Virtual Machine (JVM) looks for a method that matches this exact signature:

public static void main(String[] args)

Here’s why each part matters:

public– The JVM must be able to call this method from outside the class. If it were private or protected, the JVM wouldn’t have access.

static – The JVM doesn’t create an object of your class to call main(). That would be inefficient and unnecessary just to start execution. So main() needs to be static to be callable without instantiating the class.

void– The JVM doesn’t expect any return value. It’s not waiting for output from main(), just looking to execute your logic.

String[] args– This allows users to pass command-line arguments. You can run your Java app with java MyApp arg1 arg2, and those arguments land in this array.

What Happens If You Change the Signature?

Let’s say you try to change the signature slightly:

public static int main(String[] args)  // Won’t work

The JVM won’t recognize it as a valid entry point and throws an error, it’s not what the JVM is looking for.

This strict contract is defined in the Java Language Specification. It's what allows the JVM to find your code and start running it.

Real-World Use Cases of main()

Most real-world Java applications don't live their entire life inside the main() method. But main() is still the launching pad. For example:

Spring Boot apps often have a main() method that calls SpringApplication.run() to bootstrap the framework.

public static void main(String[] args) {
    SpringApplication.run(MyApp.class, args);
}

Command-line tools written in Java also rely on main() to accept input arguments and run logic accordingly.
Testing frameworks or build tools like JUnit or Maven don’t use main() in the same way, because they are run by other tools, not as standalone applications. But even then, somewhere under the hood, a main() is used to launch the process.

Can You Have More Than One main()?

No, in a single Java class, you can only have one method named main() with the exact signature:

public static void main(String[] args)
You can overload the main() method — that is, you can have other methods in the same class named main with different parameters:

public class MainOverloadExample {

    public static void main(String[] args) {
        System.out.println("Main method with String[] args");

        // You can manually call other overloaded main() methods
        main("Single String");
        main(5);
        main(new int[]{1, 2, 3});
    }

    public static void main(String arg) {
        System.out.println("Overloaded main with a single String: " + arg);
    }

    public static void main(int number) {
        System.out.println("Overloaded main with an int: " + number);
    }

    public static void main(int[] numbers) {
        System.out.print("Overloaded main with int[]: ");
        for (int n : numbers) {
            System.out.print(n + " ");
        }
        System.out.println();
    }
}

But these are not recognized by the JVM as entry points. Only the one with the exact signature — public static void main(String[] args) — is considered the application's starting point.

So practically speaking, for a class to be executable as a Java program, it must contain only one valid main() method. If you try to define more than one with the same signature, the compiler will throw an error due to duplicate method definitions.

However, across multiple classes in the same project, you can have one main() in each class — this is useful when creating utilities, demos, or testing individual components. But again, when you run the program, the JVM will only execute the main() of the class you specify.

Just published a tiny npm tool: tree-generator 🌲 Turn a text-based folder structure into real folders/files instantly. https://www.npmjs.com/package/tree-generator-cli #npm #opensource #javascript #productivitytools #devtools #nodejs

Sayed Naweed Rizvi — Thu, 10 Apr 2025 12:08:53 +0000

Var, Let , Const - Javascript basics

Sayed Naweed Rizvi — Thu, 28 Mar 2024 13:06:24 +0000

Var, let & Const are used to declare variables, objects and constants in JavaScript.

