A Java Geek weekly 89

Offering my blog to new authors

I’d like to offer the platform to them. I believe it can be a good opportunity for first-time (or second-time) writers. Compared to regular content aggregators, the main benefit is that your content won’t be drowned among the rest and will be featured for an entire week. As for my regular blog posts, I’ll also spread the word about guest authors'. In fact, there will be no difference between my posts and others.

So far, only Stefano Fago responded. He already has written a couple of posts.

How we decreased GitLab repo backup times from 48 hours to 41 minutes

>To resolve this performance issue, we contributed an upstream fix to Git that replaces the nested loops with a map data structure.

The problem was in Git; the GitLab team fixed Git. Nice.

Flame graphs for the win!

image1

Kogaro: Stop Kubernetes Silent Failures

The operational intelligence system that catches configuration issues before they cause outages. While other tools generate compliance noise, Kogaro delivers actionable signals that production teams trust.

Here are the configuration issues the tool checks for:

  • Missing IngressClass references
  • Missing Service references in ingress rules
  • Missing ConfigMap volume references
  • Missing ConfigMap envFrom references
  • Missing Secret volume references
  • Missing Secret envFrom references
  • Missing Secret env var references
  • Missing PVC references
  • Missing StorageClass references
  • Missing ServiceAccount references
  • Containers without CPU/memory requests
  • Containers without CPU/memory limits
  • CPU requests below minimum thresholds
  • Memory requests below minimum thresholds
  • Containers with no resource constraints
  • Containers where requests ≠ limits
  • Pod SecurityContext specifies runAsUser: 0
  • Pod SecurityContext missing runAsNonRoot: true
  • Container SecurityContext specifies runAsUser: 0
  • Container allows privilege escalation
  • Container running in privileged mode
  • Container has writable root filesystem
  • Container adds Linux capabilities
  • Pod has no SecurityContext defined
  • Container has no SecurityContext defined
  • ServiceAccount with ClusterRoleBinding
  • ServiceAccount with dangerous RoleBinding
  • Service selectors that don’t match any pods
  • Services with no ready endpoints despite matching pods
  • Service ports that don’t match container ports
  • Pods not exposed by any Service (warning when enabled)
  • NetworkPolicy selectors that don’t match any pods
  • Namespaces with policies but no default deny
  • Required namespaces missing NetworkPolicies
  • Ingress references to non-existent services
  • Ingress references to non-existent service ports
  • Ingress services with no ready backend pods

    Looks nice, but you still need to deploy, so I don’t understand the value proposal.

Exposing OTel Collector in Kubernetes with Gateway API & mTLS

The steps are the following:

  1. Install Gateway API CRD
  2. Generate Self Signed Certificates
  3. Create otel-collector namespace
  4. Deploying the OTel Collector (Server)
  5. Storing Certificates as Kubernetes Secrets
  6. Configuring the Kubernetes Gateway API Resources
  7. Configuring the External OTel Collector (Client)
  8. Testing the Connection

    An exhaustive blog post to say the least!

Why We Use React + Native Reactive Web Components with RxEL in Early-Stage Deep-Tech Ventures

I’m still unfamiliar with React. I wonder how much you need to know in order to get benefit from using it in early stage startups.

Top 6 features of Spring Boot 3.5
  • Load Properties From Environment Variables
  • SSL Support for Service Connections
  • Annotations to Register Filter and Servlet
  • Cloud Native Buildpacks Improvements
  • Triggering Quartz Jobs From the Actuator
  • Customizing Structured Logging Stack Traces

    The structured logging part seems like a great idea.

What Spring Didn’t Teach You: Becoming a Modern Java Developer with Quarkus
Spring prioritizes abstraction. Quarkus makes the cost of abstraction visible

Indeed, Quarkus favors compile-time code generation to avoid runtime reflection. It’s the main advantage of Quarkus over Spring. Markus doesn’t mention that it increases compilation time, though. I think it’s a trade-off most companies would be happy to make, but it should be described as such.

You were trained to run apps. Quarkus trains you to iterate

While quarkus:dev works great, the authors dimisses Spring Dev Tools as "brittle hot swap code". I’d have liked a detailed list of the griefs.

Configuration as code! Not magic or mystery

Markus compares Spring’s @Value with Quarkus' @ConfigProperty and profiles, while ignoring @ConfigurationProperties and Spring profiles. He also mentions that Quarkus can parse duration, though Spring does the same.

Modern REST without extra runtime baggage

Markus claims it’s easy to migrate to (and from) non-blocking. The example is trivial and focuses on the method signature. I can’t judge whether the same would apply to a real-world method body. Migrating from WebMVC to WebFlux is similar, wrapping the value in a Mono.

In any case, migrating is a once in a lifetime event; you don’t routinely go from one to the other.

Spring taught you to structure for the JVM. Quarkus teaches you to structure for containers.

When you skaffold a new project, Quarkus creates new Dockerfiles–one for the JVM, the other for GraalVM native. After initialization, it’s up to developers to maintain them. On the opposite, Spring Boot leverages Cloud Native Buildpacks, a technology invented by Heroku.

These are two radically different approaches, each with pros and cons; Markus doesn’t compare them.

From Annotations to Actions — Thinking Beyond Decorators

I just don’t understand this section.

Modern Java is more than syntax — it’s about assumptions

There’s no comparison with Spring in this section. Spring can use Java record for entity as well.

Native images are an upgrade — not a requirement

Again, no comparison here.

On a general note, I wish authors writing comparisons would know equally technologies they compare, and not only the technology they advocate for. I know well how hard it is to be at this level. The next best thing is to ask somebody you know and trust from the "opposing team" to do a good faith review. Let’s be frank, we all know each other. It’s possible to reach out and ask.

I personally try my best to abide by this rule. I think the only comparison post I allowed myself was between Apache APISIX and Spring Cloud Gateway. Before publishing, I asked a user of Spring Cloud Gateway I knew and trusted to review the draft.

Beyond Code: APIs as the Next OSS Battleground

Very insightful article.

Moving from SpringBoot to Quarkus

Here’s one more comparison between Quarkus and Spring. This time, it’s a developer’s point of view on his first Quarkus demo project.

Getting Started with Autoscaling in Kubernetes with KEDA

Some nitty-gritty details about Kubernetes Event-driven Autoscaling.

GitHub CLI Enhances Support for Triangular Workflows

TIL: Triangular Workflow. I used the origin and upstream dance a couple of times, but I didn’t know it had a name.

One more reason to choose Postgres over MySQL

Another TIL of the week: transactional +<abbr title="Data Definition Language">DDL</abbr>.

Nicolas Fränkel

Nicolas Fränkel

Nicolas Fränkel is a technologist focusing on cloud-native technologies, DevOps, CI/CD pipelines, and system observability. His focus revolves around creating technical content, delivering talks, and engaging with developer communities to promote the adoption of modern software practices. With a strong background in software, he has worked extensively with the JVM, applying his expertise across various industries. In addition to his technical work, he is the author of several books and regularly shares insights through his blog and open-source contributions.

Read More
A Java Geek weekly 89
Share this