Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

JVMs in Containers

634 views

Published on

JFuture Minsk 201

Published in: Software
  • Be the first to comment

  • Be the first to like this

JVMs in Containers

  1. 1. Copyright © 2019 Oracle and/or its affiliates. JVMs in Containers Best Practices David Delabassée - @delabassee DevRel Java Platform Group - Oracle November 2019
  2. 2. Copyright © 2019 Oracle and/or its affiliates. @delabassee
  3. 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Statements in this presentation relating to Oracle’s future plans, expectations, beliefs, intentions and prospects are “forward-looking statements” and are subject to material risks and uncertainties. A detailed discussion of these factors and other risks that affect our business is contained in Oracle’s Securities and Exchange Commission (SEC) filings, including our most recent reports on Form 10-K and Form 10-Q under the heading “Risk Factors.” These filings are available on the SEC’s website or on Oracle’s website at http://www.oracle.com/investor. All information in this presentation is current as of September 2019 and Oracle undertakes no duty to update any statement in light of new information or future events. Safe Harbor Copyright © 2019 Oracle and/or its affiliates.
  4. 4. Copyright © 2019 Oracle and/or its affiliates. Containers
  5. 5. • Package Software into Standardized Units - Development - Shipment - Deployment • Runtimes - Docker, CRI-O, LXC, rkt, runC, systemd-nspawn, OpenVZ, etc. Copyright © 2019 Oracle and/or its affiliates. Container
  6. 6. Copyright © 2019 Oracle and/or its affiliates. Container vs. VM Infrastructure Infrastructure Host OS Host OS Hypervisor Container Daemon Guest OS A Bin/libs App #1 Bin/libs App #1 Bin/libs App #2 Guest OS B Bin/libs App #2
  7. 7. Java Copyright © 2019 Oracle and/or its affiliates.
  8. 8. Tools docker-maven-plugin Jib + jib-maven-plugin Testcontainers … Copyright © 2019 Oracle and/or its affiliates. JVM Container Tooling FaaS Fn Project OpenFaaS OpenWhisk … Frameworks Helidon Quarkus Micronaut …
  9. 9. • JVM should behave as a good (Container) citizen • “Improved latency” Copyright © 2019 Oracle and/or its affiliates. JVM in Containers - Towards a Symbiosis
  10. 10. Hello Container Demo Copyright © 2019 Oracle and/or its affiliates.
  11. 11. Latency Copyright © 2019 Oracle and/or its affiliates.
  12. 12. Copyright © 2019 Oracle and/or its affiliates. Latency Container Start-Up
  13. 13. • 3 “core” layers - Java application and its dependencies - Java Runtime - Operating System • ⇨ Reduce layers size Copyright © 2019 Oracle and/or its affiliates. Stack of Layers
  14. 14. • Dependencies • Leverage Container cache layer mechanism • Anything that is (relatively) static in its own layer • Fat JAR • CDS Shared Archive Copyright © 2019 Oracle and/or its affiliates. Stack of Layers
  15. 15. Copyright © 2019 Oracle and/or its affiliates. Java Runtime Image Modules jlink flags MB JDK Whole JDK! 316 100% Runtime image All (explicit) --add-modules $(java --list-modules) 178 56% 100% Custom runtime image Required modules only --add-modules $(jdeps --print-module-deps …) 50 16% 28% … --no-header-files --no-man-pages --strip-java-debug-attributes 44 14% 25% … --compress=1 37 12% 21% … --compress=2 34 11% 19% 316 MB 178 MB 50 MB 34 MB Serverless Java function (Fn) - openjdk:13
  16. 16. • musl Lightweight, fast, simple, free, C standard library implementation https://www.musl-libc.org • Alpine Security-oriented, lightweight Linux distro with 4MB base image https://www.alpinelinux.org • Project Portola Run the JVM on musl https://openjdk.java.net/projects/portola/ Copyright © 2019 Oracle and/or its affiliates. Operating System
  17. 17. Copyright © 2019 Oracle and/or its affiliates.
  18. 18. Copyright © 2019 Oracle and/or its affiliates. Java Runtime Image Minecraft server java.base, java.compiler, java.desktop, java.management, java.naming, java.rmi, java.scripting, java.sql, jdk.sctp, jdk.unsupported, jdk.zipfs openjdk:13 - 12 modules 88 MB --strip-debug --strip-java-debug-attributes -14 MB --compress=1 -18 MB --compress=2 -31 MB --no-header-file --no-man-pages 0 MB (*) openjdk-11-jdk (debian:buster) - all modules 554 MB (!!) 12 modules 469 MB --strip-native-debug-symbols (new)
  19. 19. Copyright © 2019 Oracle and/or its affiliates. Latency Application Start-Up
  20. 20. 0 10 20 30 40 50 60 70 80 90 8 9 10 11 12 13 time(ms) Hello World Copyright © 2019 Oracle and/or its affiliates. Startup Time • Bootstrap regressions in JDK 9 fixed! Keep on fixing! • +120 startup-related enhancements in JDK 10 through JDK 13!
