Paris Container Day , profile picture
Uploaded byParis Container Day
1,125 views

Using containers for continuous integration and continuous delivery - Carlos Sanchez

This document discusses using containers for continuous integration and delivery with Jenkins. It covers running Jenkins in Docker containers, using Docker plugins with Jenkins, and running Jenkins pipelines in Kubernetes. Scaling Jenkins with more build agents or masters is discussed. When resource limits are exceeded in containers, the JVM or CPU is restricted instead of the container being killed. The Jenkins Kubernetes plugin allows dynamically running Jenkins agents as Kubernetes pods.

Downloaded 14 times
USING CONTAINERS FOR CONTINUOUS INTEGRATION AND CONTINUOUS DELIVERY Carlos Sanchez /csanchez.org @csanchez Watch online at carlossg.github.io/presentations
ABOUT ME Engineer @ CloudBees, Scaling Jenkins Author of Jenkins Kubernetes plugin Contributor to Jenkins Mesos plugin & Jenkins and Maven official Docker images Long time OSS contributor at Apache Maven, Eclipse, Puppet,…
DOCKER DOCKER DOCKER
USING CONTAINERS IS NOT TRIVIAL
SCALING JENKINS Two options: More build agents per master More masters
SCALING JENKINS: MORE BUILD AGENTS Pros Multiple plugins to add more agents, even dynamically Cons The master is still a SPOF Handling multiple configurations, plugin versions,... There is a limit on how many build agents can be attached
SCALING JENKINS: MORE MASTERS Pros Different sub-organizations can self service and operate independently Cons Single Sign-On Centralized configuration and operation Covered by CloudBees Jenkins Enterprise
DOCKER AND JENKINS
RUNNING IN DOCKER
JENKINS DOCKER PLUGINS Dynamic Jenkins agents with Docker plugin or Yet Another Docker Plugin No support yet for Docker Swarm mode Isolated build agents and jobs Agent image needs to include Java, downloads slave jar from Jenkins master
JENKINS DOCKER PLUGINS Multiple plugins for different tasks Docker build and publish Docker build step plugin CloudBees Docker Hub/Registry Notification CloudBees Docker Traceability Great pipeline support
JENKINS DOCKER PIPELINE def maven = docker.image('maven:3.3.9-jdk-8'); stage('Mirror') { maven.pull() } docker.withRegistry('https://secure-registry/', 'docker-registry-login') { stage('Build') { maven.inside { sh "mvn -B clean package" } } stage('Bake Docker image') { def pcImg = docker.build( "examplecorp/spring-petclinic:${env.BUILD_TAG}", 'app') pcImg.push(); } }
WHEN ONE MACHINE IS NO LONGER ENOUGH Running Docker across multiple hosts In public cloud, private cloud, VMs or bare metal HA and fault tolerant
If you haven't automatically destroyed something by mistake, you are not automating enough
KUBERNETES Based on Google Borg Run in local machine, virtual, cloud Google provides Google Container Engine (GKE) Other services run by stackpoint.io, CoreOS Tectonic, Azure,... Minikube for local testing
GROUPING CONTAINERS (PODS) Example: Jenkins agent Maven build Selenium Hub with Firefox Chrome 5 containers
STORAGE Jenkins masters need persistent storage, agents (maybe) Persistent volumes GCE disks GlusterFS NFS EBS etc
PERMISSIONS Containers should not run as root Container user id != host user id i.e. jenkins user in container is always 1000 but matches ubuntu user in host
PERMISSIONS containers: [...] securityContext: fsGroup: 1000 volumes: [...] Volumes which support ownership management are modified to be owned and writable by the GID specified in fsGroup
NETWORKING Jenkins masters open several ports HTTP JNLP Build agent SSH server (Jenkins CLI type operations) Jenkins agents connect to master: inbound (SSH) outbound (JNLP)
Multiple :networking options GCE, Flannel, Weave, Calico,... One IP per Pod Containers can find other containers in the same Pod using localhost
MEMORY LIMITS Scheduler needs to account for container memory requirements and host available memory Prevent containers for using more memory than allowed Memory constraints translate to Docker --memory https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#how- pods-with-resource-limits-are-run
WHAT DO YOU THINK HAPPENS WHEN? Your container goes over memory quota?
NEW JVM SUPPORT FOR CONTAINERS JDK 8u131+ and JDK 9 $ docker run -m 1GB openjdk:8u131 java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XshowSettings:vm -version VM settings: Max. Heap Size (Estimated): 228.00M Ergonomics Machine Class: server Using VM: OpenJDK 64-Bit Server VM Running a JVM in a Container Without Getting Killed https://blog.csanchez.org/2017/05/31/running-a-jvm-in-a-container-without-getting-killed
NEW JVM SUPPORT FOR CONTAINERS $ docker run -m 1GB openjdk:8u131 java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 -XshowSettings:vm -version VM settings: Max. Heap Size (Estimated): 910.50M Ergonomics Machine Class: server Using VM: OpenJDK 64-Bit Server VM Running a JVM in a Container Without Getting Killed https://blog.csanchez.org/2017/05/31/running-a-jvm-in-a-container-without-getting-killed
CPU LIMITS Scheduler needs to account for container CPU requirements and host available CPUs CPU requests translates into Docker --cpu-shares CPU limits translates into Docker --cpu-quota https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#how- pods-with-resource-limits-are-run
WHAT DO YOU THINK HAPPENS WHEN? Your container tries to access more than one CPU Your container goes over CPU limits
Totally different from memory
JENKINS KUBERNETES PLUGIN Dynamic Jenkins agents, running as Pods Multiple container support One jnlp image, others custom Pipeline support for both agent Pod definition and execution Persistent workspace
JENKINS KUBERNETES PIPELINE podTemplate(label: 'maven', containers: [ containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine' ttyEnabled: true, command: 'cat') ]) { node('maven') { stage('Get a Maven project') { git 'https://github.com/jenkinsci/kubernetes-plugin.git' container('maven') { stage('Build a Maven project') { sh 'mvn -B clean package' } } } } }
Multi-language Pipeline podTemplate(label: 'maven-golang', containers: [ containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine', ttyEnabled: true, command: 'cat'), containerTemplate(name: 'golang', image: 'golang:1.8.0', ttyEnabled: true, command: 'cat')]) { node('maven-golang') { stage('Build a Maven project') { git 'https://github.com/jenkinsci/kubernetes-plugin.git' container('maven') { sh 'mvn -B clean package' } } stage('Build a Golang project') { git url: 'https://github.com/hashicorp/terraform.git' container('golang') { sh """ mkdir -p /go/src/github.com/hashicorp ln -s `pwd` /go/src/github.com/hashicorp/terraform cd /go/src/github.com/hashicorp/terraform && make core-dev """ } } }
JENKINS PLUGINS CAVEATS Using the Cloud API Not ideal for containerized workload Agents take > 1 min to start provision and are kept around Agents can provide more than one executor
JENKINS PLUGINS CAVEATS One Shot Executor Improved API to handle one off agents Optimized for containerized agents Plugins need to support it
MERCI csanchez.org csanchez carlossg

