JVM & Container

Transcript

1. @breizhcamp #JvmContainer #breizhcamp @breizhcamp JVM & Containers Yoan Rousseau -

   @yoan_rousseau

2. @breizhcamp #JvmContainer #breizhcamp Back to the past 1996 2018 2000

   2004 2008 2012 2016 Freebsd Jails Solaris Zone OpenVZ Process Containers Docker LXC Rkt K8s CGroups JDK 1.0 JDK 1.1 J2SE 1.2 J2SE 1.3 J2SE 1.4 J2SE 5.0 Java SE 6 Java SE 7 Java SE 8 Java SE 9 Java SE 10

3. @breizhcamp #JvmContainer #breizhcamp JVM

4. @breizhcamp #JvmContainer #breizhcamp Java Memory Model - Post JDK-8 Eden

   Survivor S0 S1 Tenured Metaspace Old generation Young generation Heap Code Cache Non-Heap

5. @breizhcamp #JvmContainer #breizhcamp JVM & CPU • JIT compiler threads

   • Garbage Collection threads • Thread in the common fork-join pool • Runtime.getRuntime().availableProcessors() ◦ Used by external Thread Pool in lib

6. @breizhcamp #JvmContainer #breizhcamp Containers

7. @breizhcamp #JvmContainer #breizhcamp Namespaces “Namespaces are a feature of the

   Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources.” https://en.wikipedia.org/wiki/Linux_namespaces • PID namespace for process isolation. • NET namespace for managing network interfaces. • MNT namespace for managing filesystem mount points. • UTS namespace for isolating kernel and version identifiers. • IPC namespace for managing access to IPC resources.

8. @breizhcamp #JvmContainer #breizhcamp No CPU or Memory Namespaces ! Namespaces

9. @breizhcamp #JvmContainer #breizhcamp Cgroups “Control Groups provide a mechanism for

   aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour.” https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt • Memory • CPU • CPUSet • BlkIO • net_cls and net_prio • Devices

10. @breizhcamp #JvmContainer #breizhcamp JVM & Cgroups https://jaxenter.com/nobody-puts-java-container-139373.h tml

11. @breizhcamp #JvmContainer #breizhcamp Let’s try

12. @breizhcamp #JvmContainer #breizhcamp Any Solutions • JDK8 1.8.0_131+ (UnlockExperimentalVMOptions /

    UseCGroupMemoryLimitForHeap.) ◦ with partial cgroups support ▪ memory ▪ cpuset • fabric8io docker images ◦ https://github.com/fabric8io-images/run-java-sh • Old School configuration ◦ XMX for memory ◦ XX:ParallelGCThreads, XX:ConcGCThreads for CPU • Don’t use Container • Give up the JVM • JDK10 : The Savior

13. @breizhcamp #JvmContainer #breizhcamp What about the JDK10? “The JDK team

    has committed to making Java a good citizen in a world of containers. JDK10 contains several changes to have the JVM and your apps respect container restrictions. JDK10 is due to be released in March 2018.” https://mjg123.github.io/2018/01/10/Java-in-containers-jdk10.html

14. @breizhcamp #JvmContainer #breizhcamp Thanks!

15. @breizhcamp #JvmContainer #breizhcamp Reference https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016 http://www.oracle.com/technetwork/java/javase/memorymanagement-whitepaper-150215.pdf