Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access...
Transcript of Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access...
![Page 1: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/1.jpg)
Remain the King in your Container EmpireBernd Fischer
![Page 2: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/2.jpg)
Intro
Remain the King in your Container Empire
![Page 3: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/3.jpg)
King in Container Empire
Passionate Java Developer (especially Spring)Python, Go-Lang
Agile and Devops infectedContainer enthusiast
[email protected]@berndfischer63
JUG Saxony e.V., Docker Community Dresden
CTO MindApproach GmbH, [email protected]
Intro - Who’s that guy?
![Page 4: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/4.jpg)
King in Container EmpireIntro - Who’s that guy?
Disclaimer ….
![Page 5: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/5.jpg)
King in Container EmpireIntro - Objectives
❏ it’s not an intro - you need some knowledge about (Docker) container and linux❏ see: talk/slides JUG Saxony Day 2015
![Page 6: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/6.jpg)
King in Container EmpireIntro - Experience ??? - Projects ???
![Page 7: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/7.jpg)
King in Container EmpireIntro - Experience ??? - Projects ???
https://pixabay.com/en/cloud-weather-forecast-weather-sky-346710/
![Page 8: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/8.jpg)
King in Container EmpireIntro - Experience ??? - Projects ???
https://pixabay.com/en/ship-shipwreck-adventure-setting-1366926/
![Page 9: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/9.jpg)
King in Container EmpireIntro - Experience ??? - Projects ???
https://pixabay.com/en/container-shipping-freight-147973/https://pixabay.com/en/shipwreck-ship-abandoned-carnage-575907/
![Page 10: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/10.jpg)
King in Container EmpireIntro - Objectives
❏ you need some knowledge about (Docker) container and linux - it’s not an intro❏ see: talk/slides JUG Saxony Day 2015
❏ lessons learned since 2015 from and for production
❏ from and for daily business of a Java developer
❏ trouble shooting / debugging
![Page 11: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/11.jpg)
King in Container EmpireIntro - Objectives
https://pixabay.com/en/crown-golden-royal-shining-shiny-312734/
![Page 12: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/12.jpg)
First Lesson
Remain the King in your Container Empire
![Page 13: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/13.jpg)
King in Container EmpireFirst Lesson
http://m.memegen.com/efxili.jpg
Fix issues locally before they hit production
![Page 14: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/14.jpg)
King in Container EmpireFirst Lesson
ContinuousEnvironment
by myself
as possible as identical from dev to prd
![Page 15: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/15.jpg)
Demo Application
Remain the King in your Container Empire
![Page 16: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/16.jpg)
King in Container EmpireDemo Application
Linux (Ubuntu 18.04-LTS/Alpine)
java -jar ...
urlusernamepassword
JVM
Demo-ApplicationSpring Boot Webembedded Tomcat Database
![Page 17: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/17.jpg)
King in Container EmpireDemo Application
![Page 18: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/18.jpg)
King in Container EmpireDemo Application
![Page 19: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/19.jpg)
King in Container EmpireDemo Application
![Page 20: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/20.jpg)
Second LessonAccessing Internal Services
Remain the King in your Container Empire
![Page 21: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/21.jpg)
King in Container EmpireAccess Internal Services
SSH-Server
SSH tunnel
![Page 22: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/22.jpg)
King in Container EmpireAccess Internal Services
# demo-helloworld-web bf$
docker service create --name=sshd --replicas=1 \ --publish="7777:22" \ registry.gitlab.com/aemc/dockerims/sshd:20180927T130729
docker secret create id_rsa_user.pub.v1 $DMO_PUB_KEY
# care about formattingdocker service update \ --secret-add source=id_rsa_user.pub.v1,target= /home/user/.ssh/authorized_keys, mode=0640,uid=1000,gid=1000 \ sshd
![Page 23: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/23.jpg)
King in Container EmpireAccess Internal Services
# demo-helloworld-web bf$
# choose targetexport DMO_SERVICE_NAME=hw_dmo_mysql
# choose network of serviceDMO_NETWORK_ID=\$(docker service inspect $DMO_SERVICE_NAME |\jq -r .[0].Spec.TaskTemplate.Networks[0].Target)
# get name of networkdocker network inspect $DMO_NETWORK_ID | jq -r .[0].Name
docker service update --network-add $DMO_NETWORK_ID sshd
![Page 24: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/24.jpg)
King in Container EmpireAccess Internal Services
![Page 25: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/25.jpg)
King in Container EmpireAccess Internal Services
![Page 26: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/26.jpg)
King in Container EmpireAccess Internal Services
# demo-helloworld-web bf$
...entrypoint: - "java" - "-agentlib:jdwp=transport=dt_socket,server=y, suspend=n,address=*:7777" - "-jar" - "demo-helloworld-web.jar"...
