2017 DevNexus - Docker Tips & Tricks for Java Developers

Transcript

1. @saturnism @googlecloud #kubernetes #devnexus Container Tips & Tricks For Java

   Developers

2. @saturnism @googlecloud #kubernetes #devnexus Ray Tsang Developer Advocate Google Cloud

   Platform @saturnism | +RayTsang

3. @saturnism @googlecloud #kubernetes #devnexus Ray Tsang Developer Architect Traveler Photographer

   flickr.com/saturnism

4. @saturnism @googlecloud #kubernetes #devnexus

5. @saturnism @googlecloud #kubernetes #devnexus Containers!

6. @saturnism @googlecloud #kubernetes #devnexus

7. @saturnism @googlecloud #kubernetes #devnexus Hello World Service - Greet Guestbook

   Service - Create Guestbook Service - Retrieve

8. @saturnism @googlecloud #kubernetes #devnexus Guestbook UI Hello World Service Redis

   session replication greeting MySQL Guestbook Service CRUD

9. @saturnism @googlecloud #kubernetes #devnexus Package & Deployment application.ear app.war helloworld-service.jar

   application.war /... helloworld-service.jar

10. @saturnism @googlecloud #kubernetes #devnexus Machine app.war / app.ear Application Server

    Kernel Shell / CLI / Tools

11. @saturnism @googlecloud #kubernetes #devnexus Machine app.war / app.ear Application Server

    Kernel Shell / CLI / Tools Machine app.war / app.ear Application Server Kernel Shell / CLI / Tools Machine app.war / app.ear Application Server Kernel Shell / CLI / Tools

12. @saturnism @googlecloud #kubernetes #devnexus Old Way: Shared machines kernel libs

    app app app No isolation No namespacing Common libs Highly coupled apps and OS app

13. @saturnism @googlecloud #kubernetes #devnexus Old Way: Virtual machines Some isolation

    Expensive and inefficient Still highly coupled to the guest OS Hard to manage app libs kernel libs app app kernel app libs libs kernel kernel

14. @saturnism @googlecloud #kubernetes #devnexus New Way: Containers libs app libs

    app libs app libs app

15. @saturnism @googlecloud #kubernetes #devnexus Process isolation CPU, Memory, Network, Filesystem,

    ...

16. @saturnism @googlecloud #kubernetes #devnexus Static Binary! Runs anywhere

17. @saturnism @googlecloud #kubernetes #devnexus NOT a VM Just a process

18. @saturnism @googlecloud #kubernetes #devnexus NOT a Security Boundary! Repeat after

    me!

19. @saturnism @googlecloud #kubernetes #devnexus Containerize Option #1 Dockerfile

20. @saturnism @googlecloud #kubernetes #devnexus Containerize Option #2 spotify/docker-maven-plugin mvn docker:build

21. @saturnism @googlecloud #kubernetes #devnexus Containerize Option #3 Docker Hub /

    GitHub saturnism/spring-boot

22. @saturnism @googlecloud #kubernetes #devnexus Containerize Option #4 Slim JARs! spotify/dockerfile-maven-plugin

23. @saturnism @googlecloud #kubernetes #devnexus Containerize Option #5 Fabric8 fabric8 maven

    plugin

24. @saturnism @googlecloud #kubernetes #devnexus Which port? Internal port vs machine

    port

25. @saturnism @googlecloud #kubernetes #devnexus Versioning container image docker tag spring-boot-demo

    spring-boot-demo:1.0 docker tag spring-boot-demo spring-boot-demo:1.0-k39fa

26. @saturnism @googlecloud #kubernetes #devnexus Build Number Plugin http://www.mojohaus.org/buildnumber-maven-plugin/ https://github.com/ktoso/maven-git-commit-id-plugin Append

    build number, or SCM commit hash to image tag

27. @saturnism @googlecloud #kubernetes #devnexus Space Saving Tips

28. @saturnism @googlecloud #kubernetes #devnexus Combine RUN commands apt-get update &&

    \ apt-get install -y --no-install-recommends ... && \ rm -rf /var/lib/apt/lists/* Saves you space.

29. @saturnism @googlecloud #kubernetes #devnexus Don’t Log to Container Filesystem! Log

    to a volume… docker -v /tmp/log:/log Or, better yet, Send it elsewhere! I prefer STDOUT

30. @saturnism @googlecloud #kubernetes #devnexus Clean up disk spaces Every image,

    layer, and, even containers litters docker rm $(docker ps -a -q) docker rmi $(docker images -q --filter dangling=true)

31. @saturnism @googlecloud #kubernetes #devnexus Clean up disk spaces Docker 1.13

    makes it easier docker system prune

32. @saturnism @googlecloud #kubernetes #devnexus Spotify's Docker GC https://github.com/spotify/docker-gc

33. @saturnism @googlecloud #kubernetes #devnexus docker run --rm Removes container afterwards

34. @saturnism @googlecloud #kubernetes #devnexus Security, Immutability

35. @saturnism @googlecloud #kubernetes #devnexus Don't run as root! It's default…

    :( Specify via USER directive and switch users

36. @saturnism @googlecloud #kubernetes #devnexus Know what's in that container Vulernerabilities

37. @saturnism @googlecloud #kubernetes #devnexus Know what's in that public container!

    Vulernerabilities

38. @saturnism @googlecloud #kubernetes #devnexus Security Scanning X-Ray, Quay.io, Stacksmith

39. @saturnism @googlecloud #kubernetes #devnexus Pin your versions Consistent rebuild Repeatability

40. @saturnism @googlecloud #kubernetes #devnexus Java Specific

41. @saturnism @googlecloud #kubernetes #devnexus SecureRandom - slow =( For development

    and testing -Djava.security.egd=file:/dev/urandom

42. @saturnism @googlecloud #kubernetes #devnexus How many CPUs? Red Hat has

    it right - check their scripts! Don't trust Runtime.availableProcessors() https://github.com/fabric8io-images/run-java-sh

43. @saturnism @googlecloud #kubernetes #devnexus JDK 9 https://bugs.openjdk.java.net/browse/JDK-6515172

44. @saturnism @googlecloud #kubernetes #devnexus How much memory? Check Red Hat's

    script! https://github.com/fabric8io-images/run-java-sh java -XX:+PrintFlagsFinal -version | grep HeapSize

45. @saturnism @googlecloud #kubernetes #devnexus Using container for testing https://www.testcontainers.org/

46. @saturnism @googlecloud #kubernetes #devnexus Composition

47. @saturnism @googlecloud #kubernetes #devnexus Let’s run the container! docker run

    -ti -p 8080:8080 helloworld-service

48. @saturnism @googlecloud #kubernetes #devnexus MySQL docker run -d --name mysql

    -p 3306:3306 -e MYSQL_ROOT_PASSWORD=yourpassword -e MYSQL_DATABASE=app mysql

49. @saturnism @googlecloud #kubernetes #devnexus Guestbook Service docker run -ti --name

    guestbookservice --link mysql:mysql saturnism/guestbook-service

50. @saturnism @googlecloud #kubernetes #devnexus Redis docker run -d --name redis

    redis

51. @saturnism @googlecloud #kubernetes #devnexus Hello World Service docker run -ti

    --name helloworldservice \ saturnism/spring-boot-helloworld-service:1.0

52. @saturnism @googlecloud #kubernetes #devnexus Guestbook UI docker run -ti --rm

    --link redis:redis \ --link helloworldservice:helloworldservice \ --link guestbookservice:guestbookservice \ -p 8080:8080 saturnism/spring-boot-helloworld-ui

53. @saturnism @googlecloud #kubernetes #devnexus Test locally! Deployment during development could

    be painful Set environmental variables Use Docker Compose

54. @saturnism @googlecloud #kubernetes #devnexus Docker Compose docker-compose up

55. @saturnism @googlecloud #kubernetes #devnexus Configuration Environmental variable Command line arguments

    Properties files

56. @saturnism @googlecloud #kubernetes #devnexus Don't store credentials... For obvious reasons!

57. @saturnism @googlecloud #kubernetes #devnexus JAVA_OPTS Make sure you can set

    it via the environmental variable!

58. @saturnism @googlecloud #kubernetes #devnexus Dealing low Bandwidth

59. @saturnism @googlecloud #kubernetes #devnexus Bathroom 50" TV Ikea Sofa Bed

    Mini Fridge Closet Door

60. @saturnism @googlecloud #kubernetes #devnexus But the WIFI was FREE! But

    soooooo SLOW

61. @saturnism @googlecloud #kubernetes #devnexus Bad WIFI Good WIFI

62. @saturnism @googlecloud #kubernetes #devnexus 20' 40' 45' 48' 53'

63. @saturnism @googlecloud #kubernetes #devnexus 20' 40' 45' 48' 53' My

    Apartment!

64. @saturnism @googlecloud #kubernetes #devnexus Use Docker Machine In the cloud

    - faster network to download images

65. @saturnism @googlecloud #kubernetes #devnexus Share a Docker Daemon Docker Daemon

    is just a server!

66. @saturnism @googlecloud #kubernetes #devnexus Build inside of Docker container Consistent

    build environment

67. @saturnism @googlecloud #kubernetes #devnexus STDOUT/STDIN You can pipe input and

    outputs like a regular command line

68. @saturnism @googlecloud #kubernetes #devnexus Compression docker build --compress ...

69. @saturnism @googlecloud #kubernetes #devnexus Squashing? This is experimental! docker build

    --squash .

70. @saturnism @googlecloud #kubernetes #devnexus Orchestration!

71. @saturnism @googlecloud #kubernetes #devnexus Use an Orchestrator! Don't deploy containers

    to individual machines yourself… Let an orchestrator do it for you!

72. @saturnism @googlecloud #kubernetes #devnexus Try out Google Container Engine https://cloud.google.com/container-engine/

73. @saturnism @googlecloud #kubernetes #devnexus Thanks! Images by Connie Zhou http://kubernetes.io

    http://bit.ly/1QLg5E1