search

grapl-security / grapl

Graph platform for Detection and Response
https://www.graplsecurity.com
Apache License 2.0
686 stars 78 forks source link

Save some Nomad memory credits from the plugin's consul connect envoy proxy tasks #2088

Closed wimax-grapl closed 2 years ago

wimax-grapl commented 2 years ago

Which issue does this PR correspond to?

None

What changes does this PR make to Grapl? Why?

Currently, by default, every sidecar_service gets 300MB of Nomad memory credits. What that means is: when you deploy a Analyzer (which has three Envoy proxies + 1 plugin process) we're taking up 1GB of Nomad memory credits!

(I'm using the term 'credits' here to say that this is how many available tokens are available in a given node's bucket of memory it can give out - not how much each process actually uses)

Here's what current usage actually looks like for the plugin tasks I see right now. image

It may turn out we need to tune these numbers a bit, but in the meantime I'm just running it against CI and seeing how it turns out.

How were these changes tested?

CI here and now

codecov[bot] commented 2 years ago

Codecov Report

Base: 40.87% // Head: 40.88% // Increases project coverage by +0.01% :tada:

Coverage data is based on head (024e0e4) compared to base (9a9166c). Patch has no changes to coverable lines.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #2088 +/- ## ========================================== + Coverage 40.87% 40.88% +0.01% ========================================== Files 410 410 Lines 9802 9802 ========================================== + Hits 4007 4008 +1 + Misses 5795 5794 -1 ``` | [Impacted Files](https://codecov.io/gh/grapl-security/grapl/pull/2088?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grapl-security) | Coverage Δ | | |---|---|---| | [...rust-proto/src/graplinc/grapl/api/graph/v1beta1.rs](https://codecov.io/gh/grapl-security/grapl/pull/2088/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grapl-security#diff-c3JjL3J1c3QvcnVzdC1wcm90by9zcmMvZ3JhcGxpbmMvZ3JhcGwvYXBpL2dyYXBoL3YxYmV0YTEucnM=) | `54.76% <0.00%> (ø)` | | | [src/rust/sysmon-parser/src/util.rs](https://codecov.io/gh/grapl-security/grapl/pull/2088/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grapl-security#diff-c3JjL3J1c3Qvc3lzbW9uLXBhcnNlci9zcmMvdXRpbC5ycw==) | `41.61% <0.00%> (+0.67%)` | :arrow_up: | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grapl-security). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=grapl-security)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.