JUGNsk Meetup #12. Александр Белокрылов: "Не клади все яйца в один контейнер".

Transcript

1. 1 WWW.BELL-SW.COM 1 WWW.BELL-SW.COM Александр Белокрылов Дмитрий Чуйко 2019 Не

   клади все яйца в один контейнер

2. 2 WWW.BELL-SW.COM 2 WWW.BELL-SW.COM Кто здесь? Александр Белокрылов @gigabel https://bell-sw.com

   @bellsoftware Liberica JDK – среда исполнения Java SE Ex-employers

3. 3 WWW.BELL-SW.COM 3 WWW.BELL-SW.COM 20 years of history 1997 MCST

   – Moscow Center of SPARC Technologies The company worked as a contractor for Sun Microsystems 2004 Sun Microsystems founded its own Development Center in Saint-Petersburg. 2010 Oracle Corp. acquired Sun Microsystems 2017

4. 4 WWW.BELL-SW.COM 4 WWW.BELL-SW.COM We contribute to ARM x86 SPAR

   C Win

5. 5 WWW.BELL-SW.COM 5 WWW.BELL-SW.COM

6. 6 WWW.BELL-SW.COM 6 WWW.BELL-SW.COM Oracle

7. 7 WWW.BELL-SW.COM 7 WWW.BELL-SW.COM 2019. Микросервисы в контейнере

8. 8 WWW.BELL-SW.COM 8 WWW.BELL-SW.COM 2019. Микросервисы в контейнере

9. 9 WWW.BELL-SW.COM 9 WWW.BELL-SW.COM Контейнеризация l  Linux контейнеры —  cgroups

   —  namespaces —  Isolation —  Управление ресурсами —  Не путать с виртуализацией l  Docker images —  Всего то, конфигуратор l  Docker tools —  Управляй —  Следи —  Оркестрируй

10. 10 WWW.BELL-SW.COM 10 WWW.BELL-SW.COM

11. 11 WWW.BELL-SW.COM 11 WWW.BELL-SW.COM Маленькое Java приложение helloworld.jar

12. 12 WWW.BELL-SW.COM 12 WWW.BELL-SW.COM helloworld.jar JVM

13. 13 WWW.BELL-SW.COM 13 WWW.BELL-SW.COM JVM l  Virtual Machine —  OS

    process —  Runtime —  JIT/code —  GC l  Expectations from containers —  Configuration —  Test ≃ Prod —  Isolation l  We need Java tools —  Management —  Monitoring —  Debug

14. 14 WWW.BELL-SW.COM 14 WWW.BELL-SW.COM

15. 15 WWW.BELL-SW.COM 15 WWW.BELL-SW.COM

16. 16 WWW.BELL-SW.COM 16 WWW.BELL-SW.COM

17. 17 WWW.BELL-SW.COM 17 WWW.BELL-SW.COM JDK 9 l  JDK-6515172 Runtime.availableProcessors() ignores

    Linux taskset command u  docker –cpuset-cpus l  JDK-8161993 G1 crashes if active_processor_count changes during startup l  JDK-8170888 Experimental support for cgroup memory limits in container (ie Docker) environments u  -XX:+UseCGroupMemoryLimitForHeap u  docker --memory

18. 18 WWW.BELL-SW.COM 18 WWW.BELL-SW.COM JDK 10 l  JDK-8146115 Improve docker

    container detection and resource configuration usage u  -XX:+UseContainerSupport u  -XX:ActiveProcessorCount=N u  -Xlog:os+container=trace u  --cpus --cpu-quota –cpu-period u  Deprecate experimental •  JDK-8186248 Allow more flexibility in selecting Heap % of available RAM u  -XX:InitialRAMPercentage u  -XX:MaxRAMPercentage u  -XX:MinRAMPercentage •  JDK-8179498 attach in Linux should be relative to /proc/pid/root and namespace aware

19. 19 WWW.BELL-SW.COM 19 WWW.BELL-SW.COM JDK 11 •  JDK-8197867 Update CPU

    count algorithm when both cpu shares and quotas are used u  -XX:+PreferContainerQuotaForCPUCount u  --cpu-shares •  JDK-8194086 Remove deprecated experimental flag UseCGroupMemoryLimitForHeap •  JDK-8203357 Container Metrics u  -XshowSettings:system •  JDK-8193710 jcmd -l and jps commands do not list Java processes running in Docker containers

20. 20 WWW.BELL-SW.COM 20 WWW.BELL-SW.COM JDK 8 •  JDK 8 GA.

