topic AMP+kubernetes/rancher memory problem in Endpoint Security https://community.cisco.com/t5/endpoint-security/amp-kubernetes-rancher-memory-problem/m-p/4595703#M6817 <P>Hi!<BR /><BR />We have 2 on-prem cloud infrastructures running kubernetes/rancher at the moment for dev and test, but the prod is coming along fast and we ran into the following problem:<BR />the infrastructures consists of the following nodes:<BR />1 "control" node</P><P>3 "master" nodes</P><P>3-4 "worker" nodes&nbsp;</P><P>3-4 "infra" nodes.&nbsp;</P><P>All of them have AMP installed, latest version.&nbsp;</P><P>On the worker and infra nodes, the memory usage of the ampdaemon process starts to ramp up after a while, which triggers the oom killer, which starts to kill the k8s/rancher processes and the infra and worker servers become unavailable.<BR />This doesnt happen on the control or master servers ever.</P><P>I imagine that there might be some problem with the exclusion list, or its a memory leak somewhere between amp and k8s.&nbsp;<BR />This happened just half an hour again on of our infra nodes and the ampdaemon process was using 77% of memory of the server.&nbsp;</P><P>I have disabled the amp service on the test nodes, leaving the dev nodes for troubleshooting for now.&nbsp;</P><P>The exclusion list should be sound, based on the documentation, and we dont have this issue with our other server, which doesnt run k8s either.&nbsp;</P><P>I can't post logs for now, but will do later if needed.&nbsp;</P><P>All mentioned systems are running RHEL8.5, swap off, autoupdate for the connector is set, clam-av linux-only.&nbsp;</P><P>&nbsp;</P> Tue, 19 Apr 2022 20:01:37 GMT cxir 2022-04-19T20:01:37Z AMP+kubernetes/rancher memory problem https://community.cisco.com/t5/endpoint-security/amp-kubernetes-rancher-memory-problem/m-p/4595703#M6817 <P>Hi!<BR /><BR />We have 2 on-prem cloud infrastructures running kubernetes/rancher at the moment for dev and test, but the prod is coming along fast and we ran into the following problem:<BR />the infrastructures consists of the following nodes:<BR />1 "control" node</P><P>3 "master" nodes</P><P>3-4 "worker" nodes&nbsp;</P><P>3-4 "infra" nodes.&nbsp;</P><P>All of them have AMP installed, latest version.&nbsp;</P><P>On the worker and infra nodes, the memory usage of the ampdaemon process starts to ramp up after a while, which triggers the oom killer, which starts to kill the k8s/rancher processes and the infra and worker servers become unavailable.<BR />This doesnt happen on the control or master servers ever.</P><P>I imagine that there might be some problem with the exclusion list, or its a memory leak somewhere between amp and k8s.&nbsp;<BR />This happened just half an hour again on of our infra nodes and the ampdaemon process was using 77% of memory of the server.&nbsp;</P><P>I have disabled the amp service on the test nodes, leaving the dev nodes for troubleshooting for now.&nbsp;</P><P>The exclusion list should be sound, based on the documentation, and we dont have this issue with our other server, which doesnt run k8s either.&nbsp;</P><P>I can't post logs for now, but will do later if needed.&nbsp;</P><P>All mentioned systems are running RHEL8.5, swap off, autoupdate for the connector is set, clam-av linux-only.&nbsp;</P><P>&nbsp;</P> Tue, 19 Apr 2022 20:01:37 GMT https://community.cisco.com/t5/endpoint-security/amp-kubernetes-rancher-memory-problem/m-p/4595703#M6817 cxir 2022-04-19T20:01:37Z