JVM & Container

Transcript

1. @breizhcamp
   #JvmContainer #breizhcamp @breizhcamp
   JVM & Containers
   Yoan Rousseau - @yoan_rousseau
   

   View Slide

2. @breizhcamp
   #JvmContainer #breizhcamp
   Back to the past
   1996 2018
   2000 2004 2008 2012 2016
   Freebsd
   Jails
   Solaris
   Zone
   OpenVZ
   Process
   Containers
   Docker
   LXC
   Rkt
   K8s
   CGroups
   JDK 1.0
   JDK 1.1
   J2SE 1.2
   J2SE 1.3
   J2SE 1.4
   J2SE 5.0
   Java SE 6
   Java SE 7 Java SE 8
   Java SE 9
   Java SE 10
   

   View Slide

3. @breizhcamp
   #JvmContainer #breizhcamp
   JVM
   

   View Slide

4. @breizhcamp
   #JvmContainer #breizhcamp
   Java Memory Model - Post JDK-8
   Eden
   Survivor
   S0 S1 Tenured Metaspace
   Old generation
   Young generation
   Heap
   Code
   Cache
   Non-Heap
   

   View Slide

5. @breizhcamp
   #JvmContainer #breizhcamp
   JVM & CPU
   ● JIT compiler threads
   ● Garbage Collection threads
   ● Thread in the common fork-join pool
   ● Runtime.getRuntime().availableProcessors()
   ○ Used by external Thread Pool in lib
   

   View Slide

6. @breizhcamp
   #JvmContainer #breizhcamp
   Containers
   

   View Slide

7. @breizhcamp
   #JvmContainer #breizhcamp
   Namespaces
   “Namespaces are a feature of the Linux kernel that partitions kernel resources
   such that one set of processes sees one set of resources while another set of
   processes sees a different set of resources.”
   https://en.wikipedia.org/wiki/Linux_namespaces
   ● PID namespace for process isolation.
   ● NET namespace for managing network interfaces.
   ● MNT namespace for managing filesystem mount points.
   ● UTS namespace for isolating kernel and version identifiers.
   ● IPC namespace for managing access to IPC resources.
   

   View Slide

8. @breizhcamp
   #JvmContainer #breizhcamp
   No CPU or Memory Namespaces !
   Namespaces
   

   View Slide

9. @breizhcamp
   #JvmContainer #breizhcamp
   Cgroups
   “Control Groups provide a mechanism for aggregating/partitioning sets of
   tasks, and all their future children, into hierarchical groups with
   specialized behaviour.”
   https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt
   ● Memory
   ● CPU
   ● CPUSet
   ● BlkIO
   ● net_cls and net_prio
   ● Devices
   

   View Slide

10. @breizhcamp
    #JvmContainer #breizhcamp
    JVM & Cgroups
    https://jaxenter.com/nobody-puts-java-container-139373.h
    tml
    

    View Slide

11. @breizhcamp
    #JvmContainer #breizhcamp
    Let’s try
    

    View Slide

12. @breizhcamp
    #JvmContainer #breizhcamp
    Any Solutions
    ● JDK8 1.8.0_131+ (UnlockExperimentalVMOptions / UseCGroupMemoryLimitForHeap.)
    ○ with partial cgroups support
    ■ memory
    ■ cpuset
    ● fabric8io docker images
    ○ https://github.com/fabric8io-images/run-java-sh
    ● Old School configuration
    ○ XMX for memory
    ○ XX:ParallelGCThreads, XX:ConcGCThreads for CPU
    ● Don’t use Container
    ● Give up the JVM
    ● JDK10 : The Savior
    

    View Slide

13. @breizhcamp
    #JvmContainer #breizhcamp
    What about the JDK10?
    “The JDK team has committed to making Java a good citizen in a world of
    containers. JDK10 contains several changes to have the JVM and your apps
    respect container restrictions. JDK10 is due to be released in March 2018.”
    https://mjg123.github.io/2018/01/10/Java-in-containers-jdk10.html
    

    View Slide

14. @breizhcamp
    #JvmContainer #breizhcamp
    Thanks!
    

    View Slide

15. @breizhcamp
    #JvmContainer #breizhcamp
    Reference
    https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-docker-2016
    http://www.oracle.com/technetwork/java/javase/memorymanagement-whitepaper-150215.pdf
    

    View Slide