    “...none of my business” •  JDK 8u u  Backports from JDK 9 u  Backports from JDK 10 u  Backports from JDK 11

21. 21 WWW.BELL-SW.COM 21 WWW.BELL-SW.COM JDK 8 •  JDK 8 GA.

    “...none of my business” •  JDK 8u u  Backports from JDK 9 u  Backports from JDK 10 u  Backports from JDK 11 ¯\_(ツ)_/¯

22. 22 WWW.BELL-SW.COM 22 WWW.BELL-SW.COM JEP 346

23. 23 WWW.BELL-SW.COM 23 WWW.BELL-SW.COM JDK 12 •  JEP 346: Promptly

    Return Unused Committed Memory from G1 —  May help in case of overcommit

24. 24 WWW.BELL-SW.COM 24 WWW.BELL-SW.COM JDK 13+ l  JDK-8199944 Add Container

    MBean to JMX l  JDK-8203359 Create new events, and adjust existing events, to account for host/container reporting of resources l  JMC-5901 Utilize information from the host/ container l  JDK-8198715 Investigate adding NUMA container support to hotspot u  --cpuset-mems

25. 25 WWW.BELL-SW.COM 25 WWW.BELL-SW.COM

26. 26 WWW.BELL-SW.COM 26 WWW.BELL-SW.COM

27. 27 WWW.BELL-SW.COM 27 WWW.BELL-SW.COM Service Deployment Libraries Spring Business logic

    CI / CD

28. 28 WWW.BELL-SW.COM 28 WWW.BELL-SW.COM В память об одном популярном имидже

29. 29 WWW.BELL-SW.COM 29 WWW.BELL-SW.COM Base images https://hub.docker.com/u/bellsoft JRE 8u222 JDK

    13 Debian 227 MB 227 MB Centos 307 MB 307 MB Alpine 133 MB 134 MB Alpine musl base 42 MB

30. 30 WWW.BELL-SW.COM 30 WWW.BELL-SW.COM Base images l  Java versions l 

    13 l  8, 11 l  Linux distribution —  Debian —  CentOS —  Alpine —  Alpine musl l  Arch —  x86_64 —  ARM64 —  ARM32

31. 31 WWW.BELL-SW.COM 31 WWW.BELL-SW.COM Demo

32. 32 WWW.BELL-SW.COM 32 WWW.BELL-SW.COM Build alpine-musl image $ mkdir ctx;

    cd ctx $ wget https://github.com/bell-sw/Liberica/blob/master/docker/repos/ liberica-openjdk-alpine-musl/11/Dockerfile $ docker build . --build-arg LIBERICA_IMAGE_VARIANT=base

33. 33 WWW.BELL-SW.COM 33 WWW.BELL-SW.COM Что случилось? $ docker run -it

    --rm -v /export/dchuyko/demo:/demo -p 9000:9000 \ -m 5m debian /demo/jdk8u121/bin/java \ -jar /demo/gs-actuator-service-0.1.0.jar

34. 34 WWW.BELL-SW.COM 34 WWW.BELL-SW.COM Что случилось? $ docker run -it

    --rm -v /export/dchuyko/demo:/demo -p 9000:9000 \ -m 5m debian /demo/jdk8u121/bin/java \ -jar /demo/gs-actuator-service-0.1.0.jar

35. 35 WWW.BELL-SW.COM 35 WWW.BELL-SW.COM Что случилось? или l  -XX:NativeMemoryTracking=summary l 

    jps l  jcmd А сколько памяти достаточно? $ journalctl -f _TRANSPORT=kernel $ docker inspect test -f '{{json .State}}'

36. 36 WWW.BELL-SW.COM 36 WWW.BELL-SW.COM Происходит что-то странное? $ docker run

    -it --rm -v /export/dchuyko/demo:/demo -p 9000:9000 \ -m 128m debian /demo/jdk8u121/bin/java \ -jar /demo/gs-actuator-service-0.1.0.jar $ jmeter.sh -n -t micro.jmx

37. 37 WWW.BELL-SW.COM 37 WWW.BELL-SW.COM Происходит что-то странное? $ docker run

