Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kubernetes for java developers - Tutorial at Oracle Code One 2018


Published on

You’re a Java developer? Already familiar with Docker? Want to know more about Kubernetes and its ecosystem for developers? During this session, you’ll get familiar with core Kubernetes concepts (pods, deployments, services, volumes, and so on) before seeing the most-popular and most-productive Kubernetes tools in action, with a special focus on Java development. By the end of the session, you’ll have a better understanding of how you can leverage Kubernetes to speed up your Java deployments on-premises or to any cloud.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Kubernetes for java developers - Tutorial at Oracle Code One 2018

  1. 1. © 2018 Software AG. All rights reserved. Anthony Dahanne @anthonydahanne October 23rd 2018 [TUT5930] KUBERNETES FOR JAVA DEVELOPERS
  2. 2. LET ME INTRODUCE MYSELF „Anthony Dahanne, Software Engineer @Terracotta, a Software AG company „Working on Terracotta cloud deployments (Docker, Kubernetes, AWS, etc.) „Also working on Management and Monitoring for Terracotta products „Montréal JUG leader
  3. 3. AGENDA • Containers & the JVM • Kubernetes 101 • Tools to become a 100x developer with Kubernetes • Integrating with Kubernetes
  4. 4. CONTAINERS IN ONE SLIDE • Containers all use host OS kernel • Host OS can be running in a VM or barebone • Host OS Linux distribution does not matter • only the kernel does ! • Isolation performed with chroot, namespaces, cgroups • namespaces : limit what you can see • pid, net, mnt, uts, ipc, user • cgroups : limit what you can use • memory, CPU, block IO, network (with iptables) THAT’S JUST AN ISOLATED PROCESS !
  5. 5. JAVA AND LINUX CONTAINERS • The JVM “guesses” available CPU and Memory resources available on the host • By default, uses 1/4 of the available memory • Although it can be set manually • -XX:ParallelGCThreads,-XX:CICompilerCount,-Xmx • Since Java SE 8u131, the JVM • is “Docker aware with respect to Docker CPU limits transparently” • has new options for detecting memory limits (not transparent, yet) • -XX:+UnlockExperimentalVMOptions • -XX:+UseCGroupMemoryLimitForHeap BEWARE WHAT THE JVM CAN SEE ! (AND USE !) Since Java 10 (backported to Java 8u191 !) the JVM properly (without -XX) detects CPU and Memory limits
  6. 6. Container, exposing 8080 JVM based webapp, 8080 H2 (in memory db) Ehcache (local caching) REST API Angular 2 UI BASED ON JHIPSTER / SPRING BOOT 2 DOCKERIZING THE DEMO APP
  7. 7. WE ALL KNOW DOCKER, BUT… IS IT THE ONLY OPTION TO BUILD IMAGES AND RUN CONTAINERS ? FROM openjdk EXPOSE 8080 ADD app.jar /app.jar CMD java - jar /app.jar Linux Container Docker / OCI Image Data & Metadata runbuild
  8. 8. WE ALL KNOW DOCKER, BUT… WHAT ARE THE CONTENDERS ? • cri-o • rkt (Daemonless) BUILD RUN* Supports Dockerfile ? IMG Yes Buildah Yes Bazel No (has builder for java) Buildpack No (has builder for java) Jib No (java native builder) And others local (Draft), and cloud builders : DockerHub, Google Cloud Builder, etc. *: that includes registry and storage access
  10. 10. KUBERNETES INTRODUCTION • Initial release June 7th 2014 • Apache 2 License, written in Go • heavily inspired by Borg, internal system from Google • Currently 1.12 (a new release every 3 months on average) • Under the umbrella of the Cloud Native Computing Foundation • that includes Oracle, Intel, IBM, Pivotal, Redhat, etc. • along with Prometheus, Helm, OpenTracing, containerd, CNI, Buildpacks, etc. FROM BORG TO CNCF
  12. 12. Deployment (Declarative Updates) > kubectl set image deployment/tmc-deployment tmc=tmc:10.3 > kubectl rollout status deployment/tmc-deployment Replica Set (Match and Scale definitions) spec: replicas: 3 selector: matchLabels: tier: tmc KUBERNETES WORKLOADS (PODS AND CONTROLLERS) DEPLOYMENT > REPLICA SET > POD > CONTAINER Pod spec: containers: - name: tmc image: store/softwareag/tmc:10.2 command: [‘’] - name: helper-container image: busybox command: ['sh', '-c', 'ping tmc’] volumes: (secrets, configmaps, etc.) hostname: terracotta + Jobs, StatefulSets, Daemon sets, etc. metadata: labels: tier: tmc
  13. 13. KUBERNETES SERVICES (L4) • ClusterIP (default) • Exposes the service on a cluster-internal IP • NodePort • Exposes the service on a port on each node’s IP • LoadBalancer • Exposes the service externally, • using the cluster provided load balancer HOW DO YOU EXPOSE YOUR WORKLOADS “A Kubernetes Service is an abstraction which defines a logical set of Pods and a policy by which to access them” Node A Pod-1 labels tier:frontend Service spec: type: LoadBalancer ports: -port:80 selector: tier:frontend in | outside NodeB Pod-2 labels tier:frontend
  14. 14. KUBERNETES VOLUMES, CONFIG MAPS AND SECRETS • Many types of volumes are available : hostPath, nfs, cloud specific, etc. • ConfigMaps and Secrets are stored on the Kubernetes key/value store YOU CAN MOUNT THEM ALL ! Pod apiVersion: v1 kind: Pod spec: containers: - name: terracotta-server image: store/softwareag/terracotta-server:10.2 volumeMounts: - name: config-volume mountPath: /config - name: data mountPath: /data volumes: - name: config-volume configMap: name: tc-config - name: data hostPath: path: /usr ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: tc-config data: tc-config.xml: | <xml></xml>
