Docker, Inc., profile picture
Uploaded byDocker, Inc.
PDF, PPTX2,669 views

DCSF19 Docker Containers & Java: What I Wish I Had Been Told

The document presents an overview of the integration of Docker containers with Java, highlighting best practices for creating effective Java Docker images, including size optimization, security, and production readiness. It discusses tools for building and testing, efficient image management, and the benefits of a minimal container OS. Additionally, the document addresses Java's enhancements for container awareness and provides key takeaways for leveraging Docker's capabilities in Java applications.

Embed presentation

Download as PDF, PPTX
Docker containers & java What I wish I’ve been told!
Mohammed Aboullaite @laytoun Deputy CTO - xHub Docker containers & java!
Hi, I’m Fero!
Agenda ● Java in containers … a good idea ? ● Creating effective Java Docker Images: smaller, faster, secure. ● Tools and libraries: build, versioning, testing ● Going to production … what we should know !? ● Java & Docker Container features
Containers are everywhere!
Even if you don’t run containers … You’re in a container! You’re always in a container!
Docker Containers & Java
First try...
Your Java Runtime... ● Oracle JDK ● OpenJDK builds by Oracle ● AdoptOpenJDK builds ● AdoptOpenJDK OpenJ9 builds ● Linux (Red Hat, Debian, Fedora, Arch, Ubuntu) OpenJDK builds ● Azul Zulu ● Amazon Corretto ● SAP SapMachine ● Liberica from Bellsoft https://blog.joda.org/2018/09/time-to-look-beyond-oracles-jdk.html
Image size Java • Java Modularity • Code refactoring • Dependencies Docker • Smaller base image • Layers & Caching (dockerfilelint) • Clean up right away • Dockerignore (faster builds) • Multistage Build • docker-squash https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
Did someone say alpine ?! Lightweight Linux distribution based on musl libc and busybox Project Portola: https://openjdk.java.net/projects/portola/
Did someone say alpine ?!
Java docker image size
Distroless Container Image “Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.” ● Built using Google’s bazel tool ● Provide stripped down base image ● Support for: Java, Golang, Dotnet, Node, Python, C https://github.com/GoogleContainerTools/distroless
Why should I care ?! ● Effective tracking: Improves the signal to noise of scanners (e.g. CVE) ● Time and cost: Faster updates, less network costs ● Security: Less components that can be exploited and smaller attack surface Tips and tricks from Docker captains
Fast startup Java • Java 11 • Class-Data Sharing: since java 5 • Ahead-Of-Time compilation: since java 9 • Native image build: Graal VM
Demo https://github.com/aboullaite/java-docker
Containers are the executables of the cloud!
But ... Java jam jam Java
Maven ● fabric8-maven-plugin (Fabric8) ● dockerfile-maven-plugin (spotify) ● Maven exec plugin (Not elegant!) Maven fabric8 docker maven Maven spotify docker maven spotify docker client Maven maven exec
Gradle ● Docker Gradle Plugin (Benjamin Muschko) ● Docker Gradle Plugin (palantir) ● Docker Gradle Plugin (Transmode) Gradle palantir gradle docker Gradle Transmode gradle docker Docker java client Gradle Benjamin gradle docker Docker java client
Google Jib Fast for incremental builds Daemonless Pure Java Reproducible Maven and Gradle Support
What it does ... FROM gcr.io/distroless/java COPY target/dependencies /app/dependencies COPY target/resources /app/resources COPY target/classes /app/classes ENTRYPOINT java -cp /app/dependencies/*:/app/resources:/app/classes my.app.Main
Image versioning ● Docker Tag command (Semver, Calver, ...) ● Append build number ○ https://www.mojohaus.org/buildnumber-maven-plugin/ ● Git commit hash ○ https://github.com/git-commit-id/maven-git-commit-id-plugin
Security ● Know what in your container ● Vulnerability scanning (Docker EE, Microscanner, Clair, ...) ● Docker Content Trust ● Least privilege ○ Change USER ○ Read-only filesystems ○ Limit ressources ● Minimal container OS (Minimal attack surface) ● Monitoring & Auditing Tips and tricks from the captains session