    -it --rm -v /export/dchuyko/demo:/demo -p 9000:9000 \ -m 128m debian /demo/jdk8u121/bin/java \ -jar /demo/gs-actuator-service-0.1.0.jar $ jmeter.sh -n -t micro.jmx

38. 38 WWW.BELL-SW.COM 38 WWW.BELL-SW.COM Что происходит? l  docker stats l 

    jstat l  smem, pmap Никто за нас не подумал $ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:9000 \ -m 768m --memory-swappiness 0 debian /demo/jdk8u121/bin/java \ -jar /demo/gs-actuator-service-0.1.0.jar ~~~~~ Started HelloWorldApplication in 18.584 seconds (JVM running for 20.425)

39. 39 WWW.BELL-SW.COM 39 WWW.BELL-SW.COM AOT cpv – classpath in container.

    $ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:8080 \ -m 768m --memory-swappiness 0 bellsoft/liberica-openjdk-alpine:11.0.4 java \ -XX:+UnlockDiagnosticVMOptions -XX:+LogTouchedMethods \ -cp /demo/thin.jar:$(cat cpv) hello.HelloWorldApplication $ jdk-11.0.4/bin/jcmd 35647 VM.print_touched_methods \ | grep -v "35647" | grep -v "#" >methods.log $ cat methods.log | grep -v SystemModules.hashes | grep -v SystemModules.descriptors \ | tr -d ':' | awk -F "(" '{gsub(/\//,".",$1);print $1"("$2}' \ | awk -F ")" '{gsub(/\//,".",$2);print "compileOnly "$1")"$2}' >methods.list $ docker run -it --rm -v /export/dchuyko/demo:/demo -m 768m --memory-swappiness 0 \ bellsoft/liberica-openjdk-alpine:11.0.4 jaotc \ --compile-commands /demo/methods.list --jar $(cat cpv) \ --info --ignore-errors --output /demo/thin.so

40. 40 WWW.BELL-SW.COM 40 WWW.BELL-SW.COM AppCDS cpv – classpath in container.

    $ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:8080 \ -m 384m --memory-swappiness 0 bellsoft/liberica-openjdk-alpine:11.0.4 \ java -XX:DumpLoadedClassList=/demo/hello-ext.classlist \ -cp /demo/thin.jar:$(cat cpv) hello.HelloWorldApplication $ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:8080 \ -m 384m --memory-swappiness 0 bellsoft/liberica-openjdk-alpine:11.0.4 \ java -Xshare:dump -XX:SharedClassListFile=/demo/hello-ext.classlist \ -XX:SharedArchiveFile=/demo/hello-ext.jsa \ -cp /demo/thin.jar:$(cat cpv) hello.HelloWorldApplication $ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:8080 \ -m 256m --memory-swappiness 0 bellsoft/liberica-openjdk-alpine:11.0.4 \ java -Xshare:on -XX:SharedArchiveFile=/demo/hello-ext.jsa \ -cp /demo/thin.jar:$(cat cpv) hello.HelloWorldApplication

41. 41 WWW.BELL-SW.COM 41 WWW.BELL-SW.COM Startup & footprint improvements x2.5 ÷6

    $ docker run -it --rm -v /export/dchuyko/demo:/demo -p 9000:8080 \ -m 128m --memory-swappiness 0 bellsoft/liberica-openjdk-alpine:11.0.4 \ java -XX:TieredStopAtLevel=1 \ -Xshare:on -XX:SharedArchiveFile=/demo/hello-ext.jsa \ -cp /demo/thin.jar:$(cat cpv) hello.HelloWorldApplication ~~~~~ Started HelloWorldApplication in 7.304 seconds (JVM running for 8.283)

42. 42 WWW.BELL-SW.COM 42 WWW.BELL-SW.COM Выводы l  Java 11 и выше

    работает в контейнере и знает об ограничениях l  Контейнерная диагностика l  Java диагностика l  Все фичи JVM работают в контейнерах l  Используем похожесть окружения для подготовки AppCDS и AOT l  Нужно использовать последние версии —  Безопасность —  Эффективность l  Мудро подходи к выбору базового имиджа l  Помоги своим сервисам быть лучше —  Предупреждай отказы —  Уменьшай футпринт —  Ускоряй стартап

43. 43 WWW.BELL-SW.COM 43 WWW.BELL-SW.COM @gigabel @bellsoftware