Var

Var keyword has been used for a longtime for variable declaration.
It is Function Scoped, it makes variables accessible only within the function boundary where it is declared.
Take a look at this snippet

function getX(){
    var x = 1;
}
getX();
console.log(x)

//ReferenceError: x is not defined

You can re-declare same variable in same scope with Var.

if (true){
    var x = 2;
    var x = 3;
}
console.log(x)

// 3

Let

Let was introduced in ES6ECMAScript2015.
It is Block Scoped, any code written within {} is said to be in a Block. So, that's the restriction that ECMA wanted to implement with let, making variables inaccessible outside the block.

function exampleLet() {
  if (true) {
    let y = 20;
  }
  console.log(y); // Error: y is not defined
}

Also, you cannot re-declare same variable within the same scope.

if (true){
    let x = 2;
    let x = 3;
}
// SyntaxError: Identifier 'x' has already been declared

Const

Const as the name suggests is used to declare Constants.
Declaration with consts are *Block Scoped *
Constant needs to be initialized at the time of declaration, else it throws Syntax error
Re-assigning or re-declaration is not allowed, it throws Syntax or Type Error.
Check out the snippet below

if (true){
    const x;
}
// SyntaxError: Missing initializer in const declaration

if (true){
    const x = 1;
    x = 2; // TypeError: Assignment to constant variable.
}

if (true){
    const x = 1;
    const x = 2;
} 
// SyntaxError: Identifier 'x' has already been declared

const x = 2;
if (true){
    const x = 1;
}
// Output : x = 2

Strict Mode

A feature introduced in ES5, it enforces stricter parsing and error handling.

To enable strict mode, you need to put _use strict;_ at the beginning of code or function block.

// Global variable
var globalVar = "I'm a global variable";

function baz() {
  var localVar = "I'm a local variable";
  console.log(localVar); // Accessible inside the function

  if (true) {
    let blockVar = "I'm a block-scoped variable";
    console.log(blockVar); // Accessible inside the block
  }
  // console.log(blockVar); // Error: blockVar is not defined (not accessible outside the block)
}

What are JSON Web Tokens (JWT)

Sayed Naweed Rizvi — Sun, 25 Dec 2022 13:55:56 +0000

You may be asking yourself, "What in the world is a JSON Web Token and why do I need to know about it?"

What is a JSON Web Token (JWT)

In a nutshell, JWTs are a way to securely transmit information between parties. Think of it like a digital version of a secret club password. Only the people who know the password can get in and access the information.

JWTs are means of transferring data between client & server in an API call in a secure & encrypted JSON format.

The information can be trusted since it is digitally signed, any change to data in transit would make the token invalid.

How does JWT work?

A JWT consists of 3 parts

Header
The header specifies the algorithm being used to generate the JWT.
Payload
The payload contains the claims, Claims are statements about an entity (typically, the user) and additional data.
Signature
The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

Why use them

JWTs have a few key benefits.

Self-Contained
JWTs are self-contained. This means that all of the information needed to verify the authenticity of the token is contained within the token itself. No need to check a separate database to verify the user's identity.

Stateless
JWTS are stateless. This means that the server doesn't need to keep track of the token or the user's session. This can make things a lot easier and more efficient for the server.

Platform Agnostic
JSON Web Tokens (JWTs) are a widely used industry standard for securely transmitting information between parties. As a result, there are libraries available for implementing JWTs in a variety of programming languages.

Here is a non-exhaustive list of some popular programming languages and the libraries that can be used for working with JWTs in those languages:

JavaScript: jsonwebtoken, jwt-simple, jwt-decode Python: PyJWT, python-jwt Java: java-jwt, jjwt Go: jwt-go Ruby: jwt, ruby-jwt C#: System.IdentityModel.Tokens.Jwt PHP: firebase/php-jwt Swift: JWT

This is just a small sampling of the many libraries that are available for working with JWTs in different programming languages. There are likely even more options available depending on the specific needs of your application.

It's worth noting that while there are many libraries available for working with JWTs, the core principles of how JWTs work and how they are implemented are generally the same across languages. This means that once you have a solid understanding of how JWTs work, you should be able to apply that knowledge when working with JWTs in any language.

