opal: Possible memory leak with OPAL client

I’m running an OPAL client container in Kubernetes. I recently looked at metrics on the memory usage of this container and noticed that memory is climbing and climbing until it hits 100%. This indicates a possible memory leak with OPAL client.

Screen Shot 2021-09-07 at 3 37 39 PM

Here is some more info:

I’m running the image authorizon/opal-client-standalone:0.1.12.

Here’s my env var config:

- name: OPAL_POLICY_STORE_URL
  value: http://localhost:8181/v1
- name: OPAL_SERVER_URL
  value: http://localhost:7002
- name: OPAL_DATA_UPDATER_ENABLED
  value: "0"
- name: OPAL_KEEP_ALIVE_INTERVAL
  value: "10"

And finally the command to run the container:

command:
  - "sh"
  - "-c"
  - "/usr/wait-for.sh http://localhost:7002 --timeout=20 -- /start.sh"

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 17 (9 by maintainers)

Most upvoted comments

Sure @grantmcconnaughey 😃

I have started to investigate - i have a few leads & some follow up questions about your setup:

  • How often is the policy repo being updated? are you syncing with webhook? polling? no syncing at all?
  • You are running OPAL standalone - is OPA already running when you run opal client?
  • Is OPA ever being restarted during OPAL client’s runtime?
  • Are you still running 0.1.12? did you try to run the latest version?
  • Did you try to run OPAL client non-standalone (with built-in OPA) and see if the issue persists?

In any case i am trying to zero in with a profiler - will update as soon as i have something concrete 😃

+1
asafc on Oct 26, 2021

Hey @grantmcconnaughey, this is super helpful! we are on it! 😃

+1
asafc on Oct 18, 2021
Read more comments on GitHub
← PermissionsDispatcher: Xiaomi crash java.lang.SecurityException SYSTEM_ALERT_WINDOW
rsql-jpa-specification: Root join on @OneToMany property, not working while sorting in SortUtils.pathToExpression(final Root<?> root, final String path) →