Best Practices to Spring (or Java) to Kubernetes Faster and Easier

5e0c801ac1a5d0512bb9774ab158d06d?s=47 Ray Tsang
October 08, 2019

Best Practices to Spring (or Java) to Kubernetes Faster and Easier

For Spring developers, building containers is a common obstacle on the road to Kubernetes adoption. Traditionally, Dockerfiles define container builds imperatively, but can also be cumbersome, error-prone, and slow. The development cycle can be slow. IDE support is generally poor. Most likely, your Java application will crash with an OOMKill message.

In this talk, we'll introduce tools and best practices to help you adopt Kubernetes faster and easier. This includes tools such as Jib and Skaffold for fast image build and development cycle turnaround time. We'll also discuss best practices for configuring your Java applications to run inside of Kubernetes, such as health checks, zero downtime deployment, externalizing configurations, logging, and understanding memory usage to avoid OOMKilled situations.

Talk at CodeOne and SpringOne. Recording from SpringOne: https://www.youtube.com/watch?v=YTPUNesUIbI&list=PL4uYfigiauVYH4OwOyq8FGbPQOn-JueEf&index=3&t=0s

5e0c801ac1a5d0512bb9774ab158d06d?s=128

Ray Tsang

October 08, 2019
Tweet

Transcript

  1. 2.

    2 @saturnism @gcpcloud Ray Tsang Developer Advocate Google Cloud Platform

    Java Champion Spring Cloud GCP spring.io/projects/spring-cloud-gcp gcplab.me/spring @saturnism | saturnism.me
  2. 14.

    14 @saturnism @gcpcloud Container Best Practices saturnism.me/talk/docker-tips-and-tricks/ What's in that

    image? Don't run as root Multi-stage build Create small image Fat JAR to Thin JAR Layering Build cache Pin versions Reduce layer size ...
  3. 19.

    19 @saturnism @gcpcloud Local Kubernetes Linux - consider k3s, k3d,

    kind, … Mac - Docker for Desktop, Minikube
  4. 20.

    20 @saturnism @gcpcloud Keep Base Deployment Simple kubectl create deployment

    myservice --image=... --dry-run -oyaml > k8s/deployment.yaml kubectl create svc clusterip myservice --tcp=8080:8080 --dry-run -oyaml/service.yaml
  5. 22.

    22 @saturnism @gcpcloud Resource Limits If you don't' set it,

    your app may use all the memory... Set it at namespace level, or for individual deployments
  6. 25.

    25 @saturnism @gcpcloud Liveness Probe → Restarts Readiness Probe →

    Remove from Service Signals → Shutdown or Killed Lifecycle Hooks → PreStart, PreStop
  7. 26.

    26 @saturnism @gcpcloud When to use? Failure Means... Practices Example

    Liveness Probe If application is alive. Application will be restarted, and that a restart will help recover. Runs on serving port of the application, e.g., 8080. Don't check dependency. E.g., don't check dependent database connection, etc. A simple /alive URL that returns 200. Readiness Probe Ready to serve requests. Take the pod instance out of load balancer. Flip to ready when application has done all the initializations (cache preloaded). Upon SIGTERM, flip readiness to false. See Graceful Shutdown. /actuator/health on the management port.
  8. 27.

    27 @saturnism @gcpcloud Anatomy of a Graceful Shutdown 1. Receive

    SIGTERM or PreStop Lifecycle Hook 2. Fail Readiness Probe 3. Receive requests until Kubernetes detects readiness probe failure 4. Kubernetes removes pod endpoint from Service 5. Finish serving in-flight requests 6. Shutdown
  9. 28.

    28 @saturnism @gcpcloud Production is HARD Pod Security Policy /

    Pod Security Context Expect your app to not work in production environment with hardened security Try this early and fix issues