 So welcome everyone, and thanks for joining. So my name is Daniel, and today I'm going to talk a little bit about securing serverless function with the QuarkRest Kubernetes extension. You guys have some experience with developer, some application. Are you a developer or? Oh, cool. Have you heard about the QuarkRest before? Really? Yeah, pretty cool. Yeah. I just remember myself. My name is Daniel. I'm working for Red Hat, a technical marketing major, and then I could develop out-of-kid, specialized current and runtime like QuarkRest and Spring Boot and Node.js, and a little bit try to give some more time to integration, serverless, and some smash to Kubernetes, because I am a CNCP ambassador as well, to evangelize a lot of Kubernetes thing with developers and DevOps engineer and a lot of stuff. Here's my contact information like a Twitter and my YouTube channel and my published book and give it for Sarah just feel free, still whatever you need. So let's get started. So at the very beginning in almost 10 years, more than 10 years, like 2016 actually at a time, the Amazon Lambda on reach of the world to provide serverless capability. At a time, like a normal company needed to buy the big jump of the physical server, virtual machines, something like that, to run application for your business requirements. So serverless, that's not actually serverless, you probably know it's a server full in some area like Amazon's data center or Google, some like that. But for developer perspective, they don't need to worry about infrastructure layer, just develop your application code and deploy it and that's it. The other all that's something we'll take care of by SaaS platform like Amazon Lambda. After that, a few years later, more and more enterprise company jump into the market. Because this is one of good proof, this is not a one-time happening. So a lot of company like a big enterprise companies and startup company, even open source project in the community jump into the market. Like IBM Cloud and Google Function and Azure Function, and serverless.com and recently Kubernetes, K-Native. So how do you get started if you really wanted to design or develop serverless functions, and where is the right place to start? Your application architecture based on serverless capability. Maybe you can go to CNC landscape. I don't want to say I am CSP MBA, so that's why I promote this one, but this is a really good place. There are so many tools like platform and frameworks, even managing the platform and then also manageable on your hand. Also, there are a lot of security complying issues. So whenever you design or develop Microsoft's architecture and Microsoft's application, you always think about security, how to authorize your Microsoft's API, how to handle that like for example, as part of a DevSecOps, you always think about how to integrate your security capability or feature as part of your DevOps pipeline. That was one of the big responsibility of the QA team or system administrator team, but now it's one of the big duty of developers. So now, when you have some chance to design or develop serverless functions with the Java technology or even another language platform, you already always think about and consider what kinds of technology or tools frameworks should be considered for your serverless function application. So the problem is too many choices in this landscape. So for me, I am developer advocate, but sometimes I will be more spend a lot of time to develop application as just normal developer. Whenever I try to start a new project, I try to find out the right tools, the right project in open source communities. But when I go to here and there are a lot of tools and the framework in open source project, and then sometimes I spend a lot of time to figure out which one is appropriate to my cases. So this is a common issues for IT decision maker, or IT leaders, or a developer team lead. So we need something different to fix these issues, or solve this problem, so a little bit more for developer perspective rather than IT ops team. So I'm going to stop the presentation, and let me write into the right demo how it works, and then today I'm going to showcase Quarkus in terms of how do you develop serverless function with the Quarkus framework. So Quarkus is just new Java framework like a Spring Boot. So it's not app server, it's not heavyweight middleware, just a Java framework, and then totally 100 percent open source project, you can actually use that, but it's really more focused on cloud native and Kubernetes native. We can say as you see here is one of my favorite hashtag Kubernetes native Java stack, because Quarkus was born since Kubernetes on reach up in the world. So still we have a lot of cloud native Java stack, like a Spring Boot and Kotlin and then something more, but these all language platform and framework were born for Kubernetes, which means there are still some gap to optimize your Java framework, even not Java. That's why a lot of developer really choose Go or Node.js for developing a serverless function rather than Java technology. But here's the question is there are more than 15 million Java developers around the world, and then the last of the last of the enterprise application already developed based on Java technologies. What if you could use the same Java technologies instead for your advanced serverless or sub-smash application development, it would be awesome. So that's why Quarkus focus on that points. So I'm going to stop presentation here. So this is a terminal window. So there are actually multiple ways to create or scaffold new Java project like a Go to Spring Boot, like a Spring Initial Riser. You can