Where are JWTs used

One common use case for JSON Web Tokens (JWTs) is for authorization purposes.
Here's an example of how JWTs might be used for authorization in a web application:

The user logs into the web application and provides their credentials (e.g. username and password).
The server verifies the user's credentials and, if they are valid, generates a JWT and sends it back to the user's browser.
The user's browser stores the JWT in a cookie or local storage.
For subsequent requests to the server, the user's browser includes the JWT in the header of the request.
The server verifies the JWT and, if it is valid, allows the request to proceed. If the JWT is invalid or has expired, the server returns an error and denies the request.

This process allows the server to verify the user's identity and authorize their actions without maintaining a session or storing information about the user on the server. This can make the application more scalable and efficient, as it reduces the amount of data the server needs to store and manage.

It's important to note that JWTs should be signed using a secure algorithm and should be stored in a secure location on the client (e.g. an HttpOnly cookie). This helps to prevent unauthorized access to the JWT and ensures that it can't be tampered with by attackers.

So, there you have it! A crash course on JSON Web Tokens.

How to do Code Review

Sayed Naweed Rizvi — Fri, 23 Dec 2022 03:12:02 +0000

Code review is an essential part of the software development process. If done properly, it will not only improve the quality of the code, but it will also reduce the chances of bugs. Besides, code reviews provide a great opportunity to learn.

There are several ways to review code effectively and productively:

Understand the context and purpose of the code: It's important to understand the overall goals and requirements of the code you are reviewing. This will help you identify potential issues and improvements more effectively.

Use a checklist: A checklist or Pull Request template can help you focus on specific aspects of the code, such as readability, security, and performance. This can help ensure that you don't miss anything important during the review process.

Collaborate with others: Sharing your code review with other team members can help ensure that multiple perspectives are considered. This can be especially helpful if the code being reviewed is complex or involves multiple subsystems.

Use tools: Tools, such as a SonarQube or a linter, can help you identify issues in the code more quickly and efficiently.

The key to an effective code review is to approach it with an open mind and a focus on continuous improvement. By following these guidelines, you can help ensure that the code you review is of high quality and meets the project's goals and requirements.

Tools for conducting reviews

There are many modern tools available for conducting code reviews. Some popular options include:

GitHub: GitHub is a popular version control system that allows developers to collaborate on code and track changes. It also includes features for conducting code reviews, including the ability to leave comments on specific lines of code and request changes.
GitLab: GitLab is another version control system that includes features for conducting code reviews. It offers tools for managing code review workflow, such as the ability to assign reviewers and set merge policies.
Reviewable: Reviewable is a code review tool that integrates with GitHub. It offers features such as inline commenting, code highlighting, and the ability to view the diff of code changes side-by-side.
Gerrit: Gerrit is an open-source code review tool that is often used in large organizations. It offers features such as inline commenting, code highlighting, and the ability to view the diff of code changes side-by-side.
Phabricator: Phabricator is an open-source code review and project management tool. It offers features such as inline commenting, code highlighting, and the ability to view the diff of code changes side-by-side.

Tools for checking code quality

There are many open-source tools available for checking code quality. Here are a few examples:

SonarQube: SonarQube is a tool for continuous code inspection that helps developers identify and fix code quality issues. It supports multiple programming languages and provides a web-based interface for reviewing and managing code quality issues.
PMD: PMD is a static code analysis tool that checks for common coding mistakes, such as unused variables or methods, and helps developers write clean, maintainable code.
FindBugs: FindBugs is a static code analysis tool that uses static analysis to look for bugs in Java code. It can detect a wide range of issues, including null pointer exceptions and infinite recursive loops.
Checkstyle: Checkstyle is a static code analysis tool that checks Java code for compliance with a set of coding standards, such as naming conventions and formatting rules.
Lint: Lint is a tool for checking code quality in a variety of programming languages, including C, C++, and Java. It can identify issues such as syntax errors and potential security vulnerabilities.

These are just a few examples of the many code review tools that are available. The right tool for your team will depend on your specific needs and preferences. It's worth noting that these tools can be used in combination to get a more comprehensive view of the code quality in a project.

