feat: Add ulimit cap to prevent memory bloat in some misconfigured versions of Docker/containerd Hosts (e.g. on Debian 13) #5025
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rsions of Docker/containerd Hosts (e.g. on Debian 13) On certain systems (e.g., Debian 13 with modern container runtimes), a very high default `nofiles` ulimit can cause the Erlang VM (beam.smp) to pre-allocate excessive amounts of memory, leading to container crashes. This change introduces a safeguard directly into the entrypoint script: - It caps the soft `ulimit -n` to a configurable maximum, defined by the `ULIMIT_MAX_NOFILE` environment variable (defaults to 65536). - This behavior can be disabled by setting `ULIMIT_MAX_NOFILE=0`. - The new environment variable has been added to the documentation. To satisfy ShellCheck (SC3045), the script's shebang is set to `#!/usr/bin/env dash`, as `ulimit -n` is a common but not strictly POSIX-compliant extension.
For consistency with the `entrypoint.sh` script's shebang (`#!/usr/bin/env dash`), this change updates the Dockerfile's ENTRYPOINT to call `/bin/dash` directly instead of `/bin/sh`. This makes the choice of shell explicit and ensures the script is always executed by the intended interpreter, regardless of what `/bin/sh` might point to in future base images.
✅ Deploy Preview for teslamate ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
This was referenced Nov 5, 2025
Member
Author
|
After merging this, I will merge #4890 and do the next release, see discussion here |
swiffer
approved these changes
Nov 5, 2025
swiffer
deleted the
feat-Avoid-memory-bloat-in-misconfigured-docker-hosts
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
On certain systems (e.g., Debian 13 with modern container runtimes), a very high default
nofilesulimit can cause the Erlang VM (beam.smp) to pre-allocate excessive amounts of memory, leading to container crashes.This change introduces a safeguard directly into the entrypoint script:
ulimit -nto a configurable maximum, defined by theULIMIT_MAX_NOFILEenvironment variable (defaults to 65536).ULIMIT_MAX_NOFILE=0.To satisfy ShellCheck (SC3045), the script's shebang is set to
#!/usr/bin/env dash, asulimit -nis a common but not strictly POSIX-compliant extension.For consistency with the
entrypoint.shscript's shebang (#!/usr/bin/env dash), this change updates the Dockerfile's ENTRYPOINT to call/bin/dashdirectly instead of/bin/sh.fixes #4940 and related to #3045.
successor of #4999. Thanks @dyxyl for your work on this.
Architecture decision
Rather than changing the documentation to set up the host correctly, this change means that users do not need to update their Docker Compose files. This results in fewer tickets about memory bloat, because users did not follow the latest documentation.