Java inside Docker pitfalls

Java in Docker pitfalls Aleksey Vorobyov

Why Java in Docker is a special case JVM and
libraries decide how much memory and how many threads to use. This decision is based on a host hardware configuration. JVM and many libraries are designed to take a full advantage of all available resources. • JVM ergonomics • Libraries ergonomics These ergonomics work well in VM but not in a container

Docker is a leaking abstraction • Docker uses Linux namespaces
and cgroups • In a docker instance, an application can access a host hardware configuration • Java doesn't know about Docker and cgroups (before April 2017) • Java reads host configuration from /proc not from /sys/fs/cgroup • Demo (htop shows java process)

Naive Scenario • Docker instance doesn’t have limits • Java
without heap limit (no -Xmx option) • I hope nobody does this in production. But it works well in some circumstances. • According to current server JVM ergonomic, JVM will take ¼ of RAM for a heap

How much memory do I need for my Java application?
1. Test an application with a production scenario 2. Capture memory usage a. Easy way. docker stats b. Another way. jcmd <pid> VM.native_memory

Memory in Java JVM allocates memory for • Heap •
Metaspace • Code • GC • Threads • Native objects Start Java with -XX:NativeMemoryTracking=summary jcmd <pid> VM.native_memory

Crash scenario • Docker instance has memory limits • Java
without memory limit • Demo (dmesg)

Normal scenario • Docker instance have memory limits (2 GB)
• Java with -Xmx (1GB) • Regular scenario

Swap scenario • Docker instance have memory limits (600 MB)
• Java with -Xmx (512 MB) • The most difficult to address scenario. From time to time a request latency is not stable

Swap and Crash scenario • Docker instance have memory and
swap limit (700 MB) • Java with -Xmx (512 MB) • Crashes sometimes, hard to reproduce

CPU --cpuset-cpus as for now is the only way to
tell JVM (8u131+) how many real cores you allow to use But this approach is very bad for resource utilization. It’s better • Use --cpus or --cpu-shares and don’t deploy CPU heavy services on the same host. • Configure JVM and an application according to provisioned resources

Useful JVM configuration options -XX:+UseSerialGC Uses only 1 GC thread.
-XX:MaxRAM=n Sets the maximum amount of memory used by the JVM -XX:+UseCGroupMemoryLimitForHeap This flag present in the more recent builds of JDK8 tells the JVM to use the information in /sys/fs/cgroup/memory/memory.limit_in_bytes to calculate memory defaults. -XX:ParallelGCThreads=n Set the number of parallel GC threads to n. This is helpful if you are trying to limit the cpu usage of your container.

Useful tools • dstat • dmesg • htop • jcmd

Java inside Docker pitfalls

Java inside Docker pitfalls

Aleksey Vorobyov

More Decks by Aleksey Vorobyov

Other Decks in Technology

Featured

Transcript

Java in Docker pitfalls Aleksey Vorobyov

Why Java in Docker is a special case JVM and

Docker is a leaking abstraction • Docker uses Linux namespaces

Naive Scenario • Docker instance doesn’t have limits • Java

How much memory do I need for my Java application?

Memory in Java JVM allocates memory for • Heap •

Crash scenario • Docker instance has memory limits • Java

Normal scenario • Docker instance have memory limits (2 GB)

Swap scenario • Docker instance have memory limits (600 MB)

Swap and Crash scenario • Docker instance have memory and

CPU --cpuset-cpus as for now is the only way to

Useful JVM configuration options -XX:+UseSerialGC Uses only 1 GC thread.

Useful tools • dstat • dmesg • htop • jcmd

Q & A