JEP draft: Container Awareness

OwnerBob Vandette
Created2017/06/13 18:30
Updated2018/05/17 16:27
TypeFeature
StatusClosed / Withdrawn
Componenthotspot / runtime
ScopeJDK
EffortM
DurationM
Priority3
Reviewed byMandy Chung
Endorsed byMikael Vidstedt
Issue8182070

Summary

Container aware Java runtime

Goals

Provide an internal API that can be used to extract container specific configuration and runtime statistics. This JEP will only support Docker on Linux-x64 although the design should be flexible enough to allow support for other platforms and container technologies. The initial focus will be on Linux cgroups technology so that we will be able to easily support other container technologies running on Linux in addition to Docker.

Non-Goals

Although it is expected that this API will function properly on all cgroup enabled Linux platforms, it is not a goal of this JEP to perform validation of any configuration other than Docker containers running on Linux x64 and direct Linux host process execution. Since cgroups are enabled for processes running directly on Linux hosts, this configuration will also be verified.

Motivation

Container technology is becoming more and more prevalent in Cloud based applications. The Cloud Serverless application programming model motivates developers to split large monolithic applications into 100s of smaller pieces each running in thier own container. This move increases the importance of the observability of each running container process. Adding the proposed set of APIs will allow more details related to each container process to be made available to external tools thereby improving the observability.

Description

This enhancement will be made up of the following work items:

Detecting if Java is running in a container.

The Java runtime, as well as any tests that we might write for this feature, will need to be able to detect that the current Java process is running in a container. A new API will be made available for this purpose.

Exposing container resource limits, configuration and runtime statistics.

There are several configuration options and limits that can be imposed upon a running container. Not all of these are important to a running Java process. We clearly want to be able to detect how many CPUs have been allocated to our process along with the maximum amount of memory that the process has been allocated but there are other options that we might want to base runtime decisions on.

In addition, since containers typically impose limits on system resources, they also provide the ability to easily access the amount of consumption of these resources. The goal is to provide this information in addition to the configuration data.

A new jdk.internal.platform.Metrics class will define the API to obtain the types of configuration and consumption metrics listed below.

class Container {
     public static Metrics metrics();
}

Here are some of the types of configuration and consumption statistics that will be made available:

Total Memory Limit
Soft Memory Limit
Maximum Memory Usage
Current Memory Usage 
Maximum Kernel Memory Usage
Current Kernel Memory Usage
Kernel Memory Limit
Swap Memory Limit
Maximum Swap Usage
Current Swap Usage 
CPU Shares
CPU Period
CPU Quota
Number of CPUs
CPU Sets
CPU Set Memory Nodes
CPU Usage
CPU Usage Per CPU
Block I/O Requests Serviced
Block I/O Total Bytes Transferred
OOM Kill Enabled

In addition to the new internal API, a new java -XshowSettings:system option will be added to allow the reporting of the system metrics.

Once this API has been integrated in the Java sources, enhancements to JMX and JFR will be done separately to enable the use and reporting of these metrics.

Alternatives

There are a few existing tools available to extract some of the same container statistics. These tools could be used instead. The benefit of providing a core Java internal API is that this information can be exposed by current Java serviceability tools such as JMX and JFR along side other JVM specific information.

Testing

Docker/container specific tests should be added in order to validate the functionality being provided with this JEP.

Risks and Assumptions

Docker is currently based on cgroups v1. Cgroups v2 is also available but is incomplete and not yet supported by Docker. It's possible that v2 could replace v1 in an incompatible way rendering this work unusable until it is upgraded.

Other alternative container technologies based on hypervisors are being developed that could replace the use of cgroups for container isloation.

Dependencies

None at this time.