Setting Memory limits on containers for plugins

It would be nice to have the option to limit the amount of memory a container is allowed to use and to restart the container if it reaches this. I know that you can configure a memory limit using option --memory and set restart policy as --restart=always but because the orchestrator is managing the containers I don’t know how to set this. Could this be added as an option on the Connections?

Hey Brandon, want to understand a little bit more about the problem you’re trying to solve. Are you having plugin containers that are exhausting resources and causing issues on the orchestrator? Are there specific plugins that are vulnerable to this?

Yes, I had a support ticket open for it but rapid7_active_directory_ldap_3.2.10_action grows extremely fast getting to close to 10GB every few days. I now restart it a few times ever y day when it gets over 2GB because it starts to impact performance. rapid7_servicenow_4.1.0_action is another that I restart frequently, but not as much, it gets to over 3GB every few days. They are both used in pretty high volume workflows (the LDAP one runs a few hundred times a day and the Service now workflow runs about 14,000 times a month)
Limiting the returned fields to only the desired ones would help because I usually am only looking for a field or two and the LDAP returns a lot, but it also feels like the memory of the variable is not passed to the garbage collector after returned to the workflow and it just grows with every call. Restarting these seems to have no impact on the workflows and keeps performance up, but I have to keep an eye on it usually logging in at least once over the weekends to reset them unless there is an influx of alerts requiring me to log in a few times.

Also, as a point of reference. The LDAP container has increased over 500MB just in the time I typed this.

Thanks for the background. Which LDAP and ServiceNow actions are you using in these high volume workflows? Do you know how many records (roughly) that you’re pulling on each run with LDAP or ServiceNow plugins?

LDAP, Query, 1 User, (UserPrincipalName={{[“Azure User”].[user_information].[userPrincipalName]}})
SNOW, Search CI, Intentionally only pulling back 1 CI, name={{[“Trigger”].[asset]}}
^sys_class_nameNOT LIKEvmware