More Related Content

PDF
手把手帶你學 Docker 入門篇
byPhilip Zheng
 
PDF
[DockerCon 2019] Hardening Docker daemon with Rootless mode
byAkihiro Suda
 
PDF
Security in a containerized world - Jessie Frazelle
byParis Container Day
 
PDF
時代在變 Docker 要會:台北 Docker 一日入門篇
byPhilip Zheng
 
PPTX
Deploying windows containers with kubernetes
byBen Hall
 
PDF
Production FS: Adapt or die - Claudia Beresford & Tiago Scolar
byParis Container Day
 
PDF
Docker 導入:障礙與對策
byWilliam Yeh
 
PDF
There is no container - Ori Pekelman
byParis Container Day
 
手把手帶你學 Docker 入門篇
byPhilip Zheng
 
[DockerCon 2019] Hardening Docker daemon with Rootless mode
byAkihiro Suda
 
Security in a containerized world - Jessie Frazelle
byParis Container Day
 
時代在變 Docker 要會:台北 Docker 一日入門篇
byPhilip Zheng
 
Deploying windows containers with kubernetes
byBen Hall
 
Production FS: Adapt or die - Claudia Beresford & Tiago Scolar
byParis Container Day
 
Docker 導入:障礙與對策
byWilliam Yeh
 
There is no container - Ori Pekelman
byParis Container Day
 

What's hot

PPTX
Intro to Docker and clustering with Rancher from scratch
byJohn Culviner
 
PDF
Docker Security: Are Your Containers Tightly Secured to the Ship?
byMichael Boelen
 
PDF
桃園市教育局Docker技術入門與實作
byPhilip Zheng
 
PPTX
Containers without docker
byBen Hall
 
PDF
Leveraging the Power of containerd Events - Evan Hazlett
byDocker, Inc.
 
