- Use GraalVM to create a native binary from Java code (see Oracles GraalVM für „Natives Java“)
- Use buildah as a multi stage build tool to create an OCI container image
- Use gVisor with its user-space guest kernel to increase isolation
Please follow the dedicated installation instructions of gVisior and buildah
Running a multi stage build:
wget https://github.com/oracle/graal/releases/download/vm-1.0.0-rc1/graalvm-ce-1.0.0-rc1-linux-amd64.tar.gz
sudo ./helloworld-buildah.shExecute default CMD:
docker run --rm --runtime=runsc hello-graalvmExecute the Hello World server:
docker run --rm --runtime=runsc -d -p 8080:8080 hello-graalvm helloworldserver
curl -v localhost:8080