How about (Integration) testing! ● Real world isolated testing ● Can be run during development ● Reproducible ● As real as possible (databases, brokers, ...) ● Cross platform ● Spot issues before they appear in prod ● Easy to run & maintain!!!
TestContainers ● Java library ● Supports of JVM testing framework (JUnit, Spock, ...) ● Provides lightweight, throwaway instances of common databases ● Port randomisation ● Containers Cleanup on JVM shutdown GenericContainer redis = new GenericContainer( "redis:3.0.6") .withExposedPorts( 6379);
Let’s go to (pre-)production! ● Petclinic: Spring App ● Modernizing legacy app with containers ● Optimizing resources ● Easy scaling ● Cloud ready ● Orchestration
Demo https://github.com/aboullaite/java-docker
Epic fail!
A brief history of containers & ... Container Runtime and Image Format Standards - Jeff Borek & Stephen Walli - KubeCon 2017
… & Java! zeroturnaround - A Short History of Nearly Everything Java https://zeroturnaround.com/rebellabs/a-short-history-of-nearly-everything-java/
JVM ergonomics The JVM has plenty of ergonomics which are based on the underlying system ● Memory ● # CPUs ● Exact CPU model ● Garbage collector ● JIT Optimizations ⇒ -XX:+PrintFlagsFinal -XX:+PrintGCDetails https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/ergonomics.html
Memory Eden Tenured Permanent / Metaspace S0 S1 Young generation Old generation Permanent generation Heap Off Heap
CPU ● VM internal thread pools ● fork/join pool (Streams API) ● Core.asynk ● Elasticsearch ● Tomcat ● Jetty ● Netty ● Wildfly ● ... Runtime.getRuntime().availableProcessors()
Java 8u121 and before … forget about it!
Fabric8 got it right https://github.com/fabric8io-images/run-java-sh
java 9, 8u131 ● -XX:ParallelGCThreads and -XX:CICompilerCount are set based on Containers CPU limits (can be overridden) ○ calculated from --cpuset-cpus ● Memory Configuration ○ -XX:+UnlockExperimentalVMOptions ○ -XX:+UseCGroupMemoryLimitForHeap ○ set -XX:MaxRAMFraction to 2 (default is 4)
Java 10+ & 8u191 + More container awareness ● Improve heap memory allocations [JDK-8196595]: ○ -XX:InitialRAMPercentage, -XX:MaxRAMPercentage and -XX:MinRAMPercentage ○ -XX:InitialRAMFraction, -XX:MaxRAMFraction, and -XX:MinRAMFraction are Deprecated ● The total number of CPUs available to the Java process is calculated from --cpus, --cpu-shares, --cpu-quota [JDK-8146115] ○ Use -XX:-UseContainerSupport to return to the old behavior ○ # processors that the JVM will use internally -XX:ActiveProcessorCount ● Attach in linux became be relative to /proc/pid/root and namespace aware (jcmd, jstack, etc)
Java 11 More container awareness ● Removes -XX:+UnlockExperimentalVMOptions, -XX:+UseCGroupMemoryLimitForHeap [JDK-8194086] ● jcmd -l and jps commands do not list JVMs in Docker containers [JDK-8193710] ● Container Metrics (-XshowSettings:system) [JDK-8204107] ● Update CPU count algorithm when both cpu shares and quotas are used [JDK-8197867] ○ -XX:+PreferContainerQuotaForCPUCount
JVM Troubleshooting & Monitoring ● Built-in tools by JVM: ○ jstat ○ jcmd ○ jmap (Not recommended) ○ jhat … ● Expose JMX port ○ VisualVM ○ jConsole ● Micrometer ● Others: New Relic, Stackify, AppDynamics, Dynatrace... ● Docker commands ○ stats ○ inspect ○ top ● Container aware tools ○ ctop ○ dstat ● CAdvisor ● Prometheus ● Docker EE, Datadog, Sysdig, ...
Key takeaways ● Java <3 Docker ● Start your java 11 journey (or at least 8u191+) ● Java has a rich ecosystem ● Know your tools: ○ Build Custom JRE ○ CDC ○ AOP ○ GraalVM & Substrate VM
Hallway Track Thank you! hallwaytrack.dockercon.com/h allway-tracks/41300/ Wednesday May 1st at 2:00 pm @laytoun

More Related Content

PDF
DCSF19 How To Build Your Containerization Strategy
byDocker, Inc.
 
PDF
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
byDocker, Inc.
 
PDF
DCSF19 Containers for Beginners
byDocker, Inc.
 
PDF
DCSF 19 Building Your Development Pipeline
byDocker, Inc.
 