  21. 21. • Reduce memory footprint between multiple JVMs by sharing common class metadata • Improve startup time • How? - Loads classes from JAR file into a private internal representation - Dumps it to a shared archive - When JVMs (re)starts, the archive is memory-mapped to allow sharing of R/O JVM metadata for these classes among multiple JVMs Copyright © 2019 Oracle and/or its affiliates. Class Data Sharing
  22. 22. CDS Demo Copyright © 2019 Oracle and/or its affiliates.
  23. 23. Copyright © 2019 Oracle and/or its affiliates. Application CDS
  24. 24. Copyright © 2019 Oracle and/or its affiliates. Application CDS jdk-08-u202-b08-hotspot jruby -e 1 real 0m1.601s user 0m4.434s sys 0m0.234s jruby --dev -e 1 real 0m1.216s user 0m1.646s sys 0m0.162s jruby --disable-gems --dev -e 1 real 0m0.853s user 0m1.030s sys 0m0.113s jdk-13.jdk … -J-XX:SharedArchiveFile=jruby.jsa real 0m1.491s user 0m3.378s sys 0m0.220s … -J-XX:SharedArchiveFile=jruby.jsa real 0m1.089s user 0m1.644s sys 0m0.133s … -J-XX:SharedArchiveFile=jruby.jsa real 0m0.717s user 0m0.944s sys 0m0.110s
  25. 25. • Java 5 - Limited to system classes and serial GC • Java 9 - Application CDS and other GCs (commercial feature + JEP 250) • Java 10 - Application CDS (JEP 310) • Java 12 - Default CDS Archives (JEP 341) • Java 13 - Dynamic CDS Archives (JEP 350) - Dynamic archiving of classes at the end of application execution -XX:ArchiveClassesAtExit=my-app-cds.jsa Copyright © 2019 Oracle and/or its affiliates. Class Data Sharing
  26. 26. • High Performance Universal Virtual Machine • Polyglot • … • Native Image - Reduced startup time - Improved foot-print - Reduced image size Copyright © 2019 Oracle and/or its affiliates. GraalVM https://www.graalvm.org
  27. 27. • Java 8 (*) • Not supported - InvokeDynamic and Method Handles, Dynamic Class Un/Loading, Finalizers, Security Manager - JVMTI, JMX, other native VM interfaces • Mostly supported - Reflections, Dynamic Proxy, JNI, Unsafe Memory Access, Static Initializers, References Copyright © 2019 Oracle and/or its affiliates. GraalVM limitations https://github.com/oracle/graal/blob/master/substratevm/LIMITATIONS.md
  28. 28. Copyright © 2019 Oracle and/or its affiliates. Container JVM should behave as a good citizen
  29. 29. JDK-8179498 attach should be relative to /proc/pid/root and namespace aware as jcmd, jstack, ... fail to attach (10) JDK-8146115 Improve Docker container detection & resource config usage (10) JDK-8193710 jcmd –l & jps do not list Java processes running in containers (11) JDK-8203357 Container Metrics (11) JDK-8186248 More flexibility in selecting Heap % of available RAM (8u144) JDK-8203359 JFR jdk.CPUInformation event reports incorrect information when running in Docker container (open) JDK-8199944 Add Container MBean to JMX (open) … Copyright © 2019 Oracle and/or its affiliates. Container Awareness
  30. 30. • The JVM tunes itself based on the system it runs on • Behavior-Based Tuning dynamically optimizes the sizes of the heap to meet an expected behavior - Maximum Pause-time (-XX:MaxGCPauseMillis) - Or Application Throughput (-XX:GCTimeRatio) • Sets defaults for the GC, heap size, and runtime compiler Copyright © 2019 Oracle and/or its affiliates. Ergonomics https://docs.oracle.com/en/java/javase/13/gctuning/ergonomics.html
  31. 31. Ergonomics Demo Copyright © 2019 Oracle and/or its affiliates.
  32. 32. Copyright © 2019 Oracle and/or its affiliates. Wrap-Up
  33. 33. • Reduced “latency” - Container Startup - Application Startup • JVM behaves as a good (Container) citizen Copyright © 2019 Oracle and/or its affiliates. JVMs in Containers
  34. 34. • Use the latest Java version and never java:latest !!! • Only rely on actively-supported versions! • Use a JRE Java runtime image instead of a JDK • Move startup costs to the build phase • It’s “containers as usual” - Docker-bench-security, Snyk, Clair, Anchore, etc. - Small(er) is better - Reduce the potential attack surface - Multistage build, etc. Copyright © 2019 Oracle and/or its affiliates. JVMs in Containers
  35. 35. Copyright © 2019 Oracle and/or its affiliates. Choose your base image wisely
  36. 36. Copyright © 2019 Oracle and/or its affiliates. Choose your base image wisely
  37. 37. Copyright © 2019 Oracle and/or its affiliates. Choose your base image wisely and secure it!
  38. 38. Thank you! Copyright © 2019 Oracle and/or its affiliates. DevRel Java Platform Group - Oracle October 2019 David Delabassée - @delabassee

×