-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
2
-
Problem Definition
Currently there's no way to set a memory limit for RSS containers
Suggested Solution
Add option to to limit the memory for a RSS containers
Why this is important
It's possible that a malicious code can consume all system available memory and eventually bring down the instance.
Workaround
Set a limit in Docker
- cat /etc/systemd/system/docker_limit.slice
[Unit] Description=Slice that limits docker resources Before=slices.target [Slice] CPUAccounting=true CPUQuota=90% MemoryAccounting=true MemoryHigh=1G MemoryMax=1.2G
- MemoryLimit (cgroupv1) may be required instead of MemoryMax (cgroupv2) depending on the cgroup version in your OS: https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
- cat /etc/docker/daemon.json
{ "exec-opts": ["native.cgroupdriver=systemd"], "cgroup-parent": "docker_limit.slice" }
Additionally you can limit Maven's heap size
- Create a .mvn/jvm.config in the repository stored spec:
example
-Xmx128m -Xms128m
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
[BAM-21187] Add UI option to limit memory consumption for RSS containers in Bamboo
| Support reference count | New: 2 |
| UIS | Original: 12 | New: 1 |
| UIS | Original: 1 | New: 12 |
| UIS | Original: 0 | New: 1 |
| UIS | Original: 1 | New: 0 |
| UIS | Original: 2 | New: 1 |
| UIS | Original: 1 | New: 2 |
| UIS | Original: 12 | New: 1 |
| UIS | Original: 1 | New: 12 |
| UIS | New: 1 |