Comments (8)
@lnksz There are some background tasks running like the ones for expiring old session. The garbage collection can also be quite lazy to reclaim space. So my bet would be it is just not doing collections until it gets close to the maximum which is 70% of the 1G. Also I think the JVM doesnt necessarily return the memory to the OS but just keeps it. You could check by enabling metrics, there should you should see the number of small/large garbage collections and also how much heap space is actually used.
from keycloak.
@lnksz Thanks for the additional info. I just wanted to comment that it should be related only to the limit.
I created a follow-up issue to improve the docs: #28729
from keycloak.
Possibly related to #28211 and #28444
Did I miss any hint in https://www.keycloak.org/docs/latest/upgrading/index.html#migrating-to-24-0-0 on why this 3x RAM increase would be the case?
See #28211 (comment)
from keycloak.
@shawkins thanks for the quick reply! Sorry I didn't see #28211 because I only searched for open tickets...
With --memory=1G
in the docker run
command, the initial RAM usage of the the v24 container dropped to ca 500M, which is harmony with -XX:InitialRAMPercentage=50
. I guess based on -XX:MaxRAMPercentage=70
, this will go up to 700M, right?
What surprises me, that this RAM eating is taking place even though the KC container has 0 "load". No UI, requests, maintenance, anything...
Is it normal that KC continues to eat up the container memory in an idle state?
I will measure this now with the 1GB limit, because I would expect that an idle service find a (non max) heap size and stays there until some work needs to be done.
from keycloak.
this will go up to 700M, right?
Yes the heap will be allowed to grow up to 700M - the overall java process memory can be higher than that.
What surprises me, that this RAM eating is taking place even though the KC container has 0 "load". No UI, requests, maintenance, anything...
Is it normal that KC continues to eat up the container memory in an idle state?
I'm not sure what exactly is going on here. I would not expect the heap size to be adjusted higher unless there is pressure, and it doesn't seem like it would be done so smoothly / continuously. But it could be that the particular garbage collector in use will simply allow things to grow to MaxRAMPercentage over time based upon any amount of garbage (even just probes). I have not witnessed this behavior with local testing, so there may be some subtle difference running in Docker that needs another look. cc @mabartos @ahus1
from keycloak.
I have run the v24 as from the documentation with 1G limit. The RAM still grows slowly, even though I just let the service run without interacting with it in any way.
I captured the RAM usage via:
while true; do
ram="$(docker stats --format=json --no-stream mykc | jq -r '.MemUsage' | cut -d' ' -f1)"
ts=$(date +%s)
echo "$ts,$ram" >> kc24-ram.csv
sleep 30s
done
Then visualized it in Excel quickly.
from keycloak.
@lnksz and to confirm you never see out of memory execptions in your keycloak instance correct? As @sschu is mentions you can check the actual heap usage, and based upon other issues we don't expect that this memory growth actually means that keycloak is using more heap.
I recall @ahus1 mentioning seeing the tendency as well for the heap space to grow, but not be reduced.
If there are no actual out of memory problems, I'd vote for treating this issue as a normal priority to see if we should further influence the garbage collector to be more in-line with user expectations - it looks now like there's only a marginal benefit to setting a smaller initial ram percentage.
from keycloak.
Hi there,
I have run our "real" deployment of the KC configuration and monitored it over the weekend.
( with 1G limit in place)
So after the limit is set, over the long-run there is no such "run away" like with the unlimited version.
In the above screenshot one can see the v23 version (without limit) around 400M, then the unlimited v24 version (saw) and then the 1G limited v24 version.
This is now, what I would expect to see after an upgrade.
Maybe you could add a hint in the v24 upgrade guide? It is still not clear to me, what change exactly caused this in v24...
from keycloak.
Related Issues (20)
- browsing and linking subgroups HOT 3
- Check if keycloak-adapter-core should be restored for Keycloak 25 release HOT 2
- Keyclaok 24.0.4 with external infinispan 14.0.9.final. | HOT 1
- Add support of RTL UI in login pages
- CI for JS not running all the tasks
- Admin UI slow performance loading 600+ realms HOT 1
- Custom claim not added when federated user HOT 1
- Help information is not sufficient for few parameter in GUI HOT 2
- Enabling and disabling functions are not working properly in KC GUI HOT 2
- Revert editorconfig for properties files as trailing blanks are used HOT 4
- Nightly build for API docs is broken
- private AuthzClient.createPatSupplier
- Maven wrapper is only sometimes used in the build
- Internal server error when resetting password after logging in HOT 3
- Flatten JSON Structure in Keycloak Logs
- Provide native support for access token and id-token as verifiable credentials
- Bootstrapping an admin service account using a dedicated command
- Bootstrapping an admin user or service account at server startup
- Bootstrapping an admin user or service account using the Operator
- KC operator HA via having > 1 pod HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak.