Background:
Based on the environmentCentos8 + Kubeadm1.20.5 + Cilium + Hubble, the main online running PHP, NodeJS and Java environment.
Java POD was frequently alerted to 90% CPU usage yesterday:
Although the CPU is compressible resources, the application will only starve, not appear as if the memory burst. However, you also need to perform a performance analysis to see if there is a problem with the code logic or the size of the resource allocation is not reasonable.
Just like the traditional way to enter the container to view the PID, run the jstack command to analyze:
kubectl exec -it xxx-xxxx-8556c7f98b-9nh28 sh -n official
/ # ps
PID USER TIME COMMAND
1 root 2h38 java -Djava.security.egd=file:/dev/./urandom -jar /xxx-1.0-SNAPSHOT.jar
4178 root 0:00 sh
4193 root 0:00 ps
/ # jstack 1
1: Unable to get pid of LinuxThreads manager thread
The what jstack command could not parse the application……
Solution process:
Baidu search, see: https://blog.csdn.net/qq_16887777/article/details/107417059
1. About the pid1
PID1-5 is a Linux special process. PID1-5 is a Linux special process. PID =1: Init process, the first user-level process started by the system, is the parent of all other processes, and directs the user-space service.
PID =2: kthreadd: for kernel thread management.
PID =3: Migration, used for process migration between different CPUs.
PID =4: ksoftirqd, the kernel’s soft interrupt daemon thread, used to handle soft interrupt transactions when the system is idle.
PID =5: watchdog This process is a watchdog process that listens for kernel exceptions. When the system is down, you can use the Watchdog process to write some of the stack information of the downtime to the specified file for post-mortem analysis of the cause of the downtime. The easiest way to do this is to have Java start a process with a PID that is not 1-5, right? Well, the launch command is not the first one.
2. Modify the Dcokerfile Java startup mode
Up and down my Dockerfile
FROM openjdk:8-jdk-alpine VOLUME /tmp ENV TZ=Asia/Shanghai RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone ADD target/diversion -0.0.1-snapshot.jar (version 0.0.1-snapshot) $TZ > /etc/timezone ADD target/diversion -0.0.1-snapshot [" Java ", "- Djava. Security. Or egd = file: / dev /. / urandom", "- the jar", "/ XXXX - 0.0.1 - the SNAPSHOT. Jar"]
Well, I personally think it’s possible to write a Java startup file into a script? And then ENTRYPOINT sh script? Accidentally saw a TINI method: Docker runs a Java program using jmap, jstack commands TINI to run the program to get the process. Modify Dockerfile as follows:
FROM openjdk:8-jdk-alpine VOLUME /tmp ENV TZ=Asia/Shanghai RUN apk add --no-cache tini RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone ADD target/diversion -0.0.1-snapshot Diversion - 0.0.1 - the SNAPSHOT. Jar ENTRYPOINT [" observatory ", "Java", "- Djava. Security. Or egd = file: / dev /. / urandom", "- the jar", "/ XXXX - 0.0.1 - the SNAPSHOT. Jar"]
3. Build and upload the image to the image repository
docker build -t ccr.ccs.tencentyun.com/xxxx/xxxx:xxxx
docker push ccr.ccs.tencentyun.com/xxxx/xxxx:xxxx
4. Deploy the application and test it
cat > test.yaml << EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: test
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: test
template:
metadata:
labels:
app: test
spec:
containers:
- name: test
image: ccr.ccs.tencentyun.com/xxxx/xxxx:xxxx
env:
- name: SPRING_PROFILES_ACTIVE
value: "official"
ports:
- containerPort: test
resources:
requests:
memory: "256M"
cpu: "250m"
limits:
memory: "1024M"
cpu: "500m"
imagePullSecrets:
- name: tencent
---
apiVersion: v1
kind: Service
metadata:
name: test
labels:
app: test
spec:
ports:
- port: 8081
protocol: TCP
targetPort: 8081
selector:
app: test
EOF
kubectl apply -f test.yaml -n test
kubectl exec -it xxxxxxx sh -n test
top
You can see that process number 1 is tini and there is an additional separate Java process number 7, run jstack for test:
jstack 7
Well, being able to run jstack is all you need. Ignore everything else.
Conclusion:
1. About Linux PID
2. Tini’s command, please refer tohttps://zhuanlan.zhihu.com/p/59796137
3. Docker startup mode and process isolation implementation mode