JVM

Introduction

TBD

Reference

VM Options Explorer

https://chriswhocodes.com/

The java command (Java 17) 

https://docs.oracle.com/en/java/javase/17/docs/specs/man/java.html

The java command (Java 11)

https://docs.oracle.com/en/java/javase/11/tools/java.html#GUID-3B1CE181-CD30-4178-9602-230B800D4FAE

Docker container usual flags

With JDK 21

Setting initial heap size and max heap the same will incur lower Garbage Collection pause times.

‘-XX:+UseContainerSupport’ is passed by default argument in the JVM. So, you don’t need to configure it explicitly.

-XX:+ExitOnOutOfMemoryError -XX:MaxMetaspaceSize=200m -XX:MaxRAMPercentage=70.0 -XX:MinRAMPercentage=50.0 -XX:InitialRAMPercentage=70.0 -XX:+PrintFlagsFinal -XX:-OmitStackTraceInFastThrow

With JDK 17

-XX:+ExitOnOutOfMemoryError -XX:MaxMetaspaceSize=200m -XX:MaxRAMPercentage=50.0 -XX:MinRAMPercentage=50.0 -XX:+PrintFlagsFinal -XX:+UseContainerSupport

With JDK 11

-XX:+ExitOnOutOfMemoryError -XX:MaxMetaspaceSize=200m -XX:MaxRAMPercentage=50.0 -XX:MinRAMPercentage=50.0 -XX:+PrintFlagsFinal -XX:+UseContainerSupport

With JDK 8

n/a

With JDK 7

Sample JBoss w/ Java 7 running in a 2048 MB machine:

-Xmx1024m -Xms512m -XX:MaxPermSize=512m -XX:OnOutOfMemoryError=\"kill -9 %p\"

Docker container usual flags

With JDK 21

Setting initial heap size and max heap the same will incur lower Garbage Collection pause times.

‘-XX:+UseContainerSupport’ is passed by default argument in the JVM. So, you don’t need to configure it explicitly.

-XX:+ExitOnOutOfMemoryError -XX:MaxMetaspaceSize=200m -XX:MaxRAMPercentage=70.0 -XX:MinRAMPercentage=50.0 -XX:InitialRAMPercentage=70.0 -XX:+PrintFlagsFinal -XX:-OmitStackTraceInFastThrow

With JDK 17

-XX:+ExitOnOutOfMemoryError -XX:MaxMetaspaceSize=200m -XX:MaxRAMPercentage=50.0 -XX:MinRAMPercentage=50.0 -XX:+PrintFlagsFinal -XX:+UseContainerSupport

With JDK 11

-XX:+ExitOnOutOfMemoryError -XX:MaxMetaspaceSize=200m -XX:MaxRAMPercentage=50.0 -XX:MinRAMPercentage=50.0 -XX:+PrintFlagsFinal -XX:+UseContainerSupport

With JDK 8

n/a

With JDK 7

Sample JBoss w/ Java 7 running in a 2048 MB machine:

-Xmx1024m -Xms512m -XX:MaxPermSize=512m -XX:OnOutOfMemoryError=\"kill -9 %p\"

Key store & Trust store

eg: thirds

(key store) TBD

TBD

(trust store) Trust standard internet authorities

Potential "Gotcha": The TrustStore

   If POINTING javax.net.ssl.trustStore to your custom truststore, Java will only trust the certificates in that file.

   It will no longer trust standard internet authorities (like those needed to talk to Google, AWS, or Maven).

For trusting the standard internet authorities, you can import the Java default truststore which default password is 'changeit' (tested w/ Ubuntu 24.04.3 LTS):

keytool -importkeystore \

    -srckeystore ${JAVA_HOME}/lib/security/cacerts \

    -srcstoretype PKCS12 \

    -srcstorepass changeit \

    -destkeystore docker/truststore.p12 \

    -deststorepass THE_TRUST_STORE_PASS \

    -noprompt

-