PDF
Automatically Renew Certificated In Your Kubernetes Cluster
byHungWei Chiu
 
PDF
How to easy deploy app into any cloud
byLadislav Prskavec
 
PPTX
Monitoring, Logging and Tracing on Kubernetes
byMartin Etmajer
 
PDF
RKT
byYutaka Matsubara
 
PDF
猿でもわかる Helm
byTsuyoshi Miyake
 
PDF
Docker研習營
byPhilip Zheng
 
PDF
Docker 101 @KACST Saudi HPC 2016
byWalid Shaari
 
PDF
Docker 進階實務班
byPhilip Zheng
 
ODP
Docker engine - Indroduc
byAl Gifari
 
PPTX
The state of containerd
byDocker, Inc.
 
PDF
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
byLINE Corporation
 
PPTX
HP Advanced Technology Group: Docker and Ansible
byPatrick Galbraith
 
PDF
Docker 初探,實驗室中的運貨鯨
byRuoshi Ling
 
PPTX
Hide your development environment and application in a container
byJohan Janssen
 
PDF
Paris container day june17
byParis Container Day
 
Intro to Docker and clustering with Rancher from scratch
byJohn Culviner
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
byMichael Boelen
 
桃園市教育局Docker技術入門與實作
byPhilip Zheng
 
Containers without docker
byBen Hall
 
Leveraging the Power of containerd Events - Evan Hazlett
byDocker, Inc.
 
Automatically Renew Certificated In Your Kubernetes Cluster
byHungWei Chiu
 
How to easy deploy app into any cloud
byLadislav Prskavec
 
Monitoring, Logging and Tracing on Kubernetes
byMartin Etmajer
 
RKT
byYutaka Matsubara
 
猿でもわかる Helm
byTsuyoshi Miyake
 
Docker研習營
byPhilip Zheng
 
Docker 101 @KACST Saudi HPC 2016
byWalid Shaari
 
Docker 進階實務班
byPhilip Zheng
 
Docker engine - Indroduc
byAl Gifari
 
The state of containerd
byDocker, Inc.
 
Kubernetes上で動作する機械学習モジュールの配信&管理基盤Rekcurd について
byLINE Corporation
 
HP Advanced Technology Group: Docker and Ansible
byPatrick Galbraith
 
Docker 初探,實驗室中的運貨鯨
byRuoshi Ling
 
Hide your development environment and application in a container
byJohan Janssen
 
Paris container day june17
byParis Container Day
 

Similar to Using containers for continuous integration and continuous delivery - Carlos Sanchez

PDF
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
byCarlos Sanchez
 
PDF
Microservices with Docker, Kubernetes, and Jenkins
byRed Hat Developers
 
PDF
Microservices with Kubernetes, Docker, and Jenkins
byRafael Benevides
 
PDF
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
byDocker, Inc.
 
PDF
Achieving CI/CD with Kubernetes
byRamit Surana
 
PDF
Using Containers for Building and Testing: Docker, Kubernetes and Mesos. FOSD...
byCarlos Sanchez
 
PDF
CI and CD at Scale: Scaling Jenkins with Docker and Apache Mesos
byCarlos Sanchez
 
PDF
CI and CD at Scale: Scaling Jenkins with Docker and Apache Mesos
byCarlos Sanchez
 
PDF
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2days
byCarlos Sanchez
 
PDF
Using Kubernetes for Continuous Integration and Continuous Delivery
byCarlos Sanchez
 
PDF
From Monolith to Docker Distributed Applications
byCarlos Sanchez
 
PDF
From Monolith to Docker Distributed Applications. JavaOne
byCarlos Sanchez
 
PDF
Fabric8: Better Software Faster with Docker, Kubernetes, Jenkins
byBurr Sutter
 
