Upload
daniel-bryant
View
313
Download
0
Embed Size (px)
Citation preview
Containers and Continuous Delivery:Lessons Learned the Hard Way
Daniel Bryant @danielbryantuk
03/05/2023 @danielbryantuk
TL;DR
• Container image becomes ‘single binary’
• Adding metadata is essential
• Cultivate ‘mechanical sympathy’
03/05/2023 @danielbryantuk
Containers: Expectations versus reality
“DevOps”
03/05/2023 @danielbryantuk
Container technology (and CD)
• OS-level virtualisation• cgroups, namespaces, rootfs
• Package and execute software
• Container image == ‘single binary’
03/05/2023 @danielbryantuk
Changing the pipeline
03/05/2023 @danielbryantuk
What to put in the Dockerfile
• OS choice• Exposed to OS (often implictly?)• Choose lightweight OS if possible e.g.
Alpine, Debian Jessie
• Configuration?
• Build artefacts
• Java• JDK vs JRE• Oracle vs OpenJDK
• Golang• Statically compiled binary
• Python• Virtualenv
03/05/2023 @danielbryantuk
Please talk to the sysadmin people:Their operational knowledge is invaluable
03/05/2023 @danielbryantuk
Different dev and test containers?• Separate ‘test’ container?• Test tools• Test data
• Easy to see configuration drift!
• Interesting ONTEST proposal by Alexi Ledenev
http://blog.terranillius.com/post/docker_testing/
03/05/2023 @danielbryantuk
Testing: Jenkins Pipeline as Code
03/05/2023 @danielbryantuk
Testing: Functional and NFRs• Automate all the things!• Deploy to realistic environments
• Execution (runtime)• Security• Observability
• Evolvability (static)• Scalability
03/05/2023 @danielbryantuk
Metadata
• Beware of the ‘latest’ Docker tag
• Metadata is vital• h/t microbadger.com
03/05/2023 @danielbryantuk | @spoole167 12
Mechanical sympathy: Docker and Java• Watch for cgroup limits (and cgroup awareness)• getAvailableProcessors issue (bugs.openjdk.java.net/browse/JDK-8140793)• Default fork/join thread pool sizes (based from host CPU count)
• Set container memory appropriately • JVM requirements = Heap size (Xmx) + Metaspace + JVM overhead• Account for native thread requirements e.g. thread stack size (Xss)
• Entropy • Host entropy can soon be exhausted by crypto operations
03/05/2023 @danielbryantuk
Want to know more?
O’Reilly mini-book coming soon
https://github.com/danielbryantuk/oreilly-docker-java-shopping
03/05/2023 @danielbryantuk
Thanks for listening
• Any questions?
• Feel free to contact me• @danielbryantuk• [email protected]