Best Practices to Spring (or Java) to Kubernetes Faster and Easier

Transcript

1. Kubernetes Faster and Easier

2. 2 @saturnism @gcpcloud Ray Tsang Developer Advocate Google Cloud Platform

   Java Champion Spring Cloud GCP spring.io/projects/spring-cloud-gcp gcplab.me/spring @saturnism | saturnism.me

3. 3 @saturnism @gcpcloud Ray Tsang Traveler Photographer flickr.com/saturnism

4. 4 @saturnism @gcpcloud https://www.youtube.com/watch?v=Bcs-inRnLDc

5. 5 @saturnism @gcpcloud 5 Your App

6. 6 @saturnism @gcpcloud Don't start with Kubernetes

7. 7 @saturnism @gcpcloud It all starts with your application Twelve-Factor

   App 12factor.net

8. 8 @saturnism @gcpcloud Test, Test, Test Local Mock, Wiremock, Contract

   TestContainers

9. 9 @saturnism @gcpcloud 9 Containers

10. 10 @saturnism @gcpcloud Power → Responsibility Runtime Environments may be

    Your Responsibility Now!

11. 11 @saturnism @gcpcloud Choose a JDK Container Aware OpenJDK 8u192

    or above

12. 12 @saturnism @gcpcloud OOMKilled Cloud Foundry Buildpack Memory Calculator https://github.com/cloudfoundry/java-buildpack-memory-calculator

13. 13 @saturnism @gcpcloud Native Memory Tracking -XX:NativeMemoryTracking=summary -XX:+PrintNMTStatistics (Doesn't work

    when set via JAVA_TOOL_OPTIONS - must be part of the argument)

14. 14 @saturnism @gcpcloud Container Best Practices saturnism.me/talk/docker-tips-and-tricks/ What's in that

    image? Don't run as root Multi-stage build Create small image Fat JAR to Thin JAR Layering Build cache Pin versions Reduce layer size ...

15. 15 @saturnism @gcpcloud Just Jib It

16. 16 @saturnism @gcpcloud Don't write to container filesystem! Those logs!

17. 17 @saturnism @gcpcloud Configuration via external sources Environmental variable Command

    line arguments

18. 18 @saturnism @gcpcloud 18 Finally, Kubernetes!

19. 19 @saturnism @gcpcloud Local Kubernetes Linux - consider k3s, k3d,

    kind, … Mac - Docker for Desktop, Minikube

20. 20 @saturnism @gcpcloud Keep Base Deployment Simple kubectl create deployment

    myservice --image=... --dry-run -oyaml > k8s/deployment.yaml kubectl create svc clusterip myservice --tcp=8080:8080 --dry-run -oyaml/service.yaml

21. 21 @saturnism @gcpcloud Continuous Development skaffold

22. 22 @saturnism @gcpcloud Resource Limits If you don't' set it,

    your app may use all the memory... Set it at namespace level, or for individual deployments

23. 23 @saturnism @gcpcloud Environments Kustomize

24. 24 @saturnism @gcpcloud Liveness Probe Readiness Probe Signals Lifecycle Hooks

25. 25 @saturnism @gcpcloud Liveness Probe → Restarts Readiness Probe →

    Remove from Service Signals → Shutdown or Killed Lifecycle Hooks → PreStart, PreStop

26. 26 @saturnism @gcpcloud When to use? Failure Means... Practices Example

    Liveness Probe If application is alive. Application will be restarted, and that a restart will help recover. Runs on serving port of the application, e.g., 8080. Don't check dependency. E.g., don't check dependent database connection, etc. A simple /alive URL that returns 200. Readiness Probe Ready to serve requests. Take the pod instance out of load balancer. Flip to ready when application has done all the initializations (cache preloaded). Upon SIGTERM, flip readiness to false. See Graceful Shutdown. /actuator/health on the management port.

27. 27 @saturnism @gcpcloud Anatomy of a Graceful Shutdown 1. Receive

    SIGTERM or PreStop Lifecycle Hook 2. Fail Readiness Probe 3. Receive requests until Kubernetes detects readiness probe failure 4. Kubernetes removes pod endpoint from Service 5. Finish serving in-flight requests 6. Shutdown

28. 28 @saturnism @gcpcloud Production is HARD Pod Security Policy /

    Pod Security Context Expect your app to not work in production environment with hardened security Try this early and fix issues

29. 29 @saturnism @gcpcloud 29 Thanks! spring.io/projects/spring-cloud-gcp cloud.google.com/java Come to the

    Google Cloud Platform Booth! @saturnism | saturnism.me