Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Best Practices to Spring (or Java) to Kubernetes Faster and Easier

5e0c801ac1a5d0512bb9774ab158d06d?s=47 Ray Tsang
October 08, 2019

Best Practices to Spring (or Java) to Kubernetes Faster and Easier

For Spring developers, building containers is a common obstacle on the road to Kubernetes adoption. Traditionally, Dockerfiles define container builds imperatively, but can also be cumbersome, error-prone, and slow. The development cycle can be slow. IDE support is generally poor. Most likely, your Java application will crash with an OOMKill message.

In this talk, we'll introduce tools and best practices to help you adopt Kubernetes faster and easier. This includes tools such as Jib and Skaffold for fast image build and development cycle turnaround time. We'll also discuss best practices for configuring your Java applications to run inside of Kubernetes, such as health checks, zero downtime deployment, externalizing configurations, logging, and understanding memory usage to avoid OOMKilled situations.

Talk at CodeOne and SpringOne. Recording from SpringOne: https://www.youtube.com/watch?v=YTPUNesUIbI&list=PL4uYfigiauVYH4OwOyq8FGbPQOn-JueEf&index=3&t=0s

5e0c801ac1a5d0512bb9774ab158d06d?s=128

Ray Tsang

October 08, 2019
Tweet

Transcript

  1. Kubernetes Faster and Easier

  2. 2 @saturnism @gcpcloud Ray Tsang Developer Advocate Google Cloud Platform

    Java Champion Spring Cloud GCP spring.io/projects/spring-cloud-gcp gcplab.me/spring @saturnism | saturnism.me
  3. 3 @saturnism @gcpcloud Ray Tsang Traveler Photographer flickr.com/saturnism

  4. 4 @saturnism @gcpcloud https://www.youtube.com/watch?v=Bcs-inRnLDc

  5. 5 @saturnism @gcpcloud 5 Your App

  6. 6 @saturnism @gcpcloud Don't start with Kubernetes

  7. 7 @saturnism @gcpcloud It all starts with your application Twelve-Factor

    App 12factor.net
  8. 8 @saturnism @gcpcloud Test, Test, Test Local Mock, Wiremock, Contract

    TestContainers
  9. 9 @saturnism @gcpcloud 9 Containers

  10. 10 @saturnism @gcpcloud Power → Responsibility Runtime Environments may be

    Your Responsibility Now!
  11. 11 @saturnism @gcpcloud Choose a JDK Container Aware OpenJDK 8u192

    or above
  12. 12 @saturnism @gcpcloud OOMKilled Cloud Foundry Buildpack Memory Calculator https://github.com/cloudfoundry/java-buildpack-memory-calculator

  13. 13 @saturnism @gcpcloud Native Memory Tracking -XX:NativeMemoryTracking=summary -XX:+PrintNMTStatistics (Doesn't work

    when set via JAVA_TOOL_OPTIONS - must be part of the argument)
  14. 14 @saturnism @gcpcloud Container Best Practices saturnism.me/talk/docker-tips-and-tricks/ What's in that

    image? Don't run as root Multi-stage build Create small image Fat JAR to Thin JAR Layering Build cache Pin versions Reduce layer size ...
  15. 15 @saturnism @gcpcloud Just Jib It

  16. 16 @saturnism @gcpcloud Don't write to container filesystem! Those logs!

  17. 17 @saturnism @gcpcloud Configuration via external sources Environmental variable Command

    line arguments
  18. 18 @saturnism @gcpcloud 18 Finally, Kubernetes!

  19. 19 @saturnism @gcpcloud Local Kubernetes Linux - consider k3s, k3d,

    kind, … Mac - Docker for Desktop, Minikube
  20. 20 @saturnism @gcpcloud Keep Base Deployment Simple kubectl create deployment

    myservice --image=... --dry-run -oyaml > k8s/deployment.yaml kubectl create svc clusterip myservice --tcp=8080:8080 --dry-run -oyaml/service.yaml
  21. 21 @saturnism @gcpcloud Continuous Development skaffold

  22. 22 @saturnism @gcpcloud Resource Limits If you don't' set it,

    your app may use all the memory... Set it at namespace level, or for individual deployments
  23. 23 @saturnism @gcpcloud Environments Kustomize

  24. 24 @saturnism @gcpcloud Liveness Probe Readiness Probe Signals Lifecycle Hooks

  25. 25 @saturnism @gcpcloud Liveness Probe → Restarts Readiness Probe →

    Remove from Service Signals → Shutdown or Killed Lifecycle Hooks → PreStart, PreStop
  26. 26 @saturnism @gcpcloud When to use? Failure Means... Practices Example

    Liveness Probe If application is alive. Application will be restarted, and that a restart will help recover. Runs on serving port of the application, e.g., 8080. Don't check dependency. E.g., don't check dependent database connection, etc. A simple /alive URL that returns 200. Readiness Probe Ready to serve requests. Take the pod instance out of load balancer. Flip to ready when application has done all the initializations (cache preloaded). Upon SIGTERM, flip readiness to false. See Graceful Shutdown. /actuator/health on the management port.
  27. 27 @saturnism @gcpcloud Anatomy of a Graceful Shutdown 1. Receive

    SIGTERM or PreStop Lifecycle Hook 2. Fail Readiness Probe 3. Receive requests until Kubernetes detects readiness probe failure 4. Kubernetes removes pod endpoint from Service 5. Finish serving in-flight requests 6. Shutdown
  28. 28 @saturnism @gcpcloud Production is HARD Pod Security Policy /

    Pod Security Context Expect your app to not work in production environment with hardened security Try this early and fix issues
  29. 29 @saturnism @gcpcloud 29 Thanks! spring.io/projects/spring-cloud-gcp cloud.google.com/java Come to the

    Google Cloud Platform Booth! @saturnism | saturnism.me