@breizhcamp #JvmContainer #breizhcamp @breizhcamp JVM & Containers Yoan Rousseau - @yoan_rousseau 

@breizhcamp #JvmContainer #breizhcamp Back to the past 1996 2018 2000 2004 2008 2012 2016 Freebsd Jails Solaris Zone OpenVZ Process Containers Docker LXC Rkt K8s CGroups JDK 1.0 JDK 1.1 J2SE 1.2 J2SE 1.3 J2SE 1.4 J2SE 5.0 Java SE 6 Java SE 7 Java SE 8 Java SE 9 Java SE 10 

@breizhcamp #JvmContainer #breizhcamp JVM 

@breizhcamp #JvmContainer #breizhcamp Java Memory Model - Post JDK-8 Eden Survivor S0 S1 Tenured Metaspace Old generation Young generation Heap Code Cache Non-Heap 

@breizhcamp #JvmContainer #breizhcamp JVM & CPU ● JIT compiler threads ● Garbage Collection threads ● Thread in the common fork-join pool ● Runtime.getRuntime().availableProcessors() ○ Used by external Thread Pool in lib 

@breizhcamp #JvmContainer #breizhcamp Containers 

@breizhcamp #JvmContainer #breizhcamp Namespaces “Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources.” https://en.wikipedia.org/wiki/Linux_namespaces ● PID namespace for process isolation. ● NET namespace for managing network interfaces. ● MNT namespace for managing filesystem mount points. ● UTS namespace for isolating kernel and version identifiers. ● IPC namespace for managing access to IPC resources. 

@breizhcamp #JvmContainer #breizhcamp No CPU or Memory Namespaces ! Namespaces 

@breizhcamp #JvmContainer #breizhcamp Cgroups “Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour.” https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt ● Memory ● CPU ● CPUSet ● BlkIO ● net_cls and net_prio ● Devices 

@breizhcamp #JvmContainer #breizhcamp JVM & Cgroups https://jaxenter.com/nobody-puts-java-container-139373.h tml 

@breizhcamp #JvmContainer #breizhcamp Let’s try 

@breizhcamp #JvmContainer #breizhcamp Any Solutions ● JDK8 1.8.0_131+ (UnlockExperimentalVMOptions / UseCGroupMemoryLimitForHeap.) ○ with partial cgroups support ■ memory ■ cpuset ● fabric8io docker images ○ https://github.com/fabric8io-images/run-java-sh ● Old School configuration ○ XMX for memory ○ XX:ParallelGCThreads, XX:ConcGCThreads for CPU ● Don’t use Container ● Give up the JVM ● JDK10 : The Savior 

@breizhcamp #JvmContainer #breizhcamp What about the JDK10? “The JDK team has committed to making Java a good citizen in a world of containers. JDK10 contains several changes to have the JVM and your apps respect container restrictions. JDK10 is due to be released in March 2018.” https://mjg123.github.io/2018/01/10/Java-in-containers-jdk10.html 

@breizhcamp #JvmContainer #breizhcamp Thanks! 

@breizhcamp #JvmContainer #breizhcamp Reference https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016 http://www.oracle.com/technetwork/java/javase/memorymanagement-whitepaper-150215.pdf