This is an example of Spring Boot Getting Started modified to work on OpenJDK CRaC, which consists only in using Spring Boot 3.2+ and adding the org.crac:crac dependency (version 1.4.0 or later).
Use Maven to build
./mvnw package Please refer to README for details.
If you see an error, you may have to update your criu permissions with
sudo chown root:root $JAVA_HOME/lib/criu sudo chmod u+s $JAVA_HOME/lib/criu - Run the JDK in the checkpoint mode
$JAVA_HOME/bin/java -XX:CRaCCheckpointTo=cr -jar target/example-spring-boot-0.0.1-SNAPSHOT.jar - Warm-up the instance
siege -c 1 -r 100000 -b http://localhost:8080 - Request checkpoint
jcmd target/example-spring-boot-0.0.1-SNAPSHOT.jar JDK.checkpoint $JAVA_HOME/bin/java -XX:CRaCRestoreFrom=cr - After building the project locally create an image to be checkpointed.
docker build -f Dockerfile.checkpoint -t example-spring-boot-checkpoint . - Start a (detached) container that will be checkpointed. Note that we're mounting
target/crinto the container.
docker run -d --rm -v $(pwd)/target/cr:/cr --cap-add=CHECKPOINT_RESTORE --cap-add=SYS_PTRACE -p 8080:8080 --name example-spring-boot-checkpoint example-spring-boot-checkpoint - Validate that the container is up and running (here you could also perform any warm-up)
curl localhost:8080 Greetings from Spring Boot! - Checkpoint the running container
docker exec -it example-spring-boot-checkpoint jcmd example-spring-boot JDK.checkpoint - Build another container image by adding the data from
target/cron top of the previous image and adjusting entrypoint:
docker build -f Dockerfile.restore -t example-spring-boot . - (Optional) Start the application in the restored container and validate that it works
docker run -it --rm -p 8080:8080 example-spring-boot # In another terminal curl localhost:8080 In order to perform a checkpoint in a container we need those extra capabilites mentioned in the commands above. Regular docker build ... does not include these and therefore it is not possible to do the checkpoint as a build step - unless we create a docker buildx builder that will include these. See Dockerfile reference for more details. Note that you require a recent version of Docker BuildKit to do so.
docker buildx create --buildkitd-flags '--allow-insecure-entitlement security.insecure' --name privileged-builder docker buildx build --load --builder privileged-builder --allow=security.insecure -f Dockerfile.privileged -t example-spring-boot . Now you can start the example as before with
docker run -it --rm -p 8080:8080 example-spring-boot The most important part of the Dockerfile is invoking the checkpoint with RUN --security=insecure. Also, when creating your own Dockerfiles don't forget to enable the experimental syntax using # syntax=docker/dockerfile:1.3-labs.