Think about this

As a Software Engineer, reviewing code written by peers is part of the job. But it will be more impactful if it comes with added responsibility and accountability on the reviewer.

Reviewers should not think that their reviews are something done out of humility, they have to be made accountable for every line of code that they pass and every comment that they add.

Javascript Callback functions & Promises

Sayed Naweed Rizvi — Mon, 15 Aug 2022 16:20:00 +0000

Callback functions are known to many programming languages, with almost similar style and purpose.

What are Callback functions

In simple terms, a function passed as an argument to another function is a Callback function.

Why do we need them ?

You must be wondering, what's so special about these Callback functions, couldn't we already call one function from inside the other.

To get our answers, let's look at these 2 types of network calls.

Sync
Async

Sync Vs Async Calls

Callback functions are particularly used for handling the Async responses.

Callback Hell

Anything that can go wrong will go wrong. - Murphy's I Law

A Callback hell is a situation you might intentionally or unintentionally create to make things works, which can have few consequences.

Consider having a tree of nested setTimeout() function, In the world of programming Nesting is infamous and notorious.
Why - Well, they make code unreadable, complex, vulnerable to breaking.

Promises

Promises in JavaScript are similar to their literal meaning. It's an object through which you can associate handlers for async operations, way ahead in time, similar to a callback functions just that Promises are more clean and easy to manage.
and yes, you can avoid Callback hell with Promises.

Promises can be one of these states

pending - initial/default state
fulfilled - promise is resolved, using resolve()
rejected - promise is rejected, using reject()

Now, let's create a simple promise

const promise = new Promise((resolve, reject) => {
    if(res) {
        resolve('resolved')
    } else {
        reject('reject')
    }
})

promise.then(function(){
// On Successful response
// do whatever you feel like

})

In this example, we are creating a promise object by instantiating it with a constructor.
The constructor takes in a callback function which has handlers for resolved and rejected promises.

What happens after a Promise is resolved or rejected is decided by then().

Promise Chains

When you are working with API calls, after receiving a response you would generally want to perform another call.
so we need to create promise chains, by appending one then() after the other.

Do remember that all the resolved promises will be handled by resolve handlers and rejected promises will be handled by reject handlers.

checkout this code,

function promise() {
    const jobPromise = new Promise((resolve, reject) => {
        let selected = true; 

        setTimeout(() => {
            if (selected) {
                resolve('Passed Interview');
            } else {
                reject('Failed Interview');
            }
        }, 1000);

    })

    return jobPromise
}

promise()
    .then(decision, jobSearch)
    .then(joining, negotiate)

function decision(param){
    console.log(param)
    let accept = true;
    return new Promise ((resolve, reject) => {
        if (accept) {
            resolve('accept offer')
        } else {
            reject('reject offer')
        } 

    });

}

function jobSearch (outcome) {
    console.log(outcome)
    console.log('Back to Job Search')
    return new Promise((resolve, reject) => { reject() })
}

function negotiate () {
    console.log('negotiation starts..... ')
}
function joining (decision) {
    console.log('Revert to the Company', decision);
    console.log('Joining Company')
}

What could go wrong

If promises are handled injudiciously, an error could easily pass by unnoticed.
Make sure to return a promise in your callback handlers within then() or throw an Error, otherwise the next resolve handler in chain will be invoked and we don’t want that.

Building Microservices - Fundamentals

Sayed Naweed Rizvi — Sun, 10 Jul 2022 04:19:48 +0000

Over the years, applications have evolved from being a Monolithic Centralised deployments to Distributed Microservices.
If you are looking to transition-into or build-from-scratch a Microservice, Here some points to consider.

Functional Design

After product requirements are finalised, we start identifying working parts of the system i.e. functional components which will eventually shape up as a service.

“If I only had an hour to chop down a tree, I would spend the first 45 minutes sharpening my axe.” – Abraham Lincoln

If you have worked on Agile projects, you must have seen how requirements change from sprints to sprints specially during initial phases when product is not mature.

