Deployment Manual / Version 2204
Table Of ContentsFor Kubernetes deployments, it might be interesting to build distroless images. These are images, that contain only the JVM and the application but no shell. These images are, by nature, more secure. To build a distroless image, a second Maven profile should be added:
<profile>
<id>distroless-image</id>
<properties>
<jib.skip>false</jib.skip>
<application.image-base>
gcr.io/distroless/java@sha256:65aa73135827584754f1f1949c59c3e49f1fed6c35a918fadba8b4638ebc9c5d
</application.image-base> 
</properties>
<build>
<plugins>
<plugin>
<groupId>com.google.cloud.tools</groupId>
<artifactId>jib-maven-plugin</artifactId>
<configuration>
<container>
<jvmFlags> 
<jvmFlag>-XX:+UseParallelGC</jvmFlag>
<jvmFlag>-XX:+ExitOnOutOfMemoryError</jvmFlag>
<jvmFlag>-XX:MinRAMPercentage=45.0</jvmFlag> 
<jvmFlag>-XX:MaxRAMPercentage=85.0</jvmFlag> 
<!--
| <jvmFlag>-XX:+HeapDumpOnOutOfMemoryError</jvmFlag>
| <jvmFlag>-XX:HeapDumpPath=/tmp/app.hprof</jvmFlag>
-->
</jvmFlags>
</container>
</configuration>
</plugin>
</plugins>
</build>
</profile>
| go to https://console.cloud.google.com/gcr/images/distroless/GLOBAL/java and pick a hash |
| When building a distroless based image, there is only the JVM included and only environment variables and jvm flags are supported. |
| In Kubernetes the JVM memory is controlled by Kubernetes. In order to allow that, we need to define the upper and
lower bound of the allocated pod memory using |