=> service re-creation necessary no change of Docker images necessary
![Page 27: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/27.jpg)
King in Container EmpireAccess Internal Services
# demo-helloworld-web bf$
# check service start commanddocker service inspect hw_dmo_app | jq .[0].Spec.TaskTemplate.ContainerSpec.Command
my-ssh -i $DMO_PRV_KEY [email protected] \ -p 7777 -L 12345:app:7777# stays open ...
![Page 28: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/28.jpg)
King in Container EmpireAccess Internal Services
![Page 29: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/29.jpg)
King in Container EmpireAccess Internal Services
![Page 30: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/30.jpg)
Third LessonAccess Local Services
Remain the King in your Container Empire
![Page 31: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/31.jpg)
King in Container EmpireAccess Local Services
Not in this demo
poor man’s "ngrok"
![Page 32: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/32.jpg)
King in Container EmpireAccess Local Services
# demo-helloworld-web bf$
# additional port to be reachable from "outside world"docker service update sshd --publish-add 2345:2345
# start helloworld-web app in IDE# listen on port 8080
my-ssh -i ~/.ssh/id_rsa_dmo -p 7777 \[email protected] \-R 2345:localhost:8080
# open browser# http d4r-cluster01-m01.aemc.me:2345
![Page 33: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/33.jpg)
King in Container EmpireAccess Local Services
![Page 34: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/34.jpg)
Fourth Lesson"From Scratch" Docker Images
Remain the King in your Container Empire
![Page 35: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/35.jpg)
King in Container EmpireFrom Scratch Docker Images
❏ Docker Image best practice❏ as small as possible to
❏ save bandwidth and storage❏ reduce attack vectors
❏ Result: Docker images ❏ based on “small” linux distributions like Alpine and
similar❏ with static linked binaries and no base linux distro
![Page 36: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/36.jpg)
King in Container EmpireFrom Scratch Docker Images
❏ Consequences:❏ missing tools for debugging ...❏ may not work:
docker container exec …
![Page 37: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/37.jpg)
King in Container EmpireFrom Scratch Docker Images
FROM golang:alpine AS builder
ADD ./whoami.go /go/srcENV GOOS=linuxENV GOARCH=386RUN cd /go/src && go build -o /go/bin/whoamiRUN echo "Hallo from GoWebServer" > /go/bin/index.html
FROM scratch | FROM alpineWORKDIR /appCOPY --from=builder /go/bin/whoami /app/COPY --from=builder /go/bin/index.html /app/src/ENTRYPOINT [ "./whoami" ]
two images
![Page 38: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/38.jpg)
King in Container EmpireFrom Scratch Docker Images
# demo-helloworld-web bf$
docker service create \ --name=whoami-alpine \ --replicas=1 \ --publish="9876:8000" \ --hostname=whoami_alpine \ --constraint "node.role == worker" \ aemc/whoami:alpine
http d4r-cluster01-m01.aemc.me:9876http d4r-cluster01-m01.aemc.me:9876/pinghttp d4r-cluster01-m01.aemc.me:9876/whoami
![Page 39: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/39.jpg)
King in Container EmpireFrom Scratch Docker Images
# demo-helloworld-web bf$
docker service create \ --name=whoami-scratch \ --replicas=1 \ --publish="1234:8000" \ --hostname=whoami_scratch \ --constraint "node.role == worker" \ aemc/whoami:scratch
http d4r-cluster01-m01.aemc.me:1234http d4r-cluster01-m01.aemc.me:1234/pinghttp d4r-cluster01-m01.aemc.me:1234/whoami
![Page 40: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/40.jpg)
King in Container EmpireFrom Scratch Docker Images
# demo-helloworld-web bf$
./get-containerids-of-service.sh whoami-alpine# container runs an node ???
$(setDockerEnv.sh d4r <node>.aemc.me)
docker info | grep -i name
docker container exec -it <container> sh/app # cat src/index.htmlHallo from GoWebServer/app # exit
$(setDockerEnv.sh d4r d4r-cluster01-m01.aemc.me)
![Page 41: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/41.jpg)
King in Container EmpireFrom Scratch Docker Images
# demo-helloworld-web bf$
./get-containerids-of-service.sh whoami-scratch# container runs an node ???export CON_ID=<container>
$(setDockerEnv.sh d4r <node>.aemc.me)
docker info | grep -i name
docker container exec -it $CON_ID sh...