PDF
Dockerized maven
byMatthias Bertschy
 
PDF
Using Containers for Continuous Integration and Continuous Delivery. KubeCon ...
byCarlos Sanchez
 
PDF
Docker + jenkins in the enterprise (3)
byKurt Madel
 
PDF
Get you Java application ready for Kubernetes !
byAnthony Dahanne
 
PDF
Cloud read java with kubernetes
byCesar Tron-Lozai
 
PDF
Testing Distributed Micro Services. Agile Testing Days 2017
byCarlos Sanchez
 
PDF
Containerising bootiful microservices javaeeconf
byIvan Vasyliev
 
Scaling Jenkins with Docker: Swarm, Kubernetes or Mesos?
byCarlos Sanchez
 
Microservices with Docker, Kubernetes, and Jenkins
byRed Hat Developers
 
Microservices with Kubernetes, Docker, and Jenkins
byRafael Benevides
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
byDocker, Inc.
 
Achieving CI/CD with Kubernetes
byRamit Surana
 
Using Containers for Building and Testing: Docker, Kubernetes and Mesos. FOSD...
byCarlos Sanchez
 
CI and CD at Scale: Scaling Jenkins with Docker and Apache Mesos
byCarlos Sanchez
 
CI and CD at Scale: Scaling Jenkins with Docker and Apache Mesos
byCarlos Sanchez
 
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2days
byCarlos Sanchez
 
Using Kubernetes for Continuous Integration and Continuous Delivery
byCarlos Sanchez
 
From Monolith to Docker Distributed Applications
byCarlos Sanchez
 
From Monolith to Docker Distributed Applications. JavaOne
byCarlos Sanchez
 
Fabric8: Better Software Faster with Docker, Kubernetes, Jenkins
byBurr Sutter
 
Dockerized maven
byMatthias Bertschy
 
Using Containers for Continuous Integration and Continuous Delivery. KubeCon ...
byCarlos Sanchez
 
Docker + jenkins in the enterprise (3)
byKurt Madel
 
Get you Java application ready for Kubernetes !
byAnthony Dahanne
 
Cloud read java with kubernetes
byCesar Tron-Lozai
 
Testing Distributed Micro Services. Agile Testing Days 2017
byCarlos Sanchez
 
Containerising bootiful microservices javaeeconf
byIvan Vasyliev
 

More from Paris Container Day

PDF
OpenShift en production - Akram Ben Assi & Eloïse Faure
byParis Container Day
 
PDF
Nomad, l'orchestration made in Hashicorp - Bastien Cadiot
byParis Container Day
 
PDF
Monitoring de conteneurs en production - Jonathan Raffre & Jean-Pascal Thiery
byParis Container Day
 
PDF
Advanced Task Scheduling with Amazon ECS - Julien Simon
byParis Container Day
 
PDF
Living the Nomadic life - Nic Jackson
byParis Container Day
 
PDF
End to-end monitoring with the prometheus operator - Max Inden
byParis Container Day
 
OpenShift en production - Akram Ben Assi & Eloïse Faure
byParis Container Day
 
Nomad, l'orchestration made in Hashicorp - Bastien Cadiot
byParis Container Day
 
Monitoring de conteneurs en production - Jonathan Raffre & Jean-Pascal Thiery
byParis Container Day
 
Advanced Task Scheduling with Amazon ECS - Julien Simon
byParis Container Day
 
Living the Nomadic life - Nic Jackson
byParis Container Day
 
End to-end monitoring with the prometheus operator - Max Inden
byParis Container Day
 

Recently uploaded

PDF
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
PDF
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
PPTX
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
PPTX
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
PDF
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
PDF
Log-based anomaly detection using BiLSTM-Autoencoder
byMohammed BEKKOUCHE
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PPTX
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
PDF
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PPTX
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
PDF
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PDF
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
PPTX
Healthcare BI - Turning Raw Data into Actionable Insights.pptx
byDash Technologies Inc
 
PDF
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
PDF
Yelp Data Scraping for Local Services Market Insights
bycreativeclicks1733
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PDF
The new commer in Oracle memory architecture _Database Box).pdf
byAlireza Kamrani
 
