Is it possibly to set a Memory-Limit of a Docker-Container?
When running KeyCloak in a container, it is recommended to set a memory limit.
See here: https://github.com/keycloak/keycloak/issues/28729
If I don't set a limit, the memory consumption continues to grow, probably up to 70% of the available RAM. That would be around 22GB RAM (70% of 32GB)
Is there any way to set the memory limit of a Docker container?
GitHub
Emphasize the need for setting container limit · Issue #28729 · key...
Description After providing changes[1] to memory settings for the container deployments in Keycloak 24, we've faced some issues related to increased memory utilization. The JVM Heap setting has...
Solution:
Jump to solution
I used now follow Configuration "ENV JAVA_OPTS_KC_HEAP="-Xms512m -Xmx1g"
Its not recommended to use Xms and Xmx but i dont want to use some relative Percantages. This is more controlable.
In the Metrics Tab of Railway its shows 620MB Ram Usage.
The KeyCloak Dashboard says following:...
30 Replies
Project ID:
N/AN/A
it's not possible as that would just end up with keycloak crashing when it tries to use memory that isn't available, instead you want to tweak the jvm options.
Maybe a service variable like this would work? -
Though it's untested.
First of all: Thank you for the response and your time Brody!
The Java-Options Xms and Xmx was the solution in the older version of KeyCloak:
"Instead of specifying hardcoded values for the initial and maximum heap size, Keycloak uses relative values to the total memory of a container. The JVM options -Xms, and -Xmx were replaced by -XX:InitialRAMPercentage, and -XX:MaxRAMPercentage."
see here: https://www.keycloak.org/2024/03/keycloak-2400-released
And the new variables are relative to the container Memory of 32 GB
To set the container-Memory-Limit is the recommended way of configuration for KeyCloaks-Memory
the app in the container sees this -
your plan allows you to use 32gb of that, and at this time the app needs to be responsible for keeping its own memory in check.
"The Keycloak container, instead of specifying hardcoded values for the initial and maximum heap size, uses relative values to the total memory of a container. This behavior is achieved by JVM options -XX:MaxRAMPercentage=70, and -XX:InitialRAMPercentage=50.
The -XX:MaxRAMPercentage option represents the maximum heap size as 70% of the total container memory. The -XX:InitialRAMPercentage option represents the initial heap size as 50% of the total container memory. These values were chosen based on a deeper analysis of Keycloak memory management."
https://www.keycloak.org/server/containers
Than i will try to choose a MaxRAMPercentage Value thats is small enough to not use to much Ram
So would you want to set a service variable
JAVA_OPTS_KC_HEAP to something like -XX:MaxHeapFreeRatio=30 -XX:MaxRAMPercentage=65 ?Not a good Solution, but the only one i can find now
Yeah, that would be the solution now
where does keycloak recommend restricting the containers memory?
Here: https://github.com/keycloak/keycloak/pull/28812/files
Its really new, so the public documentation does not have it now
*"As the heap size is dynamically calculated based on the total container memory, you should always set the memory limit for the container.
Previously, the maximum heap size was set to 512 MB, and in order to approach similar values, you should set the memory limit to at least 750 MB.
For smaller production-ready deployments, the recommended memory limit is 2 GB."*
gotcha
I spend many hours today to analyse the problem 😅
yeah the problem is that keycloak sees a whopping 252 gb
without any config, how much memory was keycloak using?
It begins at 1,4Gb and goes no stop up. At 3GB i removed the pod because of the cost
oh wow
From the Admin-Dashboard of KeyCloak
after the
JAVA_OPTS_KC_HEAP variable?Before. I will try the Variable now
Solution
I used now follow Configuration "ENV JAVA_OPTS_KC_HEAP="-Xms512m -Xmx1g"
Its not recommended to use Xms and Xmx but i dont want to use some relative Percantages. This is more controlable.
In the Metrics Tab of Railway its shows 620MB Ram Usage.
The KeyCloak Dashboard says following:
I will try it with this configuration.
thats much better, what do the service metrics say?
620MB Ram Usage
not bad
Thats a good usage for a keycloak (Keycloak need much (:)
thats java for you
yeah (:
how can i mark this comment with the config i used as the solution?
Thank you!
Bought you a small coffee as a thank you👍
thank you very much