Introduction to JIB and Google Cloud Run

Intro to JIB and Google Cloud Run
Saiyam Pathak
Twitter - @saiyampathak
Blog – https://medium.com/@saiyampathak
3rd August 2019

JIB -
Build
containers
faster with Jib

Containers
“Write once, run anywhere”

FROM ubuntu:14.04
RUN apt-get update && apt-get install -y python-software-properties software-properties-common
RUN add-apt-repository ppa:webupd8team/java
RUN echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 boolean true"| debconf-set-selections
RUN apt-get update && apt-get install -y oracle-java8-installer maven
ADD . /usr/local/MyDemo
RUN cd /usr/local/petclinic && mvn install
CMD ["/usr/bin/java", "-cp", "/usr/local/petclinic/target/MyDemo-0.0.1-SNAPSHOT.war
," "petclinic.WebServer"]

FROM openjdk:8
COPY target/my-Demo-*.jar /app.jar
ENTRYPOINT java -jar /app.jar

Problem: openjdk:8 is 284MB
FROM openjdk:8
COPY target/petclinic-*.jar /app.jar

FROM openjdk:8-jre-alpine 82 MB
COPY target/petclinic-*.jar /app.jar

FROM openjdk:8-jre-alpine
COPY target/dependencies /app/dependencies
COPY target/classes /app/classes
ENTRYPOINT java -cp /app/dependencies/*:/app/classes petclinic.WebServer
$ mvn dependencies:copy-dependencies to target/dependencies/

...
<build>
<plugins>
<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>1.0.0</version>
<configuration>
<imageName>ilovejava.io/petclinic-app</imageName>
<baseImage>gcr.io/distroless/java</baseImage>
<entryPoint>["java", "-jar",
"/${project.build.finalName}.jar"]</entryPoint>
<resources>
<resource>
<targetPath>/</targetPath>
<directory>${project.build.directory}</directory>
<include>${project.build.finalName}.jar</include>
</resource>
</resources>
</configuration>
</plugin>
</plugins>
</build>
...

What did we do?
1. Write first Dockerfile
2. Reduce image size
3. Don’t run installs
4. Use better base image
5. Write .dockerignore
6. Improve incremental speed
7. Switch touse a Maven plugin

Containerizing with Docker
Project JAR
docker
Docker
Daemon
Container
Image
Dockerfile
build
send build
push
Registry

I’m a Java developer, I don’t want to have to
care about Dockerfiles
Some Java Developer
Somewhere

Containerizing, simplified
Project Container image
build
on registry

1. Apply the plugin.
Steps:
1. Apply the plugin.
2. mvn jib:build
(or gradle jib)

Project
App
build
Docker daemon
build
Docker context
generate
Advanced Configuration
JVM flags OCI image format credentials program arguments
Project

A “compiler” for
containers

Dockerfile
“script”
FROM base container image

Code
Executable
Compile
Java
Container
Containerize

Java
JAR
jar
Java
Container
Jib

Pure Java Speed
What benefits do w e get from Jib
Reproducibility

A container image is
directory of files

Docker
Image
Format
Tarballs that compose intoa
single filesystem
And a container configuration
Tarball A Tarball B Tarball C
/bin
/usr
/tmp
/var
/jdk /app.jar
Environment variables, entrypoint, etc.
Container configuration

{
"architecture" : "amd64",
"os": "linux",
"config" : {
"Env": [],
"Entrypoint": [
"java",
"-cp",
"/app/libs/*:/app/resources/:/app/classes/" ,
"com.test.HelloWorld"
]
},
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:46e7865bff73b5a0c610bf9f20c91dfafa2518ace8703faaffff551a4773b947" ,
"sha256:6189abe095d53c1c9f2bfc8f50128ee876b9a5d10f9eda1564e5f5357d6ffe61" ,
"sha256:e8292403028e724f0c7686ede4cd89180faa85aeb63cd0e7d560e8a459d83afe" ,
"sha256:ff7666ffd3d45500f4af71f091a603413acb04d028ba03a6698f63819d246cb5" ,
"sha256:db22fdca5c6344265d841ec106e683fb39914f356fb1d8e69accb466a396dc62" ,
"sha256:9aa41c013edd2a6311dcdd4d26129b01b3ba0b08c8adb51759c63501a69d27f5"
]
}
}
checksums
github.com/GoogleContainerTools/jib