PDF
DCSF19 Container Security: Theory & Practice at Netflix
byDocker, Inc.
 
PDF
DCEU 18: How To Build Your Containerization Strategy
byDocker, Inc.
 
PDF
DCSF19 CMD and Conquer: Containerizing the Monolith
byDocker, Inc.
 
PDF
DCSF 19 Kubernetes and Container Storage Interface Update
byDocker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
byDocker, Inc.
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
byDocker, Inc.
 
DCSF19 Containers for Beginners
byDocker, Inc.
 
DCSF 19 Building Your Development Pipeline
byDocker, Inc.
 
DCSF19 Container Security: Theory & Practice at Netflix
byDocker, Inc.
 
DCEU 18: How To Build Your Containerization Strategy
byDocker, Inc.
 
DCSF19 CMD and Conquer: Containerizing the Monolith
byDocker, Inc.
 
DCSF 19 Kubernetes and Container Storage Interface Update
byDocker, Inc.
 

What's hot

PDF
Node.js Rocks in Docker for Dev and Ops
byBret Fisher
 
PDF
Modernizing Java Apps with Docker
byDocker, Inc.
 
PDF
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
byDocker, Inc.
 
PPTX
DockerCon 15 Keynote - Day 2
byDocker, Inc.
 
PDF
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
byDocker, Inc.
 
PDF
Docker for Java Developers - Fabiane Nardon and Arun gupta
byDocker, Inc.
 
PDF
DCEU 18: Docker Enterprise Platform and Architecture
byDocker, Inc.
 
PDF
DockerCon SF 2015: Docker in the New York Times Newsroom
byDocker, Inc.
 
PDF
DCEU 18: Docker Container Security
byDocker, Inc.
 
PPTX
Docker Bday #5, SF Edition: Introduction to Docker
byDocker, Inc.
 
PDF
Building Your Docker Swarm Tech Stack
byBret Fisher
 
PPTX
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
byPatrick Chanezon
 
PDF
Java in a world of containers
byDocker, Inc.
 
PDF
DCEU 18: Developing with Docker Containers
byDocker, Inc.
 
PDF
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
byDocker, Inc.
 
PDF
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
byDocker, Inc.
 
PDF
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
byDocker, Inc.
 
PDF
Containerizing Hardware Accelerated Applications
byDocker, Inc.
 
PDF
DCEU 18: State of the Docker Engine
byDocker, Inc.
 
PDF
Docker in Production, Look No Hands! by Scott Coulton
byDocker, Inc.
 
Node.js Rocks in Docker for Dev and Ops
byBret Fisher
 
Modernizing Java Apps with Docker
byDocker, Inc.
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
byDocker, Inc.
 
DockerCon 15 Keynote - Day 2
byDocker, Inc.
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
byDocker, Inc.
 
Docker for Java Developers - Fabiane Nardon and Arun gupta
byDocker, Inc.
 
DCEU 18: Docker Enterprise Platform and Architecture
byDocker, Inc.
 
DockerCon SF 2015: Docker in the New York Times Newsroom
byDocker, Inc.
 
DCEU 18: Docker Container Security
byDocker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
byDocker, Inc.
 
Building Your Docker Swarm Tech Stack
byBret Fisher
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
byPatrick Chanezon
 
Java in a world of containers
byDocker, Inc.
 
DCEU 18: Developing with Docker Containers
byDocker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
byDocker, Inc.
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
byDocker, Inc.
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
byDocker, Inc.
 
Containerizing Hardware Accelerated Applications
byDocker, Inc.
 
DCEU 18: State of the Docker Engine
byDocker, Inc.
 
Docker in Production, Look No Hands! by Scott Coulton
byDocker, Inc.
 

Similar to DCSF19 Docker Containers & Java: What I Wish I Had Been Told

PDF
Commit to excellence - Java in containers
byRed Hat Developers
 
PDF
Java in a World of Containers - DockerCon 2018
byArun Gupta
 
PDF
Java and Containers - Make it Awesome !
byDinakar Guniguntala
 
PDF
JVMs in Containers
byDavid Delabassee
 
PDF
JVMs in Containers - Best Practices
byDavid Delabassee
 
PDF
Effective Spring on Kubernetes
byNeven Cvetković
 
PPTX
Michal Kordas "Docker: Good, Bad or Both"
byLogeekNightUkraine
 
PPTX
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
byDaniel Bryant
 
PDF
ContainerWorkloadwithSemeru.pdf
bySumanMitra22
 
PDF
Vagrant or docker for java dev environment
byOrest Ivasiv
 
PDF
Java and Container - Make it Awesome !
byDinakar Guniguntala
 
PPTX
DockerCon EU 2018 "Continuous Delivery with Docker and Java"
byDaniel Bryant
 
PDF
DCEU 18: Continuous Delivery with Docker Containers and Java: The Good, the B...
byDocker, Inc.
 
PDF
Serverless Java: JJUG CCC 2019
byShaun Smith
 
PDF
Serverless Java - Challenges and Triumphs
byDavid Delabassee
 
PDF
Best Practices for Developing & Deploying Java Applications with Docker
byEric Smalling
 
PDF
Разработка cloud-native Java-приложений для Kubernetes, Егор Волков,Senior Ja...
byDataArt
 
PDF
Docker for Java Developers
byImesh Gunaratne
 
PPTX
Why you’re going to fail running java on docker!
byRed Hat Developers
 
PDF
Mastering java in containers - MadridJUG
byJorge Morales
 
Commit to excellence - Java in containers
byRed Hat Developers
 
Java in a World of Containers - DockerCon 2018
byArun Gupta
 
Java and Containers - Make it Awesome !
byDinakar Guniguntala
 
JVMs in Containers
byDavid Delabassee
 
JVMs in Containers - Best Practices
byDavid Delabassee
 
Effective Spring on Kubernetes
byNeven Cvetković
 
Michal Kordas "Docker: Good, Bad or Both"
byLogeekNightUkraine
 
J1 2015 "Debugging Java Apps in Containers: No Heavy Welding Gear Required"
byDaniel Bryant
 
ContainerWorkloadwithSemeru.pdf
bySumanMitra22
 
Vagrant or docker for java dev environment
byOrest Ivasiv
 
Java and Container - Make it Awesome !
byDinakar Guniguntala
 
DockerCon EU 2018 "Continuous Delivery with Docker and Java"
byDaniel Bryant
 
DCEU 18: Continuous Delivery with Docker Containers and Java: The Good, the B...
byDocker, Inc.
 
Serverless Java: JJUG CCC 2019
byShaun Smith
 
Serverless Java - Challenges and Triumphs
byDavid Delabassee
 
Best Practices for Developing & Deploying Java Applications with Docker
byEric Smalling
 
Разработка cloud-native Java-приложений для Kubernetes, Егор Волков,Senior Ja...
byDataArt
 
Docker for Java Developers
byImesh Gunaratne
 
Why you’re going to fail running java on docker!
byRed Hat Developers
 
Mastering java in containers - MadridJUG
byJorge Morales
 

More from Docker, Inc.

PDF
Containerize Your Game Server for the Best Multiplayer Experience
byDocker, Inc.
 
PDF
How to Improve Your Image Builds Using Advance Docker Build
byDocker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
PDF
Securing Your Containerized Applications with NGINX
byDocker, Inc.
 
PDF
How To Build and Run Node Apps with Docker and Compose
byDocker, Inc.
 
PDF
Hands-on Helm
byDocker, Inc.
 
PDF
Distributed Deep Learning with Docker at Salesforce
byDocker, Inc.
 
PDF
The First 10M Pulls: Building The Official Curl Image for Docker Hub
byDocker, Inc.
 
PDF
Monitoring in a Microservices World
byDocker, Inc.
 
PDF
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
byDocker, Inc.
 
PDF
Predicting Space Weather with Docker
byDocker, Inc.
 
PDF
Become a Docker Power User With Microsoft Visual Studio Code
byDocker, Inc.
 
PDF
How to Use Mirroring and Caching to Optimize your Container Registry
byDocker, Inc.
 
PDF
Monolithic to Microservices + Docker = SDLC on Steroids!
byDocker, Inc.
 
PDF
Kubernetes at Datadog Scale
byDocker, Inc.
 
PDF
Labels, Labels, Labels
byDocker, Inc.
 
PDF
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
byDocker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
PDF
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
byDocker, Inc.
 
PDF
Developing with Docker for the Arm Architecture
byDocker, Inc.
 
Containerize Your Game Server for the Best Multiplayer Experience
byDocker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
byDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
Securing Your Containerized Applications with NGINX
byDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
byDocker, Inc.
 
