Shaun Smith with DevOpsSpeakeasy at DevoxxMA 2022

October 4, 2022

< 1 min read

In this interview, we speak with Shaun Smith @shaunmsmith. Shaun leads product management of GraalVM at Oracle Labs where he focuses on Java Cloud Native technologies and frameworks. Containers are increasing the way Java applications are packaged and deployed. There are lots of qualities desirable in a containerized application like fast startup and low memory and CPU requirements, but size and security are also important considerations. Moving big container images around a network will increase the time it takes to start up a new K8s pod or launch a container, and “just enough operating system” container images with reduced attack surface area are also preferable. So what’s the smallest possible Java container image?


Ixchel Ruiz

Developer Advocate @ JFrog

Ixchel is a Developer Advocate @JFrog. She has developed software applications & tools since 2000. Her research interests include Java, dynamic languages, client-side technologies, DevOps, and testing. Java Champion, Oracle Groundbreaker Ambassador, SuperFrog, Hackergarten enthusiast, Open Source advocate, public speaker, and mentor. Travels around the world ( sometimes virtually ) because sharing knowledge is one of her main drives in life!

Video Transcript

hello we are here at devox Morocco I’m

avoid Sean Smith so thank you for being

here Sean yeah I’m glad to be here do

you want to introduce yourself sure so

my name is Sean Smith I lead product

management for growl VM at Oracle and

I’ve been working on various Java

projects open source and cloud services

first for my well years I don’t say how

long it’s okay it’s okay we know you

have a lot of experience well that’s

nice yes don’t work so I know that you

had a session here at devox Morocco

about minimal container images right so

the session was

a one and a half megabyte Java

containerized app yes you can wow so

um yeah and I had people come up to me

and say I didn’t think that was possible

so clearly the title worked right

yes and actually it’s intriguing and

exciting yeah so the uh I sort of talked

walked people through you know what you

see often as really big Java application

containers like 300 megabytes yes and we

basically walk through a series of steps

um in terms of what you can do to bring

it down and eventually like a couple

samples one of them it’s a simple hello

world which doesn’t do much

um we got it down to one and a half Meg

and it ran right you Docker run you know

and it goes hello world hello world okay

and uh obviously there’s all kinds of

tricks and techniques on the way and and

uh you can sort of see the transition

from well obviously I work on the gravy

M project so the answer is you could use

raw VM and image to compile to a native

executable and so it’s really

interesting What’s um when you see when

you compile applications with gravity

and Native image you can sort of see all

the classes you need because everybody

think about hello world how many classes

are behind the scenes and it’s like 3

000 classes uh but you don’t need all

those classes so so you can get rid of

the ones you don’t need so through

static analysis you can sort of walk

through from the main

through system out print line to all the

things you really need and just include

those and that’s how you get so small

because the jdk has all kinds and and

you know j-link is an attempt right a

good a good step with the jdk to

basically get rid of modules you don’t

need right so there’s this whole notion

of just include in your container what

you need or even in your Java GRE

essentially what you need

um and so daily gets rid of all those

extra modules and then we grab a native

image you get rid of even more right you

get rid of getting rid of classes you’re

getting rid of fields methods

um it really strips it down to just what

you need so that sounds super

interesting because it is important size

does matter so when we are deploying

um what what has been your experience

like how do we deploy how Java Engineers

are now deploying are we doing a good

job not so good job well talking to

people at the conference was good to get

feedback right yes and uh people were

saying coming to me confessionally

saying I’m one of those people who has a

300 megabyte Java application okay right

and because they’re deploying on the

entire jdk yeah they’re getting they’re

going to you know Docker Hub they’re

getting open jdk or or even various

various Java distro container images and

just some copying their jars in there

that’s like such a bad idea but never

mind the jdk but what else is in there

right so whether

packages has the OS installed it could

have vulnerabilities I mean there’s all

kinds I’m sure you’ve been talking to

people about that exactly I mean if you

focus on minimal parts that you actually

need need you can pay more attention and

you don’t have the risks of things that

you don’t need so makes the things you

don’t know about right so who knows

what’s in your in your Linux distro like

there’s tons of packages so you know

there’s attempts right so you see people

and one what I used actually and we look

at Alpine and we look at different


but the digitalis images from Google are

quite quite interesting

um they’ve got one specifically for Java

with j-link for example so they’ve said

um they have a jdk baseline container

and that’s about I think it was 300 no

250 230 Meg well jdk they’ve got a

container image I think it’s about 35

Meg and it contains all the necessary

just enough operating system along with

the libraries the shared libraries of

the jdk would need so if you’re using

j-link and you’re building an

application you will need certain

libraries and they’ve got it they’ve got

