Set memory limit for containers to disable swapping

Settings a memory limit and swap limit equal to memory will disable swapping. Some containers need a memory limit because of memory leaks (workers, app). Other containers don't specifically need a limit but set ony anyway to ensure they don't start swapping memory.
internetstandards · Jun 19, 2024 · 31c3d32 · 31c3d32
1 parent 6f7c310
commit 31c3d32
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 8 deletions.
diff --git a/docker/defaults.env b/docker/defaults.env
@@ -143,6 +143,12 @@ PUBLIC_SUFFIX_LIST_URL=
 # configure built-in unbound resolver to forward to integration test resolver for internal network
 INTEGRATION_TESTS=False
 
+# Default memory limit for containers
+DEFAULT_MEMORY_LIMIT=1G
+
+# Memory limit for containers with high memory usage
+HIGH_MEMORY_LIMIT=5G
+
 # Amount of concurrent worker (green)threads
 WORKER_CONCURRENCY=100
 # limit worker memory so it won't grow into swap

diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -14,6 +14,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_WEBSERVER_INTERNAL
@@ -75,6 +78,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $HIGH_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $HIGH_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_APP_INTERNAL
@@ -216,10 +222,9 @@ services:
  dockerfile: docker/Dockerfile
  target: app
  restart: unless-stopped
- deploy:
- resources:
- limits:
- memory: $WORKER_MEMORY_LIMIT
+ mem_limit: $WORKER_MEMORY_LIMIT
+ # disable swap by setting swap to the memory limit
+ memswap_limit: $WORKER_MEMORY_LIMIT
  logging:
  driver: $LOGGING_DRIVER
  options:
@@ -336,6 +341,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  network_mode: "none"
  volumes:
  - /var/run/docker.sock:/var/run/docker.sock
@@ -344,10 +352,9 @@ services:
  worker-slow:
  # copy all attributes from 'worker' service and overwrite specific settings below
  <<: *worker
- deploy:
- resources:
- limits:
- memory: $WORKER_SLOW_MEMORY_LIMIT
+ mem_limit: $WORKER_SLOW_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $WORKER_SLOW_MEMORY_LIMIT
 
  command: celery --app internetnl worker --without-gossip --pool=eventlet --time-limit=600 --concurrency=$WORKER_SLOW_CONCURRENCY
  --queues slow_db_worker,batch_slow
@@ -365,6 +372,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  - internal
  - public-internet
@@ -434,6 +444,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_REDIS_INTERNAL
@@ -457,6 +470,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  user: rabbitmq
  networks:
  internal:
@@ -482,6 +498,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $HIGH_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $HIGH_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_POSTGRES_INTERNAL
@@ -506,6 +525,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $HIGH_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $HIGH_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_ROUTINATOR_INTERNAL
@@ -542,6 +564,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_UNBOUND_INTERNAL
@@ -588,6 +613,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_RESOLVER_INTERNAL_PERMISSIVE
@@ -621,6 +649,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_RESOLVER_INTERNAL_VALIDATING
@@ -660,6 +691,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal: {}
  public-internet: {}
@@ -717,6 +751,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_GRAFANA_INTERNAL
@@ -739,6 +776,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_PROMETHEUS_INTERNAL
@@ -757,6 +797,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  - internal
 
@@ -771,6 +814,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  - internal
 
@@ -786,6 +832,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  internal:
  ipv4_address: $IPV4_IP_STATSD_INTERNAL
@@ -804,6 +853,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  - internal
  depends_on:
@@ -829,6 +881,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  pid: host
  networks:
  - internal
@@ -848,6 +903,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  - internal
  volumes:
@@ -866,6 +924,9 @@ services:
  driver: $LOGGING_DRIVER
  options:
  tag: '{{.Name}}'
+ mem_limit: $DEFAULT_MEMORY_LIMIT
+ # disable swap by settings swap to the memory limit
+ memswap_limit: $DEFAULT_MEMORY_LIMIT
  networks:
  - internal
  volumes: