DevConf.cz 2022

Keycloak (https://www.keycloak.org/) is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. To provide identity and metadata about identity of the accessing subject, it processes a significant amount of data about users, groups, requesting applications and many more.

A couple of components are used in this processing, and one of them is (obviously) a storage. Current storage is a combination of relational database and Infinispan. With a greater adoption, it turned out that it has not been designed for a load and extendability that is requested today from a modern project - e.g. it is not possible to freely upgrade Keycloak store without downtime, some use cases hit performance limits, and it is very hard to extend apart from a custom user storage. These drawbacks then led to the decision to spin up a development of completely new store that would address all of the following features:

- No-downtime upgradability
- Fix performance issues of the current storage
- Make it easy to implement and plug in a custom store for selected area (e.g. roles, users)
- Support for text-file configuration
- Support for cloud storages

The newly developed storage is called map storage. It extracts CRUD operations from the existing Keycloak storage layer, and exposes them to the developer. A custom storage can then be developed by implementing this simpler generic interface. This is an improved experience in comparison with the current storage where a number of very specific methods would have to be implemented. This makes it easy to e.g. implement a purely in-memory storage that would read its state from an external YAML file which could be provided e.g. from a Kubernetes configuration.

The other interesting aspect is composition of map storages into a tree. This is needed for example for composing the storages (this is called a federation in the current storage), and adding a caching layer on top of storages. The tree structure allows for creating a flexible structure on the map storage, and brings its own set of problems e.g. with invalidations.

The development of this store has been started already and we are in the middle of getting the new store to a production-ready grade. At this stage, there is an in-memory store available, and there is ongoing development of Postgresql and Infinispan / Hot Rod stores.

In the talks, we will describe the current state of the development as well as methodology on how to create a new custom map storage, and dive into the details of the tree storage and what is needed to build a custom map storage integrable into a tree storage.

Session chairs: Lubomir Terifaj and Michal Ruprich

Sigstore (sigstore.dev) is a collection of young, rapidly growing open source projects in the secure software supply chain space that combine transparency logs, digital identity & attestation technologies, and policy artifacts to enhance the security of software artifacts through the entire development/deployment lifecycle. This talk will include an overview of the projects that make up sigstore, brief demos showing how the different projects interoperate, a survey of current adopters, as well as a review the of project roadmaps for further integration and adoption in the OSS landscape.

Session chairs: Zdenek Dohnal and Lubomir Terifaj

Forget about Machine Learning. Planning optimization is the most profitable AI technology on this planet.

The world is full of planning challenges, such as vehicle routing problems, maintenance scheduling and employee rostering. Find the quickest routes to visit n locations with k vehicles. Or assign shifts to employees, taking into account skills and availability. Few people realize how much AI algorithms improve those solutions. For example, when telco’s started using OptaPlanner to plan their fleet of technicians, many expected a driving time reduction of 1-2%. It was 25%. In some cases, that saves hundreds of millions of dollars and millions of kilograms of CO² emissions, every year.

In this session I’ll show you how to code a highschool timetabling application, with Quarkus and OptaPlanner. It ‘ll generate the perfect lesson schedule, for both students and teachers, taking into account hard and soft constraints.

Session chairs: Zdenek Dohnal and Lubomir Terifaj

You can deploy your applications to Kubernetes; that's great! You can have pipelines and a breadth of tools to do analysis, etc. But what about how you develop and what you develop, and finally, how you interact with applications deployed in Kubernetes while in the development inner loop. How can that be done easier, simpler, faster? Java has been there for a long time, and all of us have ways to develop applications and tools that we all love. So how does Quarkus do any of this differently?

Live coding, adding functionality, extensions without restarting, spinning up dev services e.g., databases, making coding and testing easier and continuous, enhancing the inner loop, etc. In this talk, I will create an application from scratch with Quarkus, add databases to it, add a front-end, stream etc. And finally, work with it while it's deployed in Kubernetes using my dev machine and effectively live code remotely. Join this talk to learn about the Java developers journey to developer Joy!

#lessslides and #morecode

Session chairs: Marek Haičman and Michal Ruprich

Imagine a world where you can access metrics, events, traces and logs in seconds without changing code. Even more, a world where you can run scripts to debug metrics as code. In this session, you will learn about eBPF, a powerful technology with origins in the Linux kernel that holds the potential to fundamentally change how Networking, Observability and Security are delivered.

In this session, we’ll see eBPF monitoring in action applied to the Kafka world as example of a complex Java application: identify Kafka consumers, producers and brokers, see how they interact with each other and how many resources they consume. We'll even show how to measure consumer lag without external components. If you want to know what’s next in Java and Kafka observability in Kubernetes, this session is for you.

Session chairs: Zdenek Dohnal and Lubomir Terifaj

Modern microservices applications need to be able to adjust to change. It doesn’t matter whether these changes concern functional requirements, fluctuating load, or more frequently network and service failures. The system should be able to remain responsive in every situation as defined in the Reactive Manifesto. The reactive programming has recently become a popular programming paradigm. In the Java world, there are already a few options the users can choose from when creating reactive applications like Reactive eXtensions or Reactive Streams. In this session, we will introduce a new set of APIs created under Eclipse MicroProfile called the MicroProfile Reactive Streams Operators (the manipulation of Reactive Streams) and the MicroProfile Reactive Messaging (the development model that allows CDI beans to produce, consume, and process messages) together with the rationale why they are needed in the MicroProfile portfolio and a practical live coded demonstration.

Session chairs: Lubomir Terifaj and Pavel Yadlouski

Go makes it easy for us to do concurrent background tasks - but what happens when the application stops? In this talk, we will have some fun with signals, how to make your Go application listen to those signals and stop gracefully, and how to make sure any background work running in your production containers don't stop abruptly with the help of channels.

This is a real scenario, extracted from a work environment and a real problem to a talk format, and the first few examples will explain the problem and when it'll show up and impact your users and customers before we dive into the solution.

In order to make sure everyone is in the same page, an introduction to how Go routines and channels work will be given, with a brief explanation of what is concurrency and parallelism. Following this introduction, a few important POSIX signals will also be introduced briefly because they'll be important in the next section. Background knowledge on all of this is not necessary, but if the audience knows it previously the following contents will be easier to grasp. If not, they'll probably be a good overview but the contents can be used for further review in the future after the knowledge about concurrency, parallelism and signals are well settled into their brain.

Then we will have a walk-through on how to use channels to listen to interrupt signals and wrap up running work on go routines and how to make this work in real-world scenario, with containers and with a example on how this can be done inside of a Kubernetes cluster to finish running go routines during the termination grace period of pods.

A live demo will be followed and we will live code this solution and see it working (hopefully) on a running Kubernetes cluster.

The base repository for this demo and this talk is this one: [github.com/biancarosa/shutting-down-gracefully](http://github.com/biancarosa/shutting-down-gracefully).

Session chairs: Gaurav Sitlani and Moez Chebbi

In this talk, we will give a quick introduction of Podman, a daemonless container engine used for managing OCI containers and pods as well as its companion projects. A lot of new and awesome features have gone into Podman in the last few months that make container development easier and fit more use cases. We will go over features and improvements such as rootless mode, generate and play kube, podman within podman, podman machine, and many more! We will also be giving live demos during the talk! Join us to learn more about Podman and why it is an awesome tool to manage multiple local containers and how it can serve as a stepping stone to container orchestration. We will end the talk with what future features are in the cards for Podman and a live Q&A!

Session chairs: Gaurav Sitlani and Moez Chebbi