PDF
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
Immer vorne mit dabei sein - Roaming leicht gemacht
bypanagenda
 
Building Smarter Integrations with MuleSoft_ MCP Server and Cursor in Action ...
byKunal Gupta
 
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
Log-based anomaly detection using BiLSTM-Autoencoder
byMohammed BEKKOUCHE
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
UiPath Data Fabric From Data Silos to Unified Flows.pptx
bysuhanisingh58689
 
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
RAPTOR_Intro_Exercises_Presentation.pptx
bySwatiMalik36
 
RR B.Ed. educational trust. Ashish Tiwari
byat386834
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
Unlocking Access: Enriching Public Services with Location Intelligence.pdf
byPrecisely
 
Healthcare BI - Turning Raw Data into Actionable Insights.pptx
byDash Technologies Inc
 
How Generative AI Helps US Healthcare Startups Save 40.pdf
byimoliviabennett
 
Yelp Data Scraping for Local Services Market Insights
bycreativeclicks1733
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
The new commer in Oracle memory architecture _Database Box).pdf
byAlireza Kamrani
 
Ready, set, go: Pre-fall sales trends and data-driven insights - Tech Forum 2025
byBookNet Canada
 

Using containers for continuous integration and continuous delivery - Carlos Sanchez

  • 1.
    USING CONTAINERS FOR CONTINUOUSINTEGRATION AND CONTINUOUS DELIVERY Carlos Sanchez /csanchez.org @csanchez Watch online at carlossg.github.io/presentations
  • 2.
    ABOUT ME Engineer @CloudBees, Scaling Jenkins Author of Jenkins Kubernetes plugin Contributor to Jenkins Mesos plugin & Jenkins and Maven official Docker images Long time OSS contributor at Apache Maven, Eclipse, Puppet,…
  • 3.
  • 5.
  • 7.
    SCALING JENKINS Two options: Morebuild agents per master More masters
  • 8.
    SCALING JENKINS: MOREBUILD AGENTS Pros Multiple plugins to add more agents, even dynamically Cons The master is still a SPOF Handling multiple configurations, plugin versions,... There is a limit on how many build agents can be attached
  • 9.
    SCALING JENKINS: MOREMASTERS Pros Different sub-organizations can self service and operate independently Cons Single Sign-On Centralized configuration and operation Covered by CloudBees Jenkins Enterprise
  • 10.
  • 11.
  • 14.
    JENKINS DOCKER PLUGINS DynamicJenkins agents with Docker plugin or Yet Another Docker Plugin No support yet for Docker Swarm mode Isolated build agents and jobs Agent image needs to include Java, downloads slave jar from Jenkins master
  • 15.
    JENKINS DOCKER PLUGINS Multipleplugins for different tasks Docker build and publish Docker build step plugin CloudBees Docker Hub/Registry Notification CloudBees Docker Traceability Great pipeline support
  • 18.
    JENKINS DOCKER PIPELINE defmaven = docker.image('maven:3.3.9-jdk-8'); stage('Mirror') { maven.pull() } docker.withRegistry('https://secure-registry/', 'docker-registry-login') { stage('Build') { maven.inside { sh "mvn -B clean package" } } stage('Bake Docker image') { def pcImg = docker.build( "examplecorp/spring-petclinic:${env.BUILD_TAG}", 'app') pcImg.push(); } }
  • 19.
    WHEN ONE MACHINEIS NO LONGER ENOUGH Running Docker across multiple hosts In public cloud, private cloud, VMs or bare metal HA and fault tolerant
  • 21.
    If you haven'tautomatically destroyed something by mistake, you are not automating enough
  • 24.
    KUBERNETES Based on GoogleBorg Run in local machine, virtual, cloud Google provides Google Container Engine (GKE) Other services run by stackpoint.io, CoreOS Tectonic, Azure,... Minikube for local testing
  • 25.
    GROUPING CONTAINERS (PODS) Example: Jenkinsagent Maven build Selenium Hub with Firefox Chrome 5 containers
  • 26.
    STORAGE Jenkins masters needpersistent storage, agents (maybe) Persistent volumes GCE disks GlusterFS NFS EBS etc
  • 27.
    PERMISSIONS Containers should notrun as root Container user id != host user id i.e. jenkins user in container is always 1000 but matches ubuntu user in host
