IT-Tage 365, April 2021, online: Vortrag von Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware)
== Please download slides if blurred! ==
Abstract: Der Bereich des DevOps-Toolings war bisher eher interpretierten Sprachen wie Python oder statisch kompilierten Sprachen wie Go oder Rust vorbehalten. Doch mit zunehmender Popularität der GraalVM hat sich die Situation grundlegend verändert. So ist es nun endlich möglich, DevOps-Tools in Java zu realisieren und dabei die Performance und Effizienz einer nativen Anwendungen zu erreichen.
3. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
How do you organise and enable
DevOps teams for
fast
fl
ow and high productivity?
3
4. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Too much cognitive load will become a bottleneck
for fast
fl
ow and high productivity.
• Instrinsic Cognitive Load - relates to fundamental aspects
and knowledge in the problem space (e.g. used languages,
APIs, frameworks)
• Extraneous Cognitive Load - relates to the environment
(e.g. deployment, con
fi
guration, console commands)
• Germane Cognitive Load - relates to speci
fi
c aspects of the
business domain (aka. „value added“ thinking)
4
https://teamtopologies.com
5. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Eliminate
extraneous cognitive load
Minimize
intrinsic cognitive load
5
6. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
6
7. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Use the right language for the job!?
7
Getty Images Liliboas
Ansible Shell Scripts
Ruby Python
8. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
8
9. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
GraalVM to the Rescue!
9
10. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
GraalVM in a Nutshell
• Polyglot Runtime: runs all JVM languages, R, JavaScript, NodeJS,
Ruby, Python, C/C++ via LLVM with full interop
• Ahead-of-time (AOT) Compilation: memory management, thread
scheduling via SubstrateVM
• GraalVM as a Platform: embed and extend GraalVM with Tru
ffl
e,
implement your own language and tools
10
11. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Polyglot Mayhem
• The Graal Polyglot API allows you to embed and use different
languages with full bidirectional interop.
• This is not the same as with the Java Scripting API (JSR 223)!
11
private static void helloPython(PolyglotMessage message) {
try (Context context = Context.newBuilder().allowAllAccess(true).build()) {
context.getPolyglotBindings().putMember("message", message);
context.eval("python",
"import polyglotn" +
"message = polyglot.import_value('message')n" +
"message['invocations'] += 1n" +
"print(message['text'])");
}
}
12. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
12
Code & Demos
https://github.com/qaware/hands-on-graalvm
https://github.com/qaware/fast-fibonacci
13. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
The Swiss Army Knife of Operations.
13
CLIs - The Swiss Army Knife of Operations
14. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
The basics of 12-factor CLI apps
• Great help is essential. What version am I on?
• Prefer
fl
ags to positional arguments.
• Mind the streams. stdout is for output, stderr is for messaging.
• Handle things going wrong: error code, title, how to
fi
x, URL, …
• Be fancy: use colours, have shell completion.
• Prompt if you can.
• Be speedy. CLIs need to start fast.
• Be clear about subcommands.
14
For complete list and info, read https://medium.com/@jdxcode/12-factor-cli-apps-dd3c227a0e46
15. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Build CLIs with Picocli and GraalVM
• Native DevOps tools, CLIs or sidecar containers can now also be
build using Java! Golang is still cool.
• Picoli is a small framework to easily build JVM command line apps.
• Support for ANSI colors, tab completion, sub commands and other
12-factor CLI app principles
• In-built support for GraalVM AOT compilation to native images via the
ReflectionConfigGenerator utility and annotation processor.
15
16. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
16
Code & Demos
https://github.com/lreimer/microj-cli
https://github.com/lreimer/microj-picocli-graalvm
17. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Container Orchestration Patterns
17
Sidecar Container
Extended Container Behaviour
• Log Extraction / Reformatting
(
fl
uentd,
fi
le beat)
• Scheduling (cron, quartz)
Ambassador Container
Proxy Communication
• TLS Tunnel (ghostunnel, Istio)
• Circuit Breaking (linked, Istio)
• Request Monitoring (linked, Istio)
Adapter Container
Standardized Ops Interfaces
• Monitoring (Prometheus)
• Con
fi
guration (Con
fi
gMaps, Secrets, …)
18. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Use a multi-stage Docker
fi
le to build Linux binary
18
FROM ghcr.io/graalvm/graalvm-ce:20.3.0 AS builder
# install native-image utility
RUN gu install native-image && mkdir /hands-on-graalvm
# copy files content and build native application
WORKDIR /hands-on-graalvm
COPY . .
RUN ./gradlew build -x test && ./gradlew graalNativeImage
FROM gcr.io/distroless/cc-debian10:debug
# copy binary and required libraries into runtime image
COPY --from=builder /hands-on-graalvm/build/hands-on-graal /
COPY --from=builder /opt/graalvm-ce-java11-20.3.0/lib/libsunec.so /
COPY --from=debian:10.2 /usr/lib/x86_64-linux-gnu/libz* /usr/lib/x86_64-linux-gnu/
COPY --from=debian:10.2 /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/
ENTRYPOINT ["/hands-on-graal"]
CMD ["Hello World from GraalVM native inside Docker."]
19. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
19
Operator.
- Do stuff to my Kubernetes.
20. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
What are operators?
• Operators are codi
fi
ed Ops procedures!
• Operators are the path towards Zero-Ops. They enable auto-updating,
self-monitoring and self-healing infrastructure and applications.
• The concept was coined in the Kubernetes world. It’s now been
adopted and used widespread in the cloud native world.
• Examples: OKD, Sealed Secrets, Kube Monkey, Weave Flux
20
21. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
Kubernetes Operators in a Nutshell
21
22. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
The Kill Pod Operator
22
• Super simple Chaos monkey style operator inspired by Kubemonkey
• Regularly kills pods of deployments that are killpod/enabled
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-killpod-enabled
labels:
killpod/enabled: "true"
killpod/application: nginx-killpod-enabled
killpod/delay: "30"
killpod/amount: "2"
spec:
...
23. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
The Super Secret Operator
23
• Apply asymmetrical encrypted secrets, the operator will decrypt and manage ordinary
K8s secrets under the hood
• Inspired by Sealed Secrets from Bitnami https://github.com/bitnami-labs/sealed-secrets
apiVersion: operators.on.hands/v1alpha1
kind: SuperSecret
metadata:
name: supersecret-test
spec:
secretData:
password: eV7YoQXyZlY+y51RWXEqyu0U44EPEPwEz+fZvGo+7McOTA4wQYCdxXMANtab3aW8
...
ywqpkHYtSLvrPgFnbcuSvD2UzuUNeE2qkh6SAM1z9Lpfwi+IUZjaY34Z+RjEL5OZFPYkQ==
24. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
The Microservice Operator
24
apiVersion: operators.on.hands/v1alpha1
kind: Microservice
metadata:
name: microservice-test
labels:
app: nginx
spec:
replicas: 2
image: nginx:1.17.6
ports:
- containerPort: 80
serviceType: LoadBalancer
• Abstracting the usual Deployment, Service and Con
fi
gMap de
fi
nitions
using a simple and uni
fi
ed Microservice CRD
25. // IT Tage 365 // Effizientes DevOps Tooling mit Java und GraalVM // @LeanderReimer #cloudnativenerd #qaware
25
Code & Demos
https://github.com/qaware/graal-operators