joostvdg
diff --git a/‎docs/jenkinsx/builder-image.md
+102 b/‎docs/jenkinsx/builder-image.md
+102
diff --git a/‎docs/jenkinsx/java-native-prod/01-intro.md
+15-22 b/‎docs/jenkinsx/java-native-prod/01-intro.md
+15-22
diff --git a/‎docs/jenkinsx/java-native-prod/04-jx-import.md
+32-14 b/‎docs/jenkinsx/java-native-prod/04-jx-import.md
+32-14
diff --git a/‎docs/jenkinsx/java-native-prod/05-jx-secrets.md
+82 b/‎docs/jenkinsx/java-native-prod/05-jx-secrets.md
+82
@@ -0,0 +1,102 @@
+title: Jenkins X - Create Builder Image
+description: How to create a Jenkins X builder Image
+
+# Create Jenkins X Builder Image
+
+Jenkins X leverages [Tekton pipelines](https://github.com/tektoncd/pipeline) to create a Kubernetes native Pipeline experience. Every step is run in its own container.
+
+People comonly start using Jenkins X via its pre-defined build packs.
+These build packs already have a default Container Image defined, and use some specific containers for certain specific tasks - such as Kaniko for building Container Images. We call these Container Images: ***Builders***.
+
+## Create Custom Builder
+
+Sometimes you need to use a different container for a specific step. First, [look at the available builder](https://github.com/jenkins-x/jenkins-x-builders). If what you need does not exist yet, you will have to create one yourself.
+
+Jenkins X [has a guide on how to create a custom Builder](https://jenkins-x.io/docs/guides/managing-jx/common-tasks/create-custom-builder/).
+
+In essence, you create a Container Image that extends from `gcr.io/jenkinsxio/builder-base:0.0.81`, includes your tools and packages of choice, and may or may not include the `jx` binary.
+
+What comes after, is your choice. You can add [your Builder to Jenkins X's list of Builders](https://jenkins-x.io/docs/guides/managing-jx/common-tasks/create-custom-builder/#install-the-builder), or directly use it in your Jenkins X Pipeline by FQN.
+
+The main difference, is that when you add the Builder to Jenkins X you can include default configuration for the entire Pod. Otherwise, you have to specify any unique configuration in the Jenkins X Pipeline where you use the image.
+
+## Dockerfile Example
+
+!!! example "Dockerfile"
+
+    ```Dockerfile
+    FROM gcr.io/jenkinsxio/builder-base:0.0.81
+
+    RUN yum install -y java-11-openjdk-devel && yum update -y && yum clean all
+
+    # Maven
+    ENV MAVEN_VERSION 3.6.3
+    RUN curl -f -L https://repo1.maven.org/maven2/org/apache/maven/apache-maven/$MAVEN_VERSION/apache-maven-$MAVEN_VERSION-bin.tar.gz | tar -C /opt -xzv
+    ENV M2_HOME /opt/apache-maven-$MAVEN_VERSION
+    ENV maven.home $M2_HOME
+    ENV M2 $M2_HOME/bin
+    ENV PATH $M2:$PATH
+
+    # GraalVM
+    ARG GRAAL_VERSION=20.0.0
+    ENV GRAAL_CE_URL=https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-${GRAAL_VERSION}/graalvm-ce-java11-linux-amd64-${GRAAL_VERSION}.tar.gz
+    ARG INSTALL_PKGS="gzip"
+
+    ENV GRAALVM_HOME /opt/graalvm
+    ENV JAVA_HOME /opt/graalvm
+
+    RUN yum install -y ${INSTALL_PKGS} && \
+        ### Installation of GraalVM
+        mkdir -p ${GRAALVM_HOME} && \
+        cd ${GRAALVM_HOME} && \
+        curl -fsSL ${GRAAL_CE_URL} | tar -xzC ${GRAALVM_HOME} --strip-components=1  && \
+        ### Cleanup     
+        yum clean all && \
+        rm -f /tmp/graalvm-ce-amd64.tar.gz && \
+        rm -rf /var/cache/yum
+        ###
+
+    ENV PATH $GRAALVM_HOME/bin:$PATH
+    RUN gu install native-image
+
+    # jx
+    ENV JX_VERSION 2.1.30
+    RUN curl -f -L https://github.com/jenkins-x/jx/releases/download/v${JX_VERSION}/jx-linux-amd64.tar.gz | tar xzv && \
+    mv jx /usr/bin/
+
+    CMD ["mvn","-version"]
+    ```
+
+## Usage
+
+The example above is my [Jenkins X Builder for Maven + JDK 11 + GraalVM](https://github.com/joostvdg/jenkins-x-builders/tree/master/graalvm-maven-jdk11). My Dockerhub ID is `caladreas`, and the image is `jx-builder-graalvm-maven-jdk11`. 
+
+### Override Default Container
+
+To use this Container Image as the default container:
+
+!!! example "jenkins-x.yml"
+
+    ```yaml
+    buildPack:  maven-java11
+    pipelineConfig:
+      agent:
+        image: caladreas/jx-builder-graalvm-maven-jdk11:v0.7.0
+    ```
+
+### Override Step Container
+
+!!! example "jenkins-x.yml"
+
+    ```yaml hl_lines="10"
+    buildPack:  maven-java11
+    pipelineConfig:
+      pipelines:
+        overrides:
+          - pipeline: pullRequest
+            stage: build
+            name: mvn-install
+            steps:
+              - name: mvn-deploy
+                image: caladreas/jx-builder-graalvm-maven-jdk11:v0.9.0
+    ```
@@ -56,42 +56,35 @@ If you want to focus on a stable production ready cluster, I can also recommend
     * [CloudBees Jenkins X Distribution](https://docs.cloudbees.com/docs/cloudbees-jenkins-x-distribution/latest/)
     * [Youtube video with installation and maintenance guidance](https://www.youtube.com/watch?v=rQlP_3iXvRE)
 