just select some of the dependency and just download Z file and unzip and then open that project, your pre-pro-ID tool like IntelliJ VS Code something like that. That's what you are doing usually. But I'm going to use new command line. So KN is the Kubernetes native command line. KNative is one of the prime build pack. I mean to manage or develop design, your Microsoft application as a sub-less, we can call that KNF serving on Kubernetes. So that's why KNF and the KNF command line actually includes a function capability. It's still a little bit already stagey so we can call that KNFunk. And then you can actually KNFunk and then you can have a few command line here. So like create your new function project and then delete to deploy and build a lot of steps. So I'm going to use just two command line today. You can actually do more but I'm going to try to showcase how simply you can generate sub-less function project first and then deploy into Kubernetes cluster. So pre-fundamental one-on-one basic stuff, but it's still worth running your sub-less function experience today. So I'm going to create to use the first function KNFunk, create the function name like a Quarkus. Let's say QuarkusFunk and then select the runtime. So KNAT function capability actually provide multiple runtime like Java and JavaScript and go Python and Node.js, TypeScript, et cetera. But today I'm going to use Quarkus and that's it. Once it was created and then you have automatically created your project under this directory. So once you go to QuarkusFunk and then you can find that this is a Maven project. So we have some plan to generate Gradle as well, but at this moment we have only Maven architecture and a structure to generate this project. The one interesting is the little bit different thing between the general Maven project versus this one, there are the one Funk YAML file here. So here is the function name QuarkusFunk, you can actually name that whatever you need. Then this indicated your actual namespace where you want to deploy your application on Kubernetes. Then here's a runtime Quarkus and then you can select any other one and I'm going to showcase the radar. The image is once your packaging is application, and then the tag will be all wired here. So the KNFunk command line actually use BuildPack so one of the CNCF project to package and build package your application and once again containerize it and push it into your external container registry like a Docker Hub or a Queda.io or a Google Container Registry, something like that. Then lastly, the BuildPack command line, the tools to push this application to Kubernetes. It's using one of the Kubernetes manifestor, which he already generated during the command line execution. So here's interesting stuff. So there are build map, which means that you can actually select two different types of the builder. So one is JVM, so traditionally, Java create the bytecode and running on JVM, and then this is a really heavy way to run like a subreddit platform like Amazon Lambda or Google Function, and even Kubernetes KNF because it's a Java was designed for dynamic capability, which means once you package your Java code and then you can run any app server, it was awesome back in 1995 over internet technology. But we changed the infrastructure from just a simple app server to immutable infrastructure, aka Kubernetes, which means you just deploy one single microservices at once, and then scale out 1000 parts in one cluster. This is happening every single day. So if you still have the same behavior like a dynamic behavior, like a parsing annotation, and try to interpret your descriptor and enable disable some feature, these all kinds of tasks are happening at runtime when you run your Java application using Java command line. So same working happening all the time, maybe a thousand time, maybe a hundred thousand time, it's not productive and not efficient. So that's why Quarkus get rid of that thing and then put in a shift into build time rather than runtime. And also the native compilation. So it's super fast and the small memory footprint, you use based on ahead of time build strategy rather than just in time build strategy based on Java technology. So Quarkus, you can actually packaging application as a native executable like a EXE file in Windows server system or just go program language. You don't need to JVM any longer to run the Java application, but it's just pre-compact. So for example, you have one let's put API application, it takes maybe one second to start up time. But with the native compilation, it takes 10 milliseconds, almost maybe 100 times or 300 times fast then. And memory footprint is maybe 80 megabyte for memory footprint when you run the JVM application. But when you run the executable on the GRIVEM it takes maybe 4.5 megabyte as a memory footprint. So that's why the Quarkus provide a native compilation and get rid of a lot of repeatable tasks at runtime, which is really fit in serverless function architecture. Okay, so let's try to open this project. Just to make sure how the sample application are generated. So here's my VS code. So a little bit dark here. Can you see the code? This is my Quarkus theme on VS code. So from the JVM file, let me try to a little bit bigger here. Okay. And then here's just the application. So function and just input output is JSON message, just very simple, just like a hello world stuff, but you're going to use JSON rather than just text string. And here's one interesting stuff here, the function. So you probably know to implement a RESTful API in Spring Boot using like the request mapping or something like that. And then Quarkus provides the funky extension, aka dependency. So this Quarkus funky extension allows developer to write those one code and then deploy multiple serverless platform. So once you create the serverless function and then you can deploy multiple serverless platform. For example, Kubernetes Knative or Amazon Render or Azure Function or Google Function. You don't need to change the code. You just only edit or update your configuration, which is like a target information. Here is Google, here is Amazon, here is Kubernetes on-prem, some like that. Because the lots of enterprise companies try to move forward to multi and hybrid cloud infrastructure and strategy. So to accomplish that technology or strategy, so portability is a really good consideration. So just imagine that the one of the big benefit or trace that you wanted to take the container packaging technologies, which will give you portability and immutability as well. So once you packaging container image and you can run any infrastructure running on Linux operating system or Windows server system. You don't need to change that. This is a huge benefit of a container. So same thing and then we, the Quarkus actually provide the same capability with the funky annotation. So which is the funky annotation, this annotation will make your Java method as a serverless function and deploy to serverless platform. For example, when you deploy this serverless function to Kubernetes, it will automatically generate KNAV YAML file, which includes some of Kubernetes KNAV manifestor like a build configuration or deployment configuration and like a CR something like that. That's it. Then here is the application properly here. So here is the, I want to explore if you have multiple functions, and then this time I'm going to expose this function. For example, you can actually deploy one function at a time to Amazon Lambda. So to do that, you need to specify that. So I think that's all and then let me try to change a little bit this configuration. So the currently Quarkus community opens us a project. It's released last week, two, two, three. So let me try to use race to one because there are awesome feature here, and I change the bar.xml, and I just save a file and then go back to function file, and then here is the command line. You can actually use the Maven command line, Maven, Quarkus, and Dev. So this is one of the great feature for developers. Quarkus, one of the beauty of the Quarkus is live coding capability. So whenever you change the code like in a roof development, every single day you have to change the code for bug fix or implement new capability or enhance like a performance issue. Then when you change the code, you need to review, recompile application, and then restart your runtime like a Springboard or embedded the Tomcat, or NetE, et cetera, and then retesting like a unit test, or you can just go to web browser and then try to check the capability or feature manually just whatever you prepared the way. Then once you're done, you commit the code and push it into your GitHub repository or internal Git repository. That's it. That's the end of the development. But if you could get rid of that boring but necessary job like a review, recompile, and repackaging thing, and the framework like a Java framework will take care of that burden for you. Automatically, it should be awesome. So Quarkus that we can call that live coding here. So as you see, here is live coding activated. One interesting here, the test is paused and then when you press R, it will resume testing. So many, many NL project architecture really emphasize on test-driven development. Whenever you create a new feature, you have to add a new unit test on your application project. But most people, most developers just skip that, because I don't have enough time to add my test code. Because I need to more focus on developing actual business function or capability, and skip that, and because it's working on my local machine, and once you push that code into the Git repository, and then some of the developer on your team try to pull and clone and try to add his or her feature with your application as a part of the integration test, sometimes it fail. It should take maybe half a day or one day to figure it out and fix that problem. That's why the test-driven development really important to avoid that potential issues. So Quarkus actually solved that problem with that. So when you press D on your terminal window, I can have some, let me try to do a little bit smaller. So here's your Quarkus WUI. It shows the more visualized and graphical way of what happened on your runtime, for example. So you can put in a lot of dependency on your Maven project or Gradle. I just put in this library, I just put in this one, and then after three months you cannot remember which libraries, which dependency are really necessary. Even sometimes you just copy from your team's project and then try to add your own features, and then you don't care about actually which dependency are really needed to develop your application. So this is a graphical way to find all dependency here. So whenever you add a new dependency or a Quarkus site that we can call the extension, it will show here automatically. One interesting is here is a Compic Editor. So you can see all Compuration, it's not only about application Compuration, it also shows all Compuration which are running on runtime like an infrastructure layer. So you can find here, we're going to use a packaging type, legacy char is already defined by default and a lot of stuff here. Then here is the, you can actually see the open terminal, and then when you click on test running and it automatically run your unit test. Then whenever you change the code, it's automatically retesting. I mean, you can continue testing. You don't need it to maven, battle file or similar the CI CD pipeline shouldn't be triggered whenever you change the code. So let's try to call the endpoint or something like that. I'm going to use like an encode, like this is JSON format. So like a message key and a parameter, like a welcome to Quarka Session at Summit. I'm going to use the HTPy tool and local is the default port 8080, and then I think it's done. Okay. So now I got to welcome Quarka Session and Summit. Then when you go back to here, and then you can actually change anything. So for example, an output message, and then maybe you can just simple like a test, Daniel, my name, I just save a file and then back to the here and just echoing, and then now you can see the different results. But in the meantime, I don't actually try to recompile, repackaging, review, and restart the runtime. So this automatically restart, restart, recompile by Quarka's framework. So for developer perspective, you don't need to care about that any longer. And the one interesting here, when you go to terminal window, and then you've got to fail the test continual testing. Because when you go to test unit, here's my two test unit tests here. So like a hello, and then something the hello message based on Cloud events. So this is the expected result, but actually my application function is working as you see when I call HTTP call. But your test is actually fail. But if you don't have any continual testing capability inside your Java framework, maybe you just skip that. Oh, it's working, application is good. And then move on to the next feature, or just commit it and push it to the container GitHub repository. So this is maybe some of the potential issue. So you can actually quick fix that problem. So I'm going to go back to the function, and then I'm going to try to use the default one today. So this is a really simple thing, and I just make sure that my generated project is working. So I just run this one and just find that it's working. So why don't you try to add a new function? Because I just change my one of the methods. Some people really be doubted. Oh, yeah, maybe why don't you try to add a new class or new method, and then it'll be still working like a live coding. So let me try to showcase that thing. So to do that, let me try to add a new function here. To do that, maybe I want to, okay, let's try to deploy. Okay, here we go. So let's try to deploy this function first, and then I'm going to change the function, and then add the security capability. So back, I'm going to stop my local environment, and the next step, the second and the last command line KM-funk, and deploy, and I'm going to set it on my external container registry. I'm going to use quay.io. You can actually use a Docker Hub, whatever you need. And I'm going to set namespace. So here is my OpenShift cluster, which is based on Kubernetes, the race version. So here's my namespace here, the quarkasfunk.sec, there's no resource here. I didn't deploy anything at this moment. Now let's try to make sure that we are already same the IgJag namespace here. So queue namespace here, it should be a lot of namespace will be shown up. Okay. So I just stay in the quarkas-funk.sec. So it's the right place, and then I'm going to use KM-funk, deploy, and just set it on my container registry, quay.io, then your O3, and namespace, quarkasfunk.sec, and then I'll put in the verbers. So when you run this command line, it actually trigger the build pack, which is one of the CNC project. It's the first of all, this build pack tried to build packaging this application like a Maven compiler, or Maven packaging something like that. After that, containerize the application like a container image and then push it into that container registry I specify in command line, and then it's tried to deploy Kubernetes. As you see, KNAB serving has become ready. When you go back to our VS code, and you go to Funk.io file, and now you can see namespace is automatically replaced based on from command line, and the tag, and the stream, etc. When you go to target directory, and then there are quarkas, and then some of the resources here. So all of the related resources are automatically generated, and back to the terminal. Now we have the route URL, the endpoint to function. Let's copy that, and then back to the terminal. Yeah, now we got a new quarkas application here, and then go to view logs. Oh, it's too, maybe too small, and then here's a quarkas version, and then here is the JVM running on time, and then here is the a little bit not good resolution, but it's a 0.85 second to start off. It's a pre-faster than any other traditional Java stack, still on JVM, and then back to top-large view, and then it's already terminating because the Kubernetes Knave have scaled down to zero configuration, which is a default 30-second. So if you don't have any request, like on-demand request to the serverless function in 30 seconds, it will be scaled down to zero automatically. It's already gone, and then let's try to hit this container part and it will automatically scale up, just like a serverless behavior, like a core start like Amazon Lambda. So back to the here. So the same, but I'm going to copy the endpoint here, and let's try to de-follow like a common session with cube, and I just hit fire the endpoint, and as you see, your parts automatically start here, and then it's already running, and back to here, we got to have a new output. So this is really easy for developer to create your function project and deploy. I just use the two command line for this demo, and then but in the meantime, I spend a bit more time to explain how it works, and behind the scene, what happened inside that, but still I use the two command line, and then I'm going to deploy one more thing, but to make it differentiated, to deploy an application, I'm going to change the icon here. There are label, push IO, and runtime, equal workers. Okay. So now we have one serverless function based on JVM, and the other one is I'm going to secure this application back to the here, and go to application. So corpus actually have Kubernetes extension which means when you use Kubernetes like a resource like a compiler map or a secret, which is a really good feature to secure your application part. For example, you don't want to store sensitive information like a database username and password on your application. You need to get rid of that thing from application and shipped to your compiler map or secret. So this is a really good security strategy. But in order to do that, you may be generate your own YAML file, and to bind from application to Kubernetes resources. But corpus actually provide that capability on your Java application. You don't need to generate the boring YAML file, sometimes you miss some indentation, and you win the Kubernetes thing. So to do that, first of all, I'm going to add a new corpus extension. You can actually search cube and there's cube config and I just edit it. It's automatically pull down all dependency. When you go back to Palm XML, and then you can find here, all right, here is a new extension automatically downloaded and then back to the application, and let's try to add something like a config properly in the name. It's like a username. I'm going to set it up string valuable like a username. Let's try to add another one, the name is password, password on a string variable like a password. It's pretty simple. I'm going to create a new function, something like that, and then the default function name is equal to your method name. So you can actually specify the default function name, but I'm going to use a secret function name, and then the public method, and then return is like a map type in string and function name. Let's try the same thing, and then create a new hash map, map and new hash map here. I'm going to put the new value of here map to put, and one is like let's say the key is the db username something like the username, and the value is username, and then put it on the password same thing. Let's say db password and password here, and then return the map. Okay. I'm just here. So it looks good, import that thing, and yeah, looks good. Then we're going to use this credential, the method, the function name. So to do that, go to application property, I change that, and then I'm going to use the secret which he already existing or you will create the secret on Kubernetes. So this is the terminal window, and then when I go back to my open cluster, there's a secret menu for developer, and then here I just already create a default secret, and I'm going to create a new secret here. So to generate the secret name db-credentials, and then just a real-all username admin and the password secret just for the task, and I just create that and then back to the here and then now you can have the db-credential, and you can actually see that what is actual value here, the password, the secret, and the username admin, and then back to the here and then db-credential, I just copy, I'm not going to do type of thing today, back to the application, and then here to add a new secret enable. So this compuration allows developer to bind your Java application to remote Kubernetes secret. So first of all, I'm going to make the enable this feature, and then the second thing is, I'm going to specify the secret name, like a db-credential that I created just a little bit ago. Now back to the funk-yaml file, let's try to change that function name, like SCC, print the data, and here the image name and the function name is your name. So just this, that's it. Now back to terminal window, funk-deploy, and then I'm going to use the same registry, so I don't need it to change that, it's Burbers. Oh, yeah, different here. So use that deploy and Burbers. So in the meantime, let's try to just quick show, create to help the what kind of option type here, you have more. So as you see, the runtime, you can actually use Gold, Node.js, Python, and Quarkus, and Rust, Springboard, and TypeScript, and also there are the template. So today we are using HTTP, just call like the request response, but you can actually generate Cloud Event Messaging Processing when you generate serverless function. So sometimes you needed to deploy serverless function with the event-driven architecture like a back-end Kafka server or something like that, with the using Cloud Events. The Cloud Event is showcase common messaging format, because some of the developer wants to define JSON format for event-driven messaging, but some of not using JSON format like a binary or like a product above something like that. So there are a lot of different types of messaging format to communicate among the event-driven application platforms to avoid that kind of problem, the Cloud Events actually provide the standard events format. So back to the terminal, it's already deployed here, and then go to here. So we have a new SCC, the new format serverless function, which already include capability or security. So it's almost terminating. Let's try to give it more like a few seconds, it's totally scaled down to zero, and then we're going to hit the route URL, and then it will automatically start up like a serverless behavior. So it's just done in the click on route URL, and then back to here is QuarkUSA application automatically start, and then you've got to have the return JSON format like a DB passwords, create a DB using an admin. So very simple, this is not real in a project use case, I have to admin, but I'm going to try to showcase how easy to generate serverless function project still using Java Frameup and then deploy. Just to comment right, in the meantime, you can actually edit security capability to use Kubernetes config or a secret, you can actually add a lot of stuff. So let me try to give it a try the one more thing, go back to here, and then you can change that, I could try to new function name, I'm not going to change any source code, but putting the new function name native and then image name native, and then the builder is not going to JVM by using native, and then back to the here, and then just one more time deploy. It will take a little bit longer than previous build because native compilation, it takes a little bit longer because it brings everything related to libraries and dependency and capability in single executable file, and after that containerize that. So native compilation and native executable, you don't need to use every single time for your application development because it depends on what kinds of workloads and application pattern you needed to implement for serverless and it should be good with the native compilation, but you don't need to compile this native compilation thing on your local motion every single time. In reality, you just put this on your CI CD pipeline or key of action or your DevOps pipeline, and so developer only focus on live code and JVM stuff, and once that finish that just trigger your pipeline and then that pipeline will execute the native compilation. But there are small differences JVM and native compilation. For example, if you bring the third-party dependency or library into Quarkus, it could be working on JVM, but it couldn't be working on native compilation because there are some Java reflection issues. So that's why the spring native actually tried to fix the problem. Then if you have some experience, so 10 to spring one in September, and they have announced the roadmap to release spring native and spring six, and spring three, boot framework at the end of the next year and then some of the beta or maybe beginning of next year or middle of the next year, but there are a lot of stuff they have to figure it out. So let's keep this on and I'm going to back to my slide deck to wrap up today, and I'm going to back to my window here. Okay, I have four minutes. All right. So once again, Quarkus is opens as a project and then we'll be more focused on Cloud Native and Kubernetes native Microsoft application development and pretty much focus on serverless and functions. Then with the Quarkus, you can actually pretty easy get starting with the serverless function development, writing code and the packaging, and it will bring to your serverless platform. I just use the Kubernetes today, but you can actually use Amazon Lambda and then a lot of stuff. So you can actually select the DR language platform, if you are some experienced like a Go and like a Node.js or Lust. Then here is the phone key extension support serverless platform like Amazon Lambda here, and then Google Function and Azure Function. So when you use Amazon Lambda, you can have a native compilation capability as well, but Google and Microsoft Azure Function, they don't support native compilation at this moment, and I heard there are some plans in the future, but not at this moment. Then as already showed today, the Kubernetes client and the Kubernetes config and the secret, a lot of stuff you don't need to create your own YAML file to define your Kubernetes resources or a manifestor, because when you print your Java code, it's automatically generate that YAML file for you. Here's my YouTube channel beneath URL Daniel TV. I already created a lot of the technical videos, just like today video, and not just Kubernetes. I just deploy this function to Kubernetes and then I just change this tiny of compilation and just run to Amazon Lambda or Azure Function. It's a pre, like just 10-minute video, and there are a lot of stuff, technical video and tutorial. Feel free to subscribe to my YouTube channel and just let me know if you have any question, the technical demo or opposite technology including CNCF stuff. So if you are more interesting in Quarkus journey, here is a bit in URL, try this Quarkus is 100 percent free, self-paced learning portal, and the code.Quarkus.io, the code generator, similar thing to spring initializer, and here is the IDC report. This is a showcase the performance comparison data between spring boot and Quarkus, like throughput and response time, and the memory footprint, et cetera. So I recently published with my colleague, the new e-book is you can actually download the free, and it's a Quarkus for spring developer. So spring have a lot of use cases, like a data transaction like a JPA, and then persistent and REST API manager, et cetera. We can compare the between that thing, so it'll be helpful, something like a practice. Thanks for joining today, and I'm going to back to just give me one second. It's just run and back to the window, and here's the native, and try to click on, it will scale up to Quarkus application, and then go to view logs, let's find that, okay, here we go. So it's a native compilation, and then here is 80 millisecond to start up. So previously we have 0.75 or 0.85 second, but it's 80 millisecond, it's almost 10 times faster than start up time. Okay, so thanks for attending today, and have a good rest of your summit.