RFR: 8350596: [Linux] Increase default MaxRAMPercentage for containerized workloads

Stefan Johansson sjohanss at openjdk.org
Tue May 13 07:41:50 UTC 2025 

On Fri, 9 May 2025 10:04:41 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:

> Thanks for looking at this, Stefan.
> 
> > Thinking back to the discussions we had around this at OCW, I remember there were some concerns regarding different types of deployments. I think this really makes sense in the cases where we divide a machines memory using containers, but what if containers are just used to divide other resources. One use-case that was raised was containerized applications on Linux.
> 
> Currently there is only the generic `is_containerized()` API which has been documented in the bug that fixed that: [JDK-8261242](https://bugs.openjdk.org/browse/JDK-8261242?focusedId=14685743&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-14685743)
> 
> So yes, this would update the RAM percentage for a) unprivileged container (no limits), b) some other container tech which sets the cgroup CPU limit for example. The JVM currently only looks at memory/cpu limits for privileged containers and takes that into consideration for `is_containerized()`. If there is consensus, we could add an API that returns true if only a memory limit is present. That doesn't exist yet, though. Happy to propose something going into that direction. The infra is already there.
> 

This could be a good direction, we at least need some way to avoid desktop Java apps using too much memory out of the box. There was some talk about using 75% when containerized, but also looking at the machine total, so that if 75% of the container is more than 25% of the machine we fall back to 25% of the machine. For example, for an 8g container on a 16g machine, we would constrain the heap to 4g (25% of machine) rather than 6g (75% of the container). This would of course not be optimal in all situations either, but it would be a fall back to the old defaults for limit-less containers and still in some cases provide a higher default heap for memory configured container deployments. 

> > I'm not sure if such an application would report true for `is_containerized()`, but it would be nice to have some data around this.
> 
> It would return true for any non-privileged container. I can see that this might be a concern.
> 
Thanks for verifying this.

> > Have you done any testing with containerized apps?
> 
> I have done some basic testing so far, but would be happy to do more. What specific testing would you be interested in?

I was mostly thinking about limitless containers (desktop apps) to see if we run into the problems of using way too much memory, but given your answer above I guess we would.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/25086#issuecomment-2875389061

More information about the hotspot-gc-dev mailing list