  15. 15. KUBERNETES DEPLOYMENTS • Cloud providers • Google Cloud with GKE • Microsoft Azure with AKS • Amazon with Kops and now EKS • Oracle Cloud with OKE • Exoscale, Digital Ocean,OVH, etc. • Playgrounds : Katacoda and Play with Kubernetes CLOUD, ON-PREMISE, LOCAL • On-premise • Hard way • Kubeadm • Local • Minikube • Minishift • Docker for Mac (more on this one later)
  16. 16. Kubernetes Cluster n Terracotta Server Terracotta Server… Demo app MySQL DEPLOYING THE DEMO APP TO KUBERNETES
  17. 17. KUBERNETES PACKAGING : HELM • Helm is installed on the client, Tiller is the server side • With Helm you deploy / create Charts that are run as Releases • In a Chart, you package your Kubernetes manifests, and your dependencies • A very notable feature is the “templatization“ of your Kubernetes manifests APT / YUM FOR KUBERNETES apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "terracotta.fullname" . }} labels: app: {{ template "" . }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ template "" . }} serviceName: {{ template "terracotta.fullname" . }} spec: {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} containers: - name: {{ template "terracotta.fullname" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}”
  19. 19. CLASSIC DOCKER AND KUBERNETES TOOLING • IDE plugins • auto completion for Dockerfile, Kubernetes and Helm! (IntelliJ 2018.3) • To build and deploy images from the IDE • Build tools (Maven / Gradle) Docker integration • Maven Docker plugin, Jib • Docker for Mac / Win 10 •latest stable comes with K8s support • Minikube
  20. 20. KUBERNETES TOOLING : SKAFFOLD • Skaffold goal is to auto re-deploy on change • A month ago jib integration was added • A Kubernetes manifest, a skaffold config file and skaffold dev • watches your source files • rebuilds them (output is a Docker image) on change • (re) deploys your app to Kubernetes MAGICALLY AUTO REDEPLOYS ON CHANGE apiVersion: skaffold/v1alpha4 kind: Config build: artifacts: - image: anthonydahanne/fullstack context: . jibMaven: profile: "dev,skipTestsAndYarn"
  21. 21. KUBERNETES TOOLING : TELEPRESENCE • Telepresence goal is to allow local processes to be available in a remote Kubernetes cluster • A process running on your laptop can access (remote) Kubernetes resources • It can also be seen by them • Most common use case is to replace an existing pod with the telepresence pod that proxies both ways to your local process MAGICALLY DEPLOY LOCAL PROCESSES INTO THE K8S CLUSTER > telepresence --swap-deployment fullstack --expose 8080:80 --run java -jar target/demo-1.0.0-SNAPSHOT.war
  23. 23. MONITORING WITH PROMETHEUS • CNCF graduated / is the basis for an open monitoring format • By default pull metrics from apps; but a Node exporter supports push • Extremely simple to configure for Kubernetes workloads : • Dropwizard metrics, micrometer, etc. provide Prometheus integration for Java MONITORING SYSTEM AND TIME SERIES DATABASE kind: Service metadata: annotations: 'true' '/prometheusMetrics'
  25. 25. KUBERNETES OPERATOR IN JAVA • Operators (or controllers) provide better user experience for deploying and managing complex applications like databases (PostgreSQL, Terracotta server, etc.) • They can create and manage their own Custom Resource Definitions (CRDs) - or provide a CLI or UI via their own REST endpoints USING FABRIC8 OR KUBERNETES JAVA SDK <dependency> <groupId>io.fabric8</groupId> <artifactId>kubernetes-client</artifactId> <version>4.0.3</version> </dependency> <dependency> <groupId>io.kubernetes</groupId> <artifactId>client-java</artifactId> <version>3.0.0-beta2</version> </dependency> Service tmcService = new ServiceBuilder() .withNewMetadata() .withName("tmc") .endMetadata() .withNewSpec() .addNewPort() .withName("tmc-port") .withPort(9480) .endPort() .withType("LoadBalancer") .addToSelector("app", "tmc") .endSpec() .build();
  26. 26. TERRACOTTA OPERATOR ARCHITECTURE Kubernetes Cluster Terracotta Operator REST API CLI / Web UI K8S API Server Java SDK REST calls license tc-configs operator config Terracotta ServerTerracotta Server TMC ConfigMaps Services, StatefulSets A PRIVILEGED POD THAT LISTENS TO THE USER
  27. 27. TERRACOTTA OPERATOR ARCHITECTURE Kubernetes Cluster Terracotta Operator kubectl apply K8S API Server Java SDK Watch license tc-configs operator config Terracotta ServerTerracotta Server TMC ConfigMaps Services, StatefulSets A PRIVILEGED POD THAT LISTENS TO THE API SERVER
  28. 28. THE END ! OR JUST THE BEGINNING ? RBAC Service Mesh Ingress controller …
  29. 29. LINKS AND OTHER REFERENCES • Containers from scratch, talk by Liz Rice • Jib presentation, talk by Qingyang Chen and Appu Goundan • The fullstack demo app (and its jib, kubernetes, helm, scaffold files) is on Github
  30. 30. © 2017 Software AG. All rights reserved. For internal use only Coming up next !