+!!! important
+
+    A little spoiler, but the Native Image build requires at least 6GB of memory but works best with about 8GB.
+    This means your Kubernetes worker node that your build runs on, needs have at least about 10-12GB memory.
+
+    If you're in GKE, as the guide assumes, the following machine types work:
+
+    * `e2-highmem-2`
+    * `n2-highmem-2`
+    * `e2-standard-4`
+    * `n2-standard-4`
+
+    Keep in mind, you can use more than one Node Pool. You don't have to run all your nodes on these types, you need at least to be safe. Having autoscaling enabled for this Node Pool is recommended.
+
 ## Why Quarkus
 
 Before we start, I'd like to make the case, why I chose to use Quarkus for this.
 
 Wanting to build a Native Image with Java 11 is part of the reason, we'll dive into that next.
 
 Quarkus has seen an tremendous amount of updates since its inception. 
-It is a really active framework, which does not require you to forget everything you've learned in other Java frameworks such as Spring and Spring Boot.
+It is a really active framework, which does not require you to forget everything you've learned in other Java frameworks such as Spring and Spring Boot. I like to stay up-to-date with what happens in the Java community, so spending some time with Quarkus was on my todo list.
 
 It comes out of the same part from RedHat that is involved with OpenShift - RedHat's Kubernetes distribution.
 This ensures the framework is created with running Java on Kubernetes in mind. 
 Jenkins X starts from Kubernetes, so this makes it a natural fit.
 
 Next, the capabilities for making a Native Image and work done to ensure you - the developer - do not have to worry (too much) about how to get from a Spring application to a Native Image is staggering. This makes the Native Image experience pleasant and involve little to no debugging.
 
-## Why Native Image
-
-Great that Quarkus helps with making a Native Image. What is a Native Image?
-In short, its makes your Java code into a runnable executable build for a specific environment.
-
-You might wonder, what is wrong with using a runnable Jar - such as Spring Boot - or using a JVM?
-Nothing in and on itself. However, there are cases where having a long running process with a slow start-up time hurts you.
-
-In a Cloud Native world, including Kubernetes, this is far more likely than in traditional - read, VM's - environments. With the advent of creating many smaller services that may or may not be stateless, and should be capable of scaling horizontally from 0 to infinity, different characteristics are required.
-
-Some of these characterics:
-
-* minimal resource use as we pay per usage (to a degree)
-* fast startup time
-* perform as expected on startup (JVM needs to warm up)
-
-A Native Image performs better on the above metrics than a classic Java application with a JVM.
-Next to that, when you have a fixed runtime, the benefit of Java's "build once, run everywhere" is not as useful. When you always run your application in the same container in similar Kubernetes environments, a Native Image is perfectly fine.
-
-Now, wether a Native Image performs better for your application depends on your application and its usage. The Native Image is no silver bullet. So it is still on you to do load and performance tests to ensure you're not degrading your performance for no reason!
-
 ## Resources
 
 * https://quarkus.io/guides/writing-native-applications-tips
 
@@ -53,25 +53,43 @@ Your build might fail, but no worry, just ensure a build started. If that worked
 
 ## Dockerfile
 
-This the Dockerfile generated by Quarkus, designed for a Java Native Image application build with Quarkus.
+This the Dockerfile generated by Quarkus, designed for a runnable Jar application build with Quarkus. By default, it is available in `src/main/docker/Dockerfile.jvm`. Jenkins X expects a `Dockerfile` at the root, so update that `Dockerfile` with the contents below.
+
 I'd recommend using it, as it is well tested and does everything we need in minimal fashion and according to Docker's best practices.
 