Docker
Image
Format
Tarballs that compose intoa
single filesystem
And a container configuration
And a manifest
Tarball A Tarball B Tarball C
/bin
/usr
/tmp
/var
/jdk /app.jar
Tarballs A, B, C, and the configuration
Manifest
Environment variables, entrypoint, etc.
Container configuration

{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json,"
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json,"
"digest": "sha256:181b9f9c20bb2f7f485ffd038140551a758507d6255d46f4f62b3e504948fb8,6"
"size": 635
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip,"
"digest": "sha256:eb05f3dbdb543cc610527248690575bacbbcebabe6ecf665b189cf18b541e3c,a"
"size": 7695857
},
{
"digest": "sha256:ba7c544469e514f1a9a4dec59ab640540d50992b288adbb34a1a63c45bf19a2,4"
"size": 622796
},
{
"digest": "sha256:15705ab016593987662839b40f5a22fd1032996c90808d4a1371eb46974017d,5"
...
]
}
Unique identifiers

distroless
application layers
application layers
Jib i m a g e
github.com/GoogleContainerTools/distroless

Docker registry
Set of layers, container
configurations, andmanifests
build registry
send
100MB layer
50MB layer

Docker registry
build registry
cached
100MB layer
50MB layer
send

Docker registry
build
100MB layer
40MB layer
registry
9MB layer
1MB layer

1MB layer
Docker registry
build
100MB layer
40MB layer
registry
9MB layer
send

Jib does an optimized build like
FROM gcr.io/distroless/java
COPY target/dependencies /app/dependencies
COPY target/resources /app/resources
COPY target/classes /app/classes
ENTRYPOINT java -cp /app/dependencies/*:/app/resources:/app/classes my.app.Main

Why reproducible?
VersionControl Reduce variation between
prod and dev

How?
Wipe metadata that vary
between builds
Timestamps
Users
Groups

Possibilities for a container “compiler”
Smart inferences Container optimizations Evenfaster builds Smaller images
Tools for running the container
Run and debug on Kubernetes

The Future
More containerization tools and Java library for building container images
Release Maven/Gradle plugin for run and debug on Kubernetes (with Skaffold)
Be able to write code and have it run automatically in a distributed container cluster
...

saturnism.me/talk/docker-tips-and-tricks
github.com/GoogleContainerTools/distroless
Special Thanks:
Q Chen - @coollog - For JIB
https://www.youtube.com/watch?v=H6gR_Cv4yWI

Operational
Model
Programming
Model
No Infra Management Managed Security Pay only for usage
Service-based Event-driven Open
What is Serverless

Containers
• Any Language
• Any Library
• Any Binary
• Ecosystem of base images
.js .rb .go
.py .sh …
0 1 0
1 0 0
1 1 1

Containers:
an industry
standard
100
75
50
25
Note
Apr 13, 2017 Sep 24,
2017

Wal-Mart – Confidential – Do not distribute 52

Introducing
Cloud Run
Bringing serverless to containers

Serverless containers, where you want them
Cloud Run (fully managed)
• Fully serverless
• No cluster to manage
• Pay for what you use
Cloud Run on GKE
• Serverless developer experience
• Runs in your GKE cluster

Cloud Run
Container to
production in
seconds
Natively
Serverless
One experience,
where you want it

Cloud Run: Pay-per-use
CPU / Memory / Requests 100ms

Use cases
Public
• Website
• API endpoint
Private
• Microservices
• Asynchronous tasks
• Mobile backend
• Webhook

Wal-Mart – Confidential – Do not distribute 58

Q&A
Also:
● Cloud Run FAQ: github.com/ahmetb/cloud-run-faq
● Anytime on StackOverflow with the google-cloud-run tag
Steren - @steren – Google Cloud Run PM
Special Thanks to :

Thank You
Saiyam Pathak
Twitter - @saiyampathak
Blog – https://medium.com/@saiyampathak
3rd August 2019

Introduction to JIB and Google Cloud Run

More Related Content

What's hot

Similar to Introduction to JIB and Google Cloud Run

Recently uploaded

Introduction to JIB and Google Cloud Run