Loading...
Loading...
For NativeEdge Dell Automation Platform 1.0, keycloak is getting OOMKilled during initialization. For example it may happen during the helm installation, when the keycloak pod is coming up. Logs inside the keycloak end with: Appending additional Java properties to JAVA_OPTS Changes detected in configuration. Updating the server image. Updating the configuration and installing your custom providers, if any. Please wait. The description of the container shows: State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: OOMKilled For other environments, it could be: The system terminates Java containers (for example, keycloak , Kafka, Elasticsearch) with an OOMKilled status. JVM reports unexpectedly high heap size estimates, often matching host memory rather than container limits. Memory tuning flags like -XX:MaxRAMPercentage appear ineffective. Logs may show messages such as: [debug][os,container] controller memory is not enabled [debug][os,container] One or more required controllers disabled at kernel level
Starting with Linux Kernel 6.12, the kernel no longer exposes cgroup controller information by /proc/cgroups , which the JVM previously relied on to detect container memory limits. This change breaks container awareness in affected JVM versions, causing them to assume they have access to the full host memory. As a result, the JVM allocates more memory than the container allows, triggering the kernel's OOMkiller . There are several issues for this in open-source projects: Bitnami Keycloak Issue #31711 Keycloak GitHub Issue #36609 OpenJDK Issue JDK-8346874 Ubuntu 24.04.3 does not use the 6.12 Kernel by default. But some images are updated with 6.12, 6.13, 6.14 versions already (for example, in the AWS image library).
This issue is resolved from Dell Automated Platform 1.1 and later If the issue is encountered on Dell Automated Platform 1.0 there are two possible quick workarounds. Temporarily increase the memory limits for the container. For example, here are steps to proceed with the installation of Dell Automation Platform, doubling the memory limit for the keycloak container. To do so, you must run the following command (check your orchestrator namespace, for example, below dapo is the default orchestrator namespace: kubectl edit sts keycloak -n dapo Find the memory limits and requests, and double them. keycloak consumes lots of memory on the preparation step. This increase allowed us to pass this initialization step. Explicitly Set JVM Memory Limits Use startup flags to manually restrict memory usage: extraEnvVars: - name: JAVA_OPTS_KC_HEAP value: "-XX:MaxRAMPercentage=70 -XX:MinRAMPercentage=70 -XX:InitialRAMPercentage=50 -XX:MaxRAM=1G"
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
BugZero Plan
Streamline upgrades with automated vendor bug scrubs
BugZero Prevent
Wish you caught this bug sooner? Get proactive today.