one for you so j-link copy it in you’re

pretty good but you know that’s what’s

in there it’s very small they also have

smaller ones that say here’s just what

you need if you just need G lib C so if

you just need glibc this contains

nothing but just take an operating

system for your your binary to run and

then they have one scrap the static

there’s nothing in it I mean it’s two

and a half Meg

so it’s just enough and again you can go

further down to scratch

which is basically it does actually it

looks like zero but there’s nothing in

there you’re from scratch copy my binary

but there’s a couple things in there

when you take a look but it’s nothing so

if you’re worried about wow some

vulnerability got reported in some

package you could feel good I don’t I

know I don’t have it yes because there’s

only my binary in there I can worry

about what’s in my binary that’s another

whole problem right yes but that’s

inside your domain inside your

responsibility so you you should know

what you are importing your dependencies

that you’re using run tools to analyze

the palm dependencies and yes get

reports I can do that so I I have a

notion of my

exposure to vulnerabilities no I


really important and one of the one of

the things that you’re mentioning and it

makes total films is start the small do

the your iteration and start going

bigger and bigger as soon as you need it

not the other way around or maybe

maybe also slimming down is good but if

you go under the other direction it’s

something sometimes more clear what you

need right and why do you need it don’t

you can you don’t have to start with the

smallest but you should start with

something at least that but even from a

development perspective right when

you’re building you don’t want to have

these big things you know you know right

I mean I was deploying to the cloud

containers and if it’s a 300 megabyte

container that takes a little while

right yes all the conference talk has

been about speed developer you know

experience everyone wants to start fast

run fast deploy fast because we are uh

impatient well efficiently there’s a

limit of how much coffee you can drink

while waiting so that’s the way the

world is so yeah so I’m very I’m the

other thing we talked about or showed in

our session was

it’s a boot time right so we took a

simple again summer hello world because


comprehensible yes yes it’s actually a

big challenge as we know find an example

that people can

so we took hello world we did Java C

hello and all does the system out

ran it and the jvm timed it it’s about

60 milliseconds say to run that right we

ran native image hello.class and

basically compiled that to a binary and

it boots in like two milliseconds so you

just shaved off all this time so boot

time is another huge thing so if you’re

a developer or you’re deploying an

application as a boot fast you really

care about boot time right yes so so

there’s tools for get you know improving

your boot time getting things up fast

and then of course bringing the memory

consumption down right so I mean this is

again this is what growl VM is about you

know speed compact compact applications

low memory Resort no low memory usage so

um it’s all it’s all tied together right

especially the whole move to cloud and

containers of all sorts of line up yes

you know

different versions so it actually starts

summing up so we we should be careful in

terms of our resources in terms what

we’re deploying in terms of management

so I I can only be like super interested

about watching your session later on and

and and learn all the techniques that

you probably show and and know yeah it’s

uh it’s surprisingly easy I think that’s

what’s important it’s just pick the

right container image know what you’re

putting in it exactly it’s not that hard

it’s a four line Docker file right so


okay is there well do you want to

mention any resources that we or the

audience should check uh yeah they can

check out we’ll start off with uh then

go to and you’ll find links

to much of the content and we have blogs


um over covid we’ve all been working

hard at home and the focus is being I

think a lot of the focus has been on

developer productivity so we’ve made the

builds faster because again we’re all

impatient builds are faster the size of

the binaries we’re building are smaller

we have better insight into what’s

happening so there’s been a lot of work

to make it a better developer experience

so that’s that’s kind of where the focus

has been for a long time like last

couple years so I’m pretty happy every

release we’re able to talk about

developer experience features and that’s

that’s really exciting well I we should

all check that information and those

resources so I will your name will be

there and some of the links so okay

great that will be easier to follow

anything that you want to say to the

audience like in in particular to John


yes I mean we need like well I think

that that people like there’s the Java

Community the Java ecosystem is huge yes

and that’s really got to be overwhelming

right I mean if you’re a new person

coming there’s so many options

especially you’re here at the conference

and you’re hearing about Project X and

project y right so I don’t know

honestly I don’t know if I were a new

person how I would approach this this is

a really challenge but I guess you go to

a sessions you hear about these new

things and just download try them out

right okay just get your hands dirty

okay patience learn the tools and yes

your Hands-On yes

okay well thank you very much Sean thank

you for having me being with us great

great to see you yeah yes I hope to see

you it’s been a long time yes Kobe call

me did something to us

pleasure for me too