Wesley Hartford wfhartford

## jvm-container-support.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                wfhartford
                / jvm-container-support.md
            
            
              Created
              April 25, 2023 18:14
            
              
                Discussion of JVM's container support
              
          
    JVM Container Support

In version 8u131, the JVM became container aware. That means basically two things:

The JVM will set its max heap space based on the cgroup's memory limit, taking most of that limit for the heap.
The JVM will set its number of available processors based on the cgroup's settings for cpu_shares and/or cpu_quota depending on the JVM version.

The first point (memory) is somewhat useful, it provides a more reasonable default for max heap space when the JVM is run in a container. Heap space can still be set directly via the -Xmx and/or -Xms flags, and probably should be most of the time.
The second point is somewhat less helpful, and potentially quite harmful, especially in Kubernetes. Kubernetes' pods resource CPU request and limit values control the cpu_shares and cpu_quota respectively (see https://christopher-batey.medium.com/cpu-considerations-for-java-applications-running-in-docker-and-kubernetes-7925865235b7 for more details). For now, it's enough to know that if

  
## juicy-admin-apm-server-certificate.yaml
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: juicy-admin-apm-server
spec:
  secretName: juicy-admin-apm-http-juicy-admin-svc-cluster-local-tls
  issuerRef:
    kind: Issuer
    name: juicy-admin-vault
  duration: 48h

## juicy-admin-elasticsearch.yaml
apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: juicy-admin
spec:
  version: 7.8.0
  nodeSets:
    - name: default
      count: 3
      volumeClaimTemplates:

## gist:787e015c04f0c6f0b4d82b14097c92a6
apiVersion: kops/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: 2019-02-22T19:40:22Z
  name: sd-dev-k8s.zedev.net
spec:
  api:
    loadBalancer:
      type: Public
  authorization:

## gist:7405cca2e7507520491303fcdd4a1d36
I0222 19:40:16.157711    7926 create_cluster.go:1456] Using SSH public key: /home/ubuntu/.ssh/id_rsa.pub
I0222 19:40:16.157902    7926 factory.go:68] state store swift://kops-state-store
I0222 19:40:16.158069    7926 swiftfs.go:66] authenticating to keystone
I0222 19:40:16.731107    7926 swiftfs.go:418] Reading file "swift://kops-state-store/sd-dev-k8s.zedev.net/config"
I0222 19:40:17.114127    7926 channel.go:97] resolving "stable" against default channel location "https://raw.githubusercontent.com/kubernetes/kops/master/channels/"
I0222 19:40:17.114291    7926 channel.go:102] Loading channel from "https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable"
I0222 19:40:17.114434    7926 context.go:159] Performing HTTP request: GET https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable
I0222 19:40:17.322743    7926 channel.go:111] Channel contents: spec:
  images:
    # We put the "legacy" version first, for kops versions that don't support versions ( < 1.5.0 )

## gradle-dependency-analyze.gradle
import org.apache.maven.shared.dependency.analyzer.ClassAnalyzer
import org.apache.maven.shared.dependency.analyzer.DefaultClassAnalyzer
import org.apache.maven.shared.dependency.analyzer.DependencyAnalyzer
import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis
import org.apache.maven.shared.dependency.analyzer.asm.ASMDependencyAnalyzer
import org.gradle.api.Project
import org.gradle.api.artifacts.ConfigurationContainer
import org.gradle.api.artifacts.ResolvedArtifact
import org.gradle.api.artifacts.ResolvedDependency
	apiVersion: cert-manager.io/v1alpha2
	kind: Certificate
	metadata:
	name: juicy-admin-apm-server
	spec:
	secretName: juicy-admin-apm-http-juicy-admin-svc-cluster-local-tls
	issuerRef:
	kind: Issuer
	name: juicy-admin-vault
	duration: 48h
	apiVersion: elasticsearch.k8s.elastic.co/v1
	kind: Elasticsearch
	metadata:
	name: juicy-admin
	spec:
	version: 7.8.0
	nodeSets:
	- name: default
	count: 3
	volumeClaimTemplates:
	apiVersion: kops/v1alpha2
	kind: Cluster
	metadata:
	creationTimestamp: 2019-02-22T19:40:22Z
	name: sd-dev-k8s.zedev.net
	spec:
	api:
	loadBalancer:
	type: Public
	authorization:
	I0222 19:40:16.157711 7926 create_cluster.go:1456] Using SSH public key: /home/ubuntu/.ssh/id_rsa.pub
	I0222 19:40:16.157902 7926 factory.go:68] state store swift://kops-state-store
	I0222 19:40:16.158069 7926 swiftfs.go:66] authenticating to keystone
	I0222 19:40:16.731107 7926 swiftfs.go:418] Reading file "swift://kops-state-store/sd-dev-k8s.zedev.net/config"
	I0222 19:40:17.114127 7926 channel.go:97] resolving "stable" against default channel location "https://raw.githubusercontent.com/kubernetes/kops/master/channels/"
	I0222 19:40:17.114291 7926 channel.go:102] Loading channel from "https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable"
	I0222 19:40:17.114434 7926 context.go:159] Performing HTTP request: GET https://raw.githubusercontent.com/kubernetes/kops/master/channels/stable
	I0222 19:40:17.322743 7926 channel.go:111] Channel contents: spec:
	images:
	# We put the "legacy" version first, for kops versions that don't support versions ( < 1.5.0 )
	import org.apache.maven.shared.dependency.analyzer.ClassAnalyzer
	import org.apache.maven.shared.dependency.analyzer.DefaultClassAnalyzer
	import org.apache.maven.shared.dependency.analyzer.DependencyAnalyzer
	import org.apache.maven.shared.dependency.analyzer.ProjectDependencyAnalysis
	import org.apache.maven.shared.dependency.analyzer.asm.ASMDependencyAnalyzer
	import org.gradle.api.Project
	import org.gradle.api.artifacts.ConfigurationContainer
	import org.gradle.api.artifacts.ResolvedArtifact
	import org.gradle.api.artifacts.ResolvedDependency