Hands-on Helm
byDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
byDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
byDocker, Inc.
 
Monitoring in a Microservices World
byDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
byDocker, Inc.
 
Predicting Space Weather with Docker
byDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
byDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
byDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
byDocker, Inc.
 
Kubernetes at Datadog Scale
byDocker, Inc.
 
Labels, Labels, Labels
byDocker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
byDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
byDocker, Inc.
 
Developing with Docker for the Arm Architecture
byDocker, Inc.
 

Recently uploaded

PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PPTX
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 

DCSF19 Docker Containers & Java: What I Wish I Had Been Told

  • 1.
    Docker containers &java What I wish I’ve been told!
  • 2.
    Mohammed Aboullaite @laytoun Deputy CTO- xHub Docker containers & java!
  • 3.
  • 4.
    Agenda ● Java incontainers … a good idea ? ● Creating effective Java Docker Images: smaller, faster, secure. ● Tools and libraries: build, versioning, testing ● Going to production … what we should know !? ● Java & Docker Container features
  • 5.
  • 6.
    Even if youdon’t run containers … You’re in a container! You’re always in a container!
  • 7.
  • 8.
  • 9.
    Your Java Runtime... ●Oracle JDK ● OpenJDK builds by Oracle ● AdoptOpenJDK builds ● AdoptOpenJDK OpenJ9 builds ● Linux (Red Hat, Debian, Fedora, Arch, Ubuntu) OpenJDK builds ● Azul Zulu ● Amazon Corretto ● SAP SapMachine ● Liberica from Bellsoft https://blog.joda.org/2018/09/time-to-look-beyond-oracles-jdk.html
  • 10.
    Image size Java • JavaModularity • Code refactoring • Dependencies Docker • Smaller base image • Layers & Caching (dockerfilelint) • Clean up right away • Dockerignore (faster builds) • Multistage Build • docker-squash https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
  • 11.
    Did someone sayalpine ?! Lightweight Linux distribution based on musl libc and busybox Project Portola: https://openjdk.java.net/projects/portola/
  • 12.
    Did someone sayalpine ?!
  • 13.
  • 14.
    Distroless Container Image “Distroless"images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.” ● Built using Google’s bazel tool ● Provide stripped down base image ● Support for: Java, Golang, Dotnet, Node, Python, C https://github.com/GoogleContainerTools/distroless
  • 15.
    Why should Icare ?! ● Effective tracking: Improves the signal to noise of scanners (e.g. CVE) ● Time and cost: Faster updates, less network costs ● Security: Less components that can be exploited and smaller attack surface Tips and tricks from Docker captains
  • 16.
    Fast startup Java • Java11 • Class-Data Sharing: since java 5 • Ahead-Of-Time compilation: since java 9 • Native image build: Graal VM
  • 17.
  • 18.
  • 19.
  • 20.
    Maven ● fabric8-maven-plugin (Fabric8) ●dockerfile-maven-plugin (spotify) ● Maven exec plugin (Not elegant!) Maven fabric8 docker maven Maven spotify docker maven spotify docker client Maven maven exec
  • 21.
    Gradle ● Docker GradlePlugin (Benjamin Muschko) ● Docker Gradle Plugin (palantir) ● Docker Gradle Plugin (Transmode) Gradle palantir gradle docker Gradle Transmode gradle docker Docker java client Gradle Benjamin gradle docker Docker java client
  • 22.
    Google Jib Fast forincremental builds Daemonless Pure Java Reproducible Maven and Gradle Support
  • 23.
    What it does... FROM gcr.io/distroless/java COPY target/dependencies /app/dependencies COPY target/resources /app/resources COPY target/classes /app/classes ENTRYPOINT java -cp /app/dependencies/*:/app/resources:/app/classes my.app.Main
  • 24.
    Image versioning ● DockerTag command (Semver, Calver, ...) ● Append build number ○ https://www.mojohaus.org/buildnumber-maven-plugin/ ● Git commit hash ○ https://github.com/git-commit-id/maven-git-commit-id-plugin
