Dell Automation Platform: Java-Based Containers "OOMKilled" starting from at Kernel 6.12

Summary: Java-based containerized applications (such as Keycloak) may experience unexpected termination due to out-of-memory (OOM) errors when running on Linux Kernel 6.12 or later. This issue stems from changes in how the kernel exposes "cgroup" memory limits. These changes affect the Java Virtual Machine's (JVM) ability to detect and respect container memory constraints correctly. ...

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Symptoms

For NativeEdge Dell Automation Platform, keycloak is getting OOMKilled during initialization. For example it may happen during the helm installation, when the keycloak pod is coming up.

Logs inside the keycloak end with:

Appending additional Java properties to JAVA_OPTS
Changes detected in configuration. Updating the server image.
Updating the configuration and installing your custom providers, if any. Please wait.

The description of the container shows:

State: Waiting
  Reason: CrashLoopBackOff
Last State: Terminated
  Reason: OOMKilled

For other environments, it could be:

  • The system terminates Java containers (for example, keycloak, Kafka, Elasticsearch) with an OOMKilled status.
  • JVM reports unexpectedly high heap size estimates, often matching host memory rather than container limits.
  • Memory tuning flags like -XX:MaxRAMPercentage appear ineffective.
  • Logs may show messages such as:
    • [debug][os,container] controller memory is not enabled
    • [debug][os,container] One or more required controllers disabled at kernel level

Cause

Starting with Linux Kernel 6.12, the kernel no longer exposes cgroup controller information by /proc/cgroups, which the JVM previously relied on to detect container memory limits. This change breaks container awareness in affected JVM versions, causing them to assume they have access to the full host memory. As a result, the JVM allocates more memory than the container allows, triggering the kernel's OOMkiller.

There are several issues for this in open-source projects:

Ubuntu 24.04.3 does not use the 6.12 Kernel by default. But some images are updated with 6.12, 6.13, 6.14 versions already (for example, in the AWS image library).

Resolution

There are two possible quick workarounds.

  • Temporarily increase the memory limits for the container. For example, here are steps to proceed with the installation of Dell Automation Platform, doubling the memory limit for the keycloak container.
To do so, you must run the following command (check your orchestrator namespace, for example, below dapo is the default orchestrator namespace: 
kubectl edit sts keycloak -n dapo
Find the memory limits and requests, and double them. keycloak consumes lots of memory on the preparation step. This increase allowed us to pass this initialization step.
  • Explicitly Set JVM Memory Limits

Use startup flags to manually restrict memory usage:

extraEnvVars:
  - name: JAVA_OPTS_KC_HEAP
    value: "-XX:MaxRAMPercentage=70 -XX:MinRAMPercentage=70 -XX:InitialRAMPercentage=50 -XX:MaxRAM=1G"

Produse afectate

Dell Automation Platform, NativeEdge Solutions, Dell Automation Platform Components, NativeEdge
Proprietăți articol
Article Number: 000369678
Article Type: Solution
Ultima modificare: 16 Oct 2025
Version:  2
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.