Skip to main content
Version: v4.17

Limit the Memory of Sidecar Services

The memory available to the sidecar is determined by the deployment environment of the sidecar, such as the EC2 instance type or the Kubernetes pod configuration. However, the memory available to the sidecar is shared among all services running within the sidecar.

Each of the individual services within the sidecar has a default memory limit. The memory limit is a maximum number of bytes of RAM that a service is allowed to consume. This is useful to prevent a single service from consuming all available memory on the container and causing other services to fail as a result. Currently, each "wire" service has a default memory limit of 512MB, while other services are limited to 128MB. When a service exceeds its memory limit, it will panic and exit, causing the sidecar to restart the service.

Users can override the default memory limits if desired by setting various environment variables as detailed below.

Environment Variables

The following environment variables can be set to override the default memory limits.

Wires (default 512MB since v4.15.1 and 128MB on all previous versions):

  • CYRAL_DREMIO_WIRE_MAX_MEM
  • CYRAL_DYNAMODB_WIRE_MAX_MEM
  • CYRAL_MONGODB_WIRE_MAX_MEM
  • CYRAL_MYSQL_WIRE_MAX_MEM
  • CYRAL_ORACLE_WIRE_MAX_MEM
  • CYRAL_PG_WIRE_MAX_MEM
  • CYRAL_S3_WIRE_MAX_MEM
  • CYRAL_SNOWFLAKE_WIRE_MAX_MEM
  • CYRAL_SQLSERVER_WIRE_MAX_MEM

Misc. services (default 128MB):

  • ALERTER_MAX_SYS_SIZE_MB
  • CYRAL_AUTHENTICATOR_MAX_SYS_SIZE_MB
  • FORWARD_PROXY_MAX_SYS_SIZE_MB
  • NGINX_PROXY_HELPER_MAX_SYS_SIZE_MB
  • SERVICE_MONITOR_MAX_SYS_SIZE_MB

Values should be set in megabytes (MB). For example, to set the memory limit for the PostgreSQL wire service to 1GB, set CYRAL_PG_WIRE_MAX_MEM=1024.

Setting Environment Variables

The above environment variables can be set in the sidecar container using the appropriate method for the deployment environment. For example, in a Kubernetes deployment, the environment variables can be set in the pod spec. In an EC2 deployment, the environment variables can be set in the user data script and passed to the sidecar container via the -e Docker flag. In general, the environment variables should be set in the same way as other environment variables for the sidecar container.

If using one of the Cyral provided deployment quickstarts, please refer to the specific quickstart documentation for how to set environment variables for the sidecar container and/or how to configure the memory limits for the sidecar services.