User Avatar

Cora Iberkleid 🚢

🌊Kubernetes

3y ago

Developer Advocate at Tanzu by Broadcom focused on Kubernetes and Spring related technologies.

The Java Genie in your Cloud Native Buildpack
Cora Iberkleid 🚢

It's not the first (or last) time you'll hear me say this: ditch your Dockerfiles and start using Cloud Native Buildpacks.

There are so many reasons to heed this advice. I write about some of them in Dockerfiles vs Cloud Native Buildpacks. Today, however, I want to focus on the Paketo Java Buildpack and highlight a few features that I'm willing to bet are not built even into your bestest most favorite Dockerfile.

Hopefully this paints a picture of the kind of features and configuration you can and should expect for your container images.

Security. Don't get it wrong. It won't end well.

Enhancing the security of web applications often involves enabling cryptographic features such as scrambling/unscrambling data (encryption), verifying the integrity and source of messages (authentication), and using trusted certificates to secure transport (HTTPS). If you're serious about protecting yourself and your users, or if you need to show compliance with regulations like Federal Information Processing Standards (FIPS), the Paketo Java Buildpack is here to help.

Paketo enables you to add security providers to the default Java security providers file, and it loads trusted certificates from the OS openssl truststore into the JVM's default keystore. Check and check.

Debugging is hard. Don't make it harder.

The Java Buildpack won't fix your typos, but it can make debugging easier.

If you've built your image using Paketo, you can enable Java Management Extensions (JMX), Java Flight Recorder (JFR), or Java Remote Debugging by simply setting an environment variable and restarting your container. No rebuild required!

Paketo also enables Native Memory Tracking (NMT) by default. No more wondering why the JVM is exceeding your max memory setting, causing your app to crash. You'll see exactly where it is allocating extra native memory.

Look inside the box.

Images built with Buildpacks include a Software Bill of Materials (SBoM)— a structured document detailing exactly what's inside. The Java Buildpacks are very generous with the information they contribute. Remember the Log4j fiasco earlier this year? If your images were built with Paketo, you'd easily be able to identify which were vulnerable, and finding the problem is half the battle to fixing it.

Give it a try!

Cloud Native Buildpacks are not only better. They are easier to use. Win-win.

You can start here and learn more at buildpacks.io.

@ciberkleid
@ciberkleid

The all-in-one writing platform.

Write, publish everywhere, see what works, and become a better writer - all in one place.

Trusted by 80,000+ writers