-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: Bamboo Specs, Docker, Publishing / RSS
-
None
-
1
-
2
Problem Definition
Currently there's no way to set a memory limit for RSS containers
Suggested Solution
Add option to to limit the memory for a RSS containers
Why this is important
It's possible that a malicious code can consume all system available memory and eventually bring down the instance.
Workaround
Set a limit in Docker
- cat /etc/systemd/system/docker_limit.slice
[Unit] Description=Slice that limits docker resources Before=slices.target [Slice] CPUAccounting=true CPUQuota=90% MemoryAccounting=true MemoryHigh=1G MemoryMax=1.2G
- MemoryLimit (cgroupv1) may be required instead of MemoryMax (cgroupv2) depending on the cgroup version in your OS: https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
- cat /etc/docker/daemon.json
{ "exec-opts": ["native.cgroupdriver=systemd"], "cgroup-parent": "docker_limit.slice" }
Additionally you can limit Maven's heap size
- Create a .mvn/jvm.config in the repository stored spec:
example
-Xmx128m -Xms128m
- mentioned in
-
Page Loading...