This talk was about the issues of putting Java in a container and how, in its latest version, the JDK is now more aware of the container it is running in. The presentation is led by @joerg_schad, Distributed Software Engineer from Mesosphere, at the OpenSource Summit 2017 in Prague.
What are the issues of putting Java in a container ?
How does the JVM interacts with the isolation provided by the container ?
A container is a convenient way to ship applications easily. By relying directly on the kernel, the isolation provided by a container is weaker than a Virtual Machine in exchange of greater performances.
A container is therefore very fast to spin up and uses less memory and cpu than a VM.
There are two complementary technologies used to isolate a container from the system: CGroups and Namespaces. Combined, they offer a lightweight while poweful solution for isolating processes from the rest of the system.
A Namespace provides to a process their own view of the system. For example, a process only knows about its PIDs, mount points and filesystems.
- CPU usage
- Memory limits
- Network and disk IO
The current troubles is on how the JVM interacts with CGroups to gather system resources.