[2019 oracle code one] CD with Docker and Java

Continuous Delivery with Docker Containers and Java: The Good, the Bad, and the Ugly

Speaker: Daniel Bryant @danielbryantuk

For more blog posts, see The Oracle Code One table of contents



General

  • “Continuous delivery is achieved when stability and speed can satisfy business demand. Discontinuous delivery occurs when stability and speed are insufficient” – Steve Smith @SteveSmithCD
  • Feedback loop
  • Choices are about tradeoffs

Good

  • Dev environment setup can be Dockerized/Containerized
  • Repeatable builds
  • Legacy technology can be sealed

Bad

  • Why is the container image 1GB for a hello world app
  • Dev/test/deploy/loop too long
  • The app runs slow/freezes on Docker

Impact of container tech on CD

  • Install Docker/container on local machine. Important to understand platform deploying to (mechanical sympathy).
  • Store container image, not jar/war
  • Test in container image
  • Container image is single binary – “Build Binaries Only Once (BBOO)”

Lessons

  • Make dev env like prod as much as possible. Use identical base image with same config.
  • Dockerfile content is super important – OS, ports, volumes, JDK
  • Talk to the sysadmin people. Their operational knowledge is invaluable. Avoids both operational and political problems
  • Don’t want JDK in production. [so what use. JRE no longer exists. Can’t use JLink if need Tomcat to run app.
  • Avoid unused Maven dependencies (so smaller]
  • BuildKit – best effort caching
  • Get app/config drift if have different dev/prod containers
  • Use sidecar containers to bundle other things
  • Toolchain may alter when go to container space.
  • Metadata is valuable. Need to know what is running where. Can store in external registry. ex: Artifactory or Nexus
  • Try to do component testing – a few services together
  • Performance – gatling, jmeter, flood.io
  • Security testing – ex: https://find-sec-bugs.github.io
  • Migrate to Java 11 for speed
  • AOT gives performance in short term and JIT in long term
  • Re test app when change any config
  • Set container memory appropriately
  • Dependency check – https://jeremylong.github.io/DependencyCheck/dependency-check-maven/
  • Docker container scanner – https://github.com/arminc/clair-scanner or https://github.com/aquasecurity/microscanner
  • Only thing worse than not using a security tool is using an unmaintained security tool

My take

Good session. The advice covered different levels of problems which was nice. The flowchart was unreadable. I think I got the gist, but it’s hard to get a complex flow on the screen. The rest was clear and I came away with a bunch of stuff to read about

Leave a Reply

Your email address will not be published.