  • 28.
    PERMISSIONS containers: [...] securityContext: fsGroup: 1000 volumes:[...] Volumes which support ownership management are modified to be owned and writable by the GID specified in fsGroup
  • 29.
    NETWORKING Jenkins masters openseveral ports HTTP JNLP Build agent SSH server (Jenkins CLI type operations) Jenkins agents connect to master: inbound (SSH) outbound (JNLP)
  • 30.
    Multiple :networking options GCE,Flannel, Weave, Calico,... One IP per Pod Containers can find other containers in the same Pod using localhost
  • 31.
    MEMORY LIMITS Scheduler needsto account for container memory requirements and host available memory Prevent containers for using more memory than allowed Memory constraints translate to Docker --memory https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#how- pods-with-resource-limits-are-run
  • 32.
    WHAT DO YOUTHINK HAPPENS WHEN? Your container goes over memory quota?
  • 34.
    NEW JVM SUPPORTFOR CONTAINERS JDK 8u131+ and JDK 9 $ docker run -m 1GB openjdk:8u131 java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XshowSettings:vm -version VM settings: Max. Heap Size (Estimated): 228.00M Ergonomics Machine Class: server Using VM: OpenJDK 64-Bit Server VM Running a JVM in a Container Without Getting Killed https://blog.csanchez.org/2017/05/31/running-a-jvm-in-a-container-without-getting-killed
  • 35.
    NEW JVM SUPPORTFOR CONTAINERS $ docker run -m 1GB openjdk:8u131 java -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:MaxRAMFraction=1 -XshowSettings:vm -version VM settings: Max. Heap Size (Estimated): 910.50M Ergonomics Machine Class: server Using VM: OpenJDK 64-Bit Server VM Running a JVM in a Container Without Getting Killed https://blog.csanchez.org/2017/05/31/running-a-jvm-in-a-container-without-getting-killed
  • 36.
    CPU LIMITS Scheduler needsto account for container CPU requirements and host available CPUs CPU requests translates into Docker --cpu-shares CPU limits translates into Docker --cpu-quota https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#how- pods-with-resource-limits-are-run
  • 37.
    WHAT DO YOUTHINK HAPPENS WHEN? Your container tries to access more than one CPU Your container goes over CPU limits
  • 38.
  • 39.
    JENKINS KUBERNETES PLUGIN DynamicJenkins agents, running as Pods Multiple container support One jnlp image, others custom Pipeline support for both agent Pod definition and execution Persistent workspace
  • 40.
    JENKINS KUBERNETES PIPELINE podTemplate(label:'maven', containers: [ containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine' ttyEnabled: true, command: 'cat') ]) { node('maven') { stage('Get a Maven project') { git 'https://github.com/jenkinsci/kubernetes-plugin.git' container('maven') { stage('Build a Maven project') { sh 'mvn -B clean package' } } } } }
  • 41.
    Multi-language Pipeline podTemplate(label: 'maven-golang',containers: [ containerTemplate(name: 'maven', image: 'maven:3.3.9-jdk-8-alpine', ttyEnabled: true, command: 'cat'), containerTemplate(name: 'golang', image: 'golang:1.8.0', ttyEnabled: true, command: 'cat')]) { node('maven-golang') { stage('Build a Maven project') { git 'https://github.com/jenkinsci/kubernetes-plugin.git' container('maven') { sh 'mvn -B clean package' } } stage('Build a Golang project') { git url: 'https://github.com/hashicorp/terraform.git' container('golang') { sh """ mkdir -p /go/src/github.com/hashicorp ln -s `pwd` /go/src/github.com/hashicorp/terraform cd /go/src/github.com/hashicorp/terraform && make core-dev """ } } }
  • 42.
    JENKINS PLUGINS CAVEATS Usingthe Cloud API Not ideal for containerized workload Agents take > 1 min to start provision and are kept around Agents can provide more than one executor
  • 43.
    JENKINS PLUGINS CAVEATS OneShot Executor Improved API to handle one off agents Optimized for containerized agents Plugins need to support it
  • 44.