This issue explores the potential addition of resource limits (CPU, memory) to OED Docker containers as part of ongoing container security and stability improvements.
From recent work on improving Docker security (see PR #1606, running containers as non-root and adding no-new-privileges), resource limits came up as another possible improvement. However, it’s not clear whether this should be applied directly, since it could affect how OED runs in different environments.
A few considerations:
- Differences between development and production setups
- Impact on smaller vs larger OED deployments
- The fact that many OED instances run inside virtual machines, which may already impose resource constraints
Before making any changes, it would be helpful to understand:
- Whether resource limits should be enabled by default or only in certain configurations
- What reasonable default limits might look like
- Whether this could negatively impact development workflows or performance
This issue is intended to gather input and evaluate whether this is something worth implementing.
This issue explores the potential addition of resource limits (CPU, memory) to OED Docker containers as part of ongoing container security and stability improvements.
From recent work on improving Docker security (see PR #1606, running containers as non-root and adding no-new-privileges), resource limits came up as another possible improvement. However, it’s not clear whether this should be applied directly, since it could affect how OED runs in different environments.
A few considerations:
Before making any changes, it would be helpful to understand:
This issue is intended to gather input and evaluate whether this is something worth implementing.