Monitoring and allocating system memory is one of the primary things that an application developer has to deal with on Kubernetes. It turns out that this is a much more complicated affair than simply reading a number from the task manager. “How much memory do I have?”, “Who is using how much memory?”, “How much memory do my applications need?”. Those are the typical questions that we ask when it comes to investigating memory shortages. Answering them correctly takes some understanding of the operating environment that the executable runs in. This blog post is a collection of my personal notes on the Linux memory subsystem and Kubernetes internals relevant to the questions above.
In a past project, the customer utilized Prisma Cloud Compute for scanning running containers for known vulnerabilities (This is not endorsement of this particular software, just the one the customer decided to employ). In theory, it provided a detailed view of the container patch level within the organization. However, the end result was often one of two options: