1

WWW.BELL-SW.COM

1

WWW.BELL-SW.COM

Dmitry ChuykoJVM TeamDo not put all eggs

in one container

2

WWW.BELL-SW.COM

2

WWW.BELL-SW.COM

Who we are

Dmitry Chuyko @dchuyko

http://bell-sw.comLiberica JDK – verified OpenJDK binary

Ex-employers

3

WWW.BELL-SW.COM

3

WWW.BELL-SW.COM

Entertaining statistics

blogs.oracle.com/java-platform-group/the-arrival-of-java-12

4

WWW.BELL-SW.COM

4

WWW.BELL-SW.COM

Containers

5

WWW.BELL-SW.COM

5

WWW.BELL-SW.COM

2019. Microservices in containers we like

6

WWW.BELL-SW.COM

6

WWW.BELL-SW.COM

2019. Microservices in containers we have

7

WWW.BELL-SW.COM

7

WWW.BELL-SW.COM

Containers

Linux containers— cgroups— namespaces— Isolation— Resource management— Not a virtualization

Docker images— Configuration

Docker tools— Management— Monitoring— Orchestration

8

WWW.BELL-SW.COM

8

WWW.BELL-SW.COM

Careless processes in containers

9

WWW.BELL-SW.COM

9

WWW.BELL-SW.COM

Small Java Program

Helloworld.jar

10

WWW.BELL-SW.COM

10

WWW.BELL-SW.COM

Small Java ProgramHelloworld.jar

JVM

11

WWW.BELL-SW.COM

11

WWW.BELL-SW.COM

JVMVirtual Machine

— OS process— Runtime— JIT/code— GC

12

WWW.BELL-SW.COM

12

WWW.BELL-SW.COM

JVMWe need Java tools

— Management— Monitoring— Debug

13

WWW.BELL-SW.COM

13

WWW.BELL-SW.COM

JVMExpectations from containers

— Configuration— Test Prod≃— Isolation

14

WWW.BELL-SW.COM

14

WWW.BELL-SW.COM

JDK 9 JDK-6515172 Runtime.availableProcessors() ignores

Linux taskset command docker –cpuset-cpus

JDK-8161993 G1 crashes if active_processor_count changes during startup

JDK-8170888 Experimental support for cgroup memory limits in container (ie Docker) environments -XX:+UseCGroupMemoryLimitForHeap docker --memory

15

WWW.BELL-SW.COM

15

WWW.BELL-SW.COM

JDK 10 JDK-8146115 Improve docker container detection and resource

configuration usage -XX:+UseContainerSupport -XX:ActiveProcessorCount=N -Xlog:os+container=trace --cpus --cpu-quota –cpu-period Deprecate experimental

JDK-8186248 Allow more flexibility in selecting Heap % of available RAM -XX:InitialRAMPercentage -XX:MaxRAMPercentage -XX:MinRAMPercentage

JDK-8179498 attach in Linux should be relative to /proc/pid/root and namespace aware

16

WWW.BELL-SW.COM

16

WWW.BELL-SW.COM

JDK 11 JDK-8197867 Update CPU count algorithm when

both cpu shares and quotas are used -XX:+PreferContainerQuotaForCPUCount --cpu-shares

JDK-8194086 Remove deprecated experimental flag UseCGroupMemoryLimitForHeap

JDK-8203357 Container Metrics -XshowSettings:system

JDK-8193710 jcmd -l and jps commands do not list Java processes running in Docker containers

17

WWW.BELL-SW.COM

17

WWW.BELL-SW.COM

JDK 8 (AKA the best release) JDK 8 GA

“...none of my business”

JDK 8u Backports from JDK 9 Backports from JDK 10 Backports from JDK 11

18

WWW.BELL-SW.COM

18

WWW.BELL-SW.COM

JEP 346 in G1 JEP 351 in ZGC JEP 189 Shenandoah

19

WWW.BELL-SW.COM

19

WWW.BELL-SW.COM

JDK 12 JEP 346: Promptly Return Unused Committed Memory from G1

— May help in case of overcommit

20

WWW.BELL-SW.COM

20

WWW.BELL-SW.COM

JDK 13+ JDK-8199944 Add Container MBean to JMX

JDK-8203359 Create new events, and adjust existing events, to account for host/container reporting of resources

JMC-5901 Utilize information from the host/container

JDK-8198715 Investigate adding NUMA container support to hotspot --cpuset-mems

JDK-8221173 Elastic Metaspace

21

WWW.BELL-SW.COM

21

WWW.BELL-SW.COM

Containers

22

WWW.BELL-SW.COM

22

WWW.BELL-SW.COM

Service Deployment

Business logic

Spring Libraries

CI / CD

23

WWW.BELL-SW.COM

23

WWW.BELL-SW.COM

In memory of one cherished image

24

WWW.BELL-SW.COM

24

WWW.BELL-SW.COM

Base imageshttps://hub.docker.com/u/bellsoft

JRE 8u222 JDK 13

Debian 227 MB 227 MB

Centos 307 MB 307 MB

Alpine 133 MB 134 MB

Alpine muslbase

42 MB

25

WWW.BELL-SW.COM

25

WWW.BELL-SW.COM

Build alpine-musl image

$ mkdir ctx; cd ctx$ wget https://github.com/bell-sw/Liberica/blob/master/docker/repos/\liberica-openjdk-alpine-musl/11/Dockerfile$ docker build . --build-arg LIBERICA_IMAGE_VARIANT=base

26

WWW.BELL-SW.COM

26

WWW.BELL-SW.COM

Diagnostics

$ journalctl -f _TRANSPORT=kernel

$ docker inspect test -f '{{json .State}}'

or

-XX:NativeMemoryTracking=summary jps jcmd

How much memory is enough

27

WWW.BELL-SW.COM

27

WWW.BELL-SW.COM

Containers

28

WWW.BELL-SW.COM

28

WWW.BELL-SW.COM

Startup & footprint improvements

$ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:8080 \-m 128m --memory-swappiness 0 bellsoft/liberica-openjdk-alpine:11.0.4 \java -XX:TieredStopAtLevel=1 \-Xshare:on -XX:SharedArchiveFile=/demo/hello-ext.jsa \-cp /demo/thin.jar:$(cat cpv) hello.HelloWorldApplication

~~~~~Started HelloWorldApplication in 7.304 seconds (JVM running for 8.283) x2.5

÷6

29

WWW.BELL-SW.COM

29

WWW.BELL-SW.COM

Stay on the safe side, Luke

@dchuyko

http://bell-sw.com

Liberica JDKLiberica Mission Control

@bellsoftware