  • 25.
    Security ● Know whatin your container ● Vulnerability scanning (Docker EE, Microscanner, Clair, ...) ● Docker Content Trust ● Least privilege ○ Change USER ○ Read-only filesystems ○ Limit ressources ● Minimal container OS (Minimal attack surface) ● Monitoring & Auditing Tips and tricks from the captains session
  • 26.
    How about (Integration) testing! ●Real world isolated testing ● Can be run during development ● Reproducible ● As real as possible (databases, brokers, ...) ● Cross platform ● Spot issues before they appear in prod ● Easy to run & maintain!!!
  • 27.
    TestContainers ● Java library ●Supports of JVM testing framework (JUnit, Spock, ...) ● Provides lightweight, throwaway instances of common databases ● Port randomisation ● Containers Cleanup on JVM shutdown GenericContainer redis = new GenericContainer( "redis:3.0.6") .withExposedPorts( 6379);
  • 28.
    Let’s go to(pre-)production! ● Petclinic: Spring App ● Modernizing legacy app with containers ● Optimizing resources ● Easy scaling ● Cloud ready ● Orchestration
  • 29.
  • 30.
  • 31.
    A brief historyof containers & ... Container Runtime and Image Format Standards - Jeff Borek & Stephen Walli - KubeCon 2017
  • 32.
    … & Java! zeroturnaround- A Short History of Nearly Everything Java https://zeroturnaround.com/rebellabs/a-short-history-of-nearly-everything-java/
  • 33.
    JVM ergonomics The JVMhas plenty of ergonomics which are based on the underlying system ● Memory ● # CPUs ● Exact CPU model ● Garbage collector ● JIT Optimizations ⇒ -XX:+PrintFlagsFinal -XX:+PrintGCDetails https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/ergonomics.html
  • 34.
    Memory Eden Tenured Permanent / Metaspace S0 S1 Younggeneration Old generation Permanent generation Heap Off Heap
  • 35.
    CPU ● VM internalthread pools ● fork/join pool (Streams API) ● Core.asynk ● Elasticsearch ● Tomcat ● Jetty ● Netty ● Wildfly ● ... Runtime.getRuntime().availableProcessors()
  • 36.
    Java 8u121 andbefore … forget about it!
  • 37.
    Fabric8 got itright https://github.com/fabric8io-images/run-java-sh
  • 38.
    java 9, 8u131 ●-XX:ParallelGCThreads and -XX:CICompilerCount are set based on Containers CPU limits (can be overridden) ○ calculated from --cpuset-cpus ● Memory Configuration ○ -XX:+UnlockExperimentalVMOptions ○ -XX:+UseCGroupMemoryLimitForHeap ○ set -XX:MaxRAMFraction to 2 (default is 4)
  • 39.
    Java 10+ &8u191 + More container awareness ● Improve heap memory allocations [JDK-8196595]: ○ -XX:InitialRAMPercentage, -XX:MaxRAMPercentage and -XX:MinRAMPercentage ○ -XX:InitialRAMFraction, -XX:MaxRAMFraction, and -XX:MinRAMFraction are Deprecated ● The total number of CPUs available to the Java process is calculated from --cpus, --cpu-shares, --cpu-quota [JDK-8146115] ○ Use -XX:-UseContainerSupport to return to the old behavior ○ # processors that the JVM will use internally -XX:ActiveProcessorCount ● Attach in linux became be relative to /proc/pid/root and namespace aware (jcmd, jstack, etc)
  • 40.
    Java 11 More containerawareness ● Removes -XX:+UnlockExperimentalVMOptions, -XX:+UseCGroupMemoryLimitForHeap [JDK-8194086] ● jcmd -l and jps commands do not list JVMs in Docker containers [JDK-8193710] ● Container Metrics (-XshowSettings:system) [JDK-8204107] ● Update CPU count algorithm when both cpu shares and quotas are used [JDK-8197867] ○ -XX:+PreferContainerQuotaForCPUCount
  • 41.
    JVM Troubleshooting &Monitoring ● Built-in tools by JVM: ○ jstat ○ jcmd ○ jmap (Not recommended) ○ jhat … ● Expose JMX port ○ VisualVM ○ jConsole ● Micrometer ● Others: New Relic, Stackify, AppDynamics, Dynatrace... ● Docker commands ○ stats ○ inspect ○ top ● Container aware tools ○ ctop ○ dstat ● CAdvisor ● Prometheus ● Docker EE, Datadog, Sysdig, ...
  • 42.
    Key takeaways ● Java<3 Docker ● Start your java 11 journey (or at least 8u191+) ● Java has a rich ecosystem ● Know your tools: ○ Build Custom JRE ○ CDC ○ AOP ○ GraalVM & Substrate VM
  • 43.