I am using a docker compose on a 2GO digitalOcean server to deploy my app, but I noticed that the postgresql container was using all the ram available for him ! This is not normal and I wanted to know how to fix this problem..? So I go in the logs of the container (docker logs postgres) and I found this:
I didn't expect to have logs after 'database is ready to accept connections' logs are like if I didn't have package installed in the container, but I am using the official image so I think it should work...
To help you to help me haha:
my docker-compose file:
version: "3"
services:
monapp:
image: registry.gitlab.com/touretchar/workhouse-api-bdd/master:latest
container_name: monapp
depends_on:
- postgres
ports:
- "3000:3000"
command: "npm run builded-test"
restart: always
deploy:
resources:
limits:
cpus: 0.25
memory: 500M
reservations:
memory: 150M
postgres:
image: postgres:13.1
container_name: postgres
environment:
- POSTGRES_HOST_AUTH_METHOD=trust
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
volumes:
- postgres_datas:/var/lib/postgresql/data/
- postgres_dumps:/home/dumps/test
ports:
- "5432:5432"
restart: always
deploy:
resources:
limits:
cpus: 0.25
memory: 500M
reservations:
memory: 150M
volumes:
postgres_datas:
driver: local
driver_opts:
type: none
device: $PWD/util/databases/pgDatas
o: bind
postgres_dumps:
driver: local
driver_opts:
type: none
device: $PWD/util/databases/test
o: bind
and output of docker stats there:
If you have ideas ! thanks by advance :)
I finally found a solution, it was because my container was compromised!
Indeed my container with postgres had an open port on 5432 to internet, so everyone could connect to it using the digitalocean droplet ip and port (:port), and I think someone was hacking my container and was using all my Ram/cpu allow to the container!
I am sure about this beaucause to correct the problem, I blocked access to the container from outside of my droplet by adding a firewall rule with iptables (you should add the rule in chain DOCKER-USER), and since I add the rule, ram consumption of the container is back to normal, and I Don t have the weird logs I published in my question anymore!
Conclusion: be careful of your Docker container security when they are running on web!
Thanks hope it helps someone :)