-```Dockerfile
-FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
-WORKDIR /work/
-COPY target/*-runner /work/application
+!!! example "Dockerfile"
 
-# set up permissions for user `1001`
-RUN chmod 775 /work /work/application \
-    && chown -R 1001 /work \
-    && chmod -R "g+rwX" /work \
-    && chown -R 1001:root /work
+    ```Dockerfile
+    FROM registry.access.redhat.com/ubi8/ubi-minimal:8.1
 
-EXPOSE 8080
-USER 1001
+    ARG JAVA_PACKAGE=java-11-openjdk-headless
+    ARG RUN_JAVA_VERSION=1.3.5
 
-CMD ["./application", "-Dquarkus.http.host=0.0.0.0", "-Xmx64m"]
-```
+    ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+    # Install java and the run-java script
+    # Also set up permissions for user `1001`
+    RUN microdnf install curl ca-certificates ${JAVA_PACKAGE} \
+        && microdnf update \
+        && microdnf clean all \
+        && mkdir /deployments \
+        && chown 1001 /deployments \
+        && chmod "g+rwX" /deployments \
+        && chown 1001:root /deployments \
+        && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
+        && chown 1001 /deployments/run-java.sh \
+        && chmod 540 /deployments/run-java.sh \
+        && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/lib/security/java.security
+
+    # Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
+    ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
+
+    COPY target/lib/* /deployments/lib/
+    COPY target/*-runner.jar /deployments/app.jar
+
+    EXPOSE 8080
+    USER 1001
+    ```
 
 ## Health Check
 
 
@@ -309,6 +309,88 @@ For the username, this is all we have to do, as we directly inject this variable
     * add environment injection from secret for password
 * updated `charts/Name-Of-Your-Application/values.yaml` with placeholders for the secrets
 
+??? example "templates/deployment.yaml"
+
+    Your deployment should now look like this:
+
+    ```yaml
+    {{- if .Values.knativeDeploy }}
+    {{- else }}
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: {{ template "fullname" . }}
+      labels:
+        draft: {{ default "draft-app" .Values.draft }}
+        chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+    spec:
+      selector:
+        matchLabels:
+          app: {{ template "fullname" . }}
+    {{- if .Values.hpa.enabled }}
+    {{- else }}
+      replicas: {{ .Values.replicaCount }}
+      {{- end }}
+      template:
+        metadata:
+          labels:
+            draft: {{ default "draft-app" .Values.draft }}
+            app: {{ template "fullname" . }}
+          annotations:
+            prometheus.io/port: "8080"
+            prometheus.io/scrape: "true"
+    {{- if .Values.podAnnotations }}
+    {{ toYaml .Values.podAnnotations | indent 8 }} #Only for pods
+    {{- end }}
+        spec:
+          containers:
+          - name: cloudsql-proxy
+            image: gcr.io/cloudsql-docker/gce-proxy:1.16
+            command: ["/cloud_sql_proxy",
+                      "-instances={{.Values.secrets.sql_connection}}=tcp:3306",
+                      "-credential_file=/secrets/cloudsql/credentials.json"]
+            volumeMounts:
+              - name: cloudsql-instance-credentials
+                mountPath: /secrets/cloudsql
+                readOnly: true
+          - name: {{ .Chart.Name }}
+            envFrom:
+              - secretRef:
+                  name: {{ template "fullname" . }}-sql-secret
+            image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+            imagePullPolicy: {{ .Values.image.pullPolicy }}
+            env:
+    {{- range $pkey, $pval := .Values.env }}
+            - name: {{ $pkey }}
+              value: {{ $pval }}
+    {{- end }}
+            ports:
+            - containerPort: {{ .Values.service.internalPort }}
+            livenessProbe:
+              httpGet:
+                path: {{ .Values.probePath }}
+                port: {{ .Values.service.internalPort }}
+              initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+              periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+              successThreshold: {{ .Values.livenessProbe.successThreshold }}
+              timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+            readinessProbe:
+              httpGet:
+                path: {{ .Values.probePath }}
+                port: {{ .Values.service.internalPort }}
+              periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+              successThreshold: {{ .Values.readinessProbe.successThreshold }}
+              timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+            resources:
+    {{ toYaml .Values.resources | indent 12 }}
+            terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+    {{- end }}
+          volumes:
+            - name: cloudsql-instance-credentials
+              secret:
+                secretName: {{ template "fullname" . }}-sql-sa
+    ```
+
 ### Summary of Changes Made To Staging Environment
 
 * created a new file, called `jx-requirements.yml` at the root