Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add modsec resource limits to controls V2 memory consumption #841

Merged
merged 2 commits into from
Aug 30, 2021
Merged

docs: add modsec resource limits to controls V2 memory consumption #841

merged 2 commits into from
Aug 30, 2021

Conversation

sealneaward
Copy link
Contributor

From our deployment/daemonset of ModSecurity, we have been noticing the ModSecurity pods hogging memory after our performance tests finish. There is no garbage collection done and the memory consumed only increases over time.

We believe this is due to documented memory leak issues with V2 of ModSecurity.
Our kubernetes native solution to this is to provide memory allocations to the deployment, to force restarts of the pods instead of hogging memory on nodes.
We've ran performance tests against this change to the deployment and there is no performance regression.

@sealneaward sealneaward mentioned this pull request Aug 27, 2021
Closed
@jcmoraisjr
Copy link
Owner

Sounds fair. Please add also a note in the example doc so one will be advised that there is a small requests and limits configuration. Something like this just after the first kubectl create is enough:

{{% alert title="Note" %}}
This deployment configures a small amount of requests and limits resources,
remember to adjust them before moving to production.
{{% /alert %}}

@sealneaward
Copy link
Contributor Author

Added the alert. Let me know if you want to see anything else @jcmoraisjr

@jcmoraisjr jcmoraisjr changed the title Added modsec resource limits to avoid memory leaks over time in V2 docs: add modsec resource limits to controls V2 memory consumption Aug 30, 2021
@jcmoraisjr
Copy link
Owner

LGTM thanks! Merging now.

@jcmoraisjr jcmoraisjr merged commit 1cfd69b into jcmoraisjr:master Aug 30, 2021
jcmoraisjr added a commit that referenced this pull request Aug 30, 2021
@jcmoraisjr
docs: add modsec resource limits to controls V2 memory consumption (#841
daf833a 
)

From our deployment/daemonset of ModSecurity, we have been noticing the
ModSecurity pods hogging memory after our performance tests finish.
There is no garbage collection done and the memory consumed only
increases over time.

We believe this is due to documented memory leak issues with V2 of
ModSecurity. Our kubernetes native solution to this is to provide
memory allocations to the deployment, to force restarts of the pods
instead of hogging memory on nodes. We've ran performance tests against
this change to the deployment and there is no performance regression.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
v0.13 v0.14
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sealneaward @jcmoraisjr @nseward-ep