Now, Here are some of the task which would help in creating a solid functional design:

Identifying logical flow of the system, what are the business requirements.
Understanding User interactions with the system, is it through web/mobile interfaces or through API's.
Knowing the Data flowing IN & OUT, should help in designing the database.
Listing the input validations and business rules.
Identifying external dependencies which needs to be integrated, could be in the form of content, api, payment gateways etc.

It may seem enticing to jump into code and infrastructure asap. With half-baked functional design, its going to be challenging and unproductive to code.

Technical Design

Identifying the Services

Time to breakdown each functional component into one(ideally) or more(edge-case) smaller/independent services. Each service takes ownership of a specific functionality - Separation of Concerns.

Here's a food delivery app example, you can see how each service is catering to a specific need.

Services can communicate with each other or with external interfaces either through REST API's or Websockets, Synchronously/Asynchronously with Messaging systems like Kafka, RabbitMQ.

Quest to simplify & isolate the services shouldn't end up over-populating the system with a lot of services running - It only makes things difficult to monitor and manage.

Technology Stack - Pick & Move

With Service Oriented Architecture(SOA), we always have a choice of kind of programming language to use for each service. As far as they are able to communicate through an efficient & secure channel, it's all good.

As an example,
Python for building an analytical service which requires ML.
Java's async/multithreading for building compute intensive services like big data, video process.
Go with NodeJs for its non-blocking I/O capabilities, running multiple queries on MySQL or MongoDb at the same time keeping things simple and smooth.

Persistance

Separate database Vs Shared database - Let the debate begin

If we extrapolate the concept of loose coupling and distribution to databases, each service should end up owning a "database" which can be individually scaled.

Imagine multiple teams working on shared database, how difficult it is to keep track of every change.

Separate databases are easier to migrate, you can fine tune each depending on requirement.

Also you get Polyglot Persistence, a fancy term to choose a desired database as per requirement.
For example:
For unstructured data -> NoSQL.
For co-related & structured dataset -> RDBMS
For TextSearch -> ElasticSearch

Messaging

So now we have multiple services running separately, the question is how will they communicate with each other or with an external interfaces.

Service communication can broadly divided in to

Synchronous - real time
Asynchronous - not expecting immediate response

Synchronous (Sync)
Happens in real time, client sends the request and waits for response. HTTP request/response is a good example of Sync messaging, when you send a http request you are waiting for a response (200,404,400,500). If the response takes time, the client is blocked and eventually timeouts.

They say Sync is an Anti-Pattern, communicating parties need to be aware of eachother - What do you think, reply in the comment.

Asynchronous (Async)
With Async, communicating parties don't have to wait for server response and transactions to complete. If a service is unavailable, messages will be delivered when the services are up and running with help of Message Brokers who receive, store, route and deliver messages between different services.

Apache Kafka & RabbitMQ which have been quite popular Message Brokers .

CI/CD Workflow

The great Mono vs Multi Repo debate

When we are designing microservices, we should be thinking holistically. The loose coupling should we visible in almost all areas from coding to deployment.
Each service should be hosted in repository of its own and should be deployed through an isolated CI/CD pipeline which can be easily triggered from another upstream pipeline.

Monitoring - Do we need to discuss it

Ah, a pain area for microservices. Monolithic systems are better off, as they are tightly coupled & more constrained. If anything goes wrong, it's easier to find and fix.

With Microservices, you never know what would go wrong and where. Lots of small parts, things are distributed, log needs to be read from multiple places.

So, We should be investing in a Centralised logging framework such as ELK stack (Elasticsearch-Logstash-Kibana) which can fetch logs from different services, accumulate it and you can view & analyse them at will.

Summary
We are building a system which can be developed, deployed and tested atomically. Each part is as loosely coupled as possible.

If you are in a dilemma - Should you go for it now, look months or years down the line.

Be careful of choice overload : There are tons of design pattern, choice of programming language, what cloud services to got with and so on. The key is to leverage as much as you can - keep cost & timeline low.

Setting up communication between GitLab Runner and Deployment Server with SSH

Sayed Naweed Rizvi — Wed, 06 Jul 2022 11:33:16 +0000

If you are setting up gitlab-ci pipeline, you will need to establish a secure connection between the runner machine and server where you are going to deploy.
Here's a quick and easy way to do it.

Prerequisite

Gitlab CI Pipeline
OpenSSH client & server installed on runner and deployment server.

SSH (Secure Shell) protocol uses public-key cryptography to authenticate Client machine with a remote Server machine on a network.

Let's get started, we will first create SSH key-pair.

What is ssh-keygen & How to Use It to Generate a New SSH Key?

Ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on..

ssh.com

I have created these keys for illustration on linux, SSH key paths may differ based on your OS.

Private key (~/.ssh/id_rsa)

Public key (~/.ssh/id_rsa.pub)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCAD0ZKDVKEyqPd+N+7N1O/fPjDYAHa8xL24ADRHegqurUa8cTLtCQX82ysu6uxqfVyOMY3YGOh2HCH8S+jB6GTuSY1tIsYaU46d5H9w7YXAr/MMWRJL9wkUoU7bB/I8vK3eTVHsC72ufYhohQVXDY6+ZoG3Bsxyxy7SDbJqVBqXw==

What Next, Where do we store these keys ?
The SSH keys created above will be stored in the following locations to enable an encrypted and authenticated session between Gitlab Runner & the deployment Server.

1. Gitlab CI Environment Variables

docs.gitlab.com

Store both private & public key by giving them a name (SSH_PRIVATE_KEY/SSH_PUBLIC_KEY), you can store the keys at the group level and inherit it in your project by selecting from the Environment Scope dropdown.

2. Gitlab Runner Machine (SSH folder)
The private & public keys should be stored in the Gitlab Runner machine’s [~/.ssh ]folder. To do that, you need to add following bash commands in your projects .gitlab-ci.yml file.

$SSH_PRIVATE_KEY & $SSH_PUBLIC_KEY are variables which we created in the step above.

Replace gitlab.local.net with url where you have hosted your Gitlab.

before_script:
  - eval $(ssh-agent -s)
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  - echo -e "Host *\n\tStrictHostKeyChecking no\n" > ~/.ssh/config;
  - cat "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
  - cat "$SSH_PUBLIC_KEY" | tr -d '\r' > ~/.ssh/id_rsa.pub
  - chmod 600 ~/.ssh/id_rsa;
  - chmod 764 ~/.ssh/id_rsa.pub;
  - ssh-keyscan -H gitlab.local.net >> ~/.ssh/known_hosts

3. Create authorized_keys on the Server
On the server where you will be deploying your application, create a authorized_keys file inside ~/.ssh.

Now, You would either be running your application on a Physical Server (nostalgic) or a VM — Virtual Machine (still there) or a Container (there you are).
Then, Copy and paste the public key to the end of authorized_keysfile

~/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCAD0ZKDVKEyqPd+N+7N1O/fPjDYAHa8xL24ADRHegqurUa8cTLtCQX82ysu6uxqfVyOMY3YGOh2HCH8S+jB6GTuSY1tIsYaU46d5H9w7YXAr/MMWRJL9wkUoU7bB/I8vK3eTVHsC72ufYhohQVXDY6+ZoG3Bsxyxy7SDbJqVBqXw==

Please note that you can append as many public keys as you want here, depending on the connections you wish to establish.

With that final step, you have successfully setup an encrypted communication channel between Gitlab Runner and the server on which you will be deploying your application.

Do keep in mind
You need to be very careful with SSH keys, set the right permissions and ownership.

Thank You !!