Building Containers with Google Jib

PUBLISHED ON AUG 19, 2018 — CLOUD, CONTAINER, JAVA

Jib is a new tool for building Docker and OCI images It promises fast and reproducible container builds without dedicated tooling such as the Docker Daemon and CLI. Jib is provided in the form of a Maven and a Gradle plugin.

As long as you’re fine with using the defaults, Jib requires very little configuration. Here is a typical example providing Docker hub credentials and the most important flags for a JDK container:

jib {
    to {
        auth {
            username = // Docker repo user name
            password = // Docker Hub password
        }
    }
    container {
        jvmFlags = ['-Xms32m', '-Xmx32m']
        ports = ['8080']
    }
}

Building the image is as easy as running:

./gradlew jib --image "image-name:label"

After that, the newly built image resides on Docker Hub.

Because Jib builds are reproducible, you can push the same image with a different tag. All you need to do is to change the to.image field. Jib will skip the actual building and create a new manifest for the new tag.

While Jib is fast, easy to use and delivers the promised results, there’s one important catch: The default base image uses Java 8. Java versions below 10 have serious issues when running in a container environment, as Jörg Schad showed in Nobody puts Java in a container.

Java 10 fixes these issues with support for control groups and proper thread size calculation. As Java has excellent backwards compatibility in the runtime, there is little reason to use an older version of Java in production, regardless of source level and LTS support.

I expect that this issue will eventually go away when distroless supports the next Java LTS, making Jib an option for containerizing Java applications that can be recommended without reserve.

See Also