![Page 42: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/42.jpg)
King in Container EmpireFrom Scratch Docker Images
# demo-helloworld-web bf$
# use a second "container" with necessary tools …
docker container run -it --rm \ --net container:$CON_ID \ --pid container:$CON_ID \ alpine sh/ # id/ # ps auxww/ # nc localhost 8000GET / HTTP/1.1host: localhost
![Page 43: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/43.jpg)
King in Container EmpireFrom Scratch Docker Images
# demo-helloworld-web bf$
# use a second "container" with necessary tools …# continue ..
/ # ls -al /proc/1/root// # cat -al /proc/1/root/app/src/index.html/ # echo "Hallo from GoWebServer - Changed1" > \ /proc/1/root/app/src/index.html
# use browser
/ # exit
![Page 44: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/44.jpg)
King in Container EmpireFrom Scratch Docker Images
❏ mission accomplished ;-)❏ able to "enrich" "reduced images" Docker
images with additional functionality❏ right now only for linux container ...
![Page 45: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/45.jpg)
Fifth LessonResource Limits and Container Awarness
Remain the King in your Container Empire
![Page 46: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/46.jpg)
King in Container EmpireResource Limits
❏ Fokus for now: memory❏ Java 8 u131❏ Sources:
❏ docker-java-memory-limits (see links)❏ => Demo
❏ MemoryInfo.java❏ MemoryEater.java
❏ Prepared Docker image❏ registry.gitlab.com/aemc/eval/
docker-java-memory-limits❏ Hint: using VM’s with 2 GB RAM ...
![Page 47: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/47.jpg)
King in Container EmpireResource Limits
# demo-helloworld-web bf$
export IMG=registry.gitlab.com/aemc/eval/ docker-java-memory-limits
docker container run --rm --name=test \ $IMG MemoryTotal
docker container run --rm --name=test --memory 100MB \ $IMG MemoryTotal
![Page 48: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/48.jpg)
King in Container EmpireResource Limits
# demo-helloworld-web bf$
docker container run --name=test --memory 100MB \ $IMG MemoryEater
docker container ls -a --filter="name=test"# exited with 137 -> SIG_KILL
docker container inspect test | jq .[0].State# ExitCode: 137# OOMKilled: true
docker container rm test
![Page 49: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/49.jpg)
King in Container EmpireResource Limits
# demo-helloworld-web bf$
docker container run --rm -m 100MB --name=test \ $IMG -Xmx100M MemoryTotal
# use helper/start script for computation# https://github.com/fabric8io-images/java/blob/master/# images/alpine/openjdk8/jre/run-java.sh
![Page 50: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/50.jpg)
King in Container EmpireResource Limits
# demo-helloworld-web bf$
docker container run --rm --memory 1GB --name=test \ $IMG \ -XX:+UnlockExperimentalVMOptions \ -XX:+UseCGroupMemoryLimitForHeap \ MemoryTotal
![Page 51: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/51.jpg)
Some more lessons ...
Remain the King in your Container Empire
![Page 52: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/52.jpg)
King in Container EmpireSome more lessons ...
❏ Use container together with automation tools like Ansible, Puppet, Salt, … to❏ fill gaps
❏ secret/config handling❏ local volume handling
❏ guarantee reproducibility❏ improve flexibility❏ improve automation
![Page 53: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/53.jpg)
King in Container EmpireSome more lessons ...
❏ Security … ❏ using Docker/K8s/… CLI => root !!!❏ use RBAC mechanism
❏ Docker Auth-Plugins❏ Caspbin (https://github.com/casbin/casbin)❏ Authobot (https://github.com/ndeloof/authobot)
❏ UI❏ Docker EE❏ Portainer❏ ...
![Page 54: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/54.jpg)
King in Container EmpireSome more lesson ...
![Page 55: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/55.jpg)
Questions …?
![Page 56: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/56.jpg)
King in Container EmpireLinks
❏ Source Code❏ https://gitlab.com/aemc
❏ demo/demo-helloworld-web❏ demo/demo-multi-swarm-cluster❏ demo/demo-swarm-cluster❏ aemc/eval/docker-java-memory-limits
❏ Java Resource Limits❏ https://bugs.openjdk.java.net/browse/JDK-8182070❏ https://bugs.openjdk.java.net/browse/JDK-8146115
![Page 57: Remain the King in your Container Empire - JUG Saxony Day€¦ · King in Container Empire Access Local Services # demo-helloworld-web bf$ # additional port to be reachable from "outside](https://reader036.fdocument.pub/reader036/viewer/2022081522/5ede5fd5ad6a402d6669b246/html5/thumbnails/57.jpg)
King in Container Empire
This is the last slide ...