Skip to content

feat(services): add per-service Docker resource limits#53

Merged
GeiserX merged 1 commit into
mainfrom
feat/service-resource-limits
Jul 5, 2026
Merged

feat(services): add per-service Docker resource limits#53
GeiserX merged 1 commit into
mainfrom
feat/service-resource-limits

Conversation

@GeiserX

@GeiserX GeiserX commented Jul 5, 2026

Copy link
Copy Markdown
Owner

Mirrors CashPilot #95 — part of the 2026-07-05 fleet OOM remediation. Makes per-service earner memory limits durable in the Desktop app by declaring them in the service YAML and applying them on the Docker HostConfig at container creation. Previously containers were created with no memory ceiling, so a leaking earner could OOM the host.

What changed

Schema + data model

  • services/_schema.yml: documents an optional docker.resources block — mem_limit (e.g. "768m"/"2g"), optional mem_reservation, and oom_score_adj (int, -1000..1000).
  • internal/catalog: parses it into DockerConfig.Resources. OomScoreAdj is a *int so an absent value is distinguishable from an explicit 0 and is applied only when present.

Apply on the container (internal/runtime)

  • Deploy() now calls applyResourceLimits(hostConfig, svc.Docker.Resources) right before ContainerCreate.
  • Sets HostConfig.Memory, HostConfig.MemoryReservation, and HostConfig.OomScoreAdj — each only when present in the YAML.
  • memory-swap is deliberately left unset (Docker derives it from Memory).
  • parseMemoryBytes converts Docker-style size strings using binary units ("768m" = 768 MiB, "2g" = 2 GiB), matching docker run --memory / compose mem_limit. A malformed size fails the deploy fast rather than running the earner unbounded.

Service limits (same values as #95, for the services that exist in this repo):

tier services mem_limit oom_score_adj
protected storj 2g -100
protected anyone-protocol 1536m -100
protected mysterium 768m -100
expendable proxyrack, earnapp 256m 300
expendable honeygain 256m 200
expendable earnfm, bitping 128m 200
expendable iproyal, packetstream, proxylite, repocket, traffmonetizer, urnetwork, proxybase 128m 300

Protected storage/VPN services get a negative oom_score_adj; expendable bandwidth earners get positive scores so the kernel reaps them first under memory pressure. The other 34 catalog services are untouched.

Tests

  • parseMemoryBytes: binary units, trailing b, mixed case, whitespace, fractional mantissa, and rejection of empty/non-positive/garbage inputs.
  • applyResourceLimits: values land on HostConfig; memory-swap stays unset; an absent block leaves defaults; a malformed size errors without mutating HostConfig.
  • catalog: docker.resources parses from YAML; a service without the block leaves the fields zero/nil.

gofmt -l clean · go vet ./... clean · go test -race -covermode=atomic ./... green (all 8 packages). Also verified the 15 real service YAMLs load to the exact intended values through the real catalog parser.

Mirror CashPilot #95 (2026-07-05 fleet OOM remediation): declare an
optional docker.resources block (mem_limit, mem_reservation,
oom_score_adj) in the service YAML and apply it on the container
HostConfig at creation, so earner memory ceilings and OOM-kill priority
are durable across restarts instead of set out-of-band.

- catalog: parse docker.resources into DockerConfig.Resources
  (OomScoreAdj is *int so absent is distinguishable from an explicit 0)
- runtime: set HostConfig Memory / MemoryReservation / OomScoreAdj from
  the block when present; memory-swap left unset. Binary-unit size
  parsing ("768m" = 768 MiB, "2g" = 2 GiB) matching docker --memory
- services: protect storj (2g) / mysterium (768m) / anyone-protocol
  (1536m) with negative oom_score_adj; cap expendable earners (128-256m)
  with positive scores so the kernel reaps them first under pressure
- tests: size parsing, HostConfig application, and YAML parse
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@GeiserX, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 37 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6029d7d2-2f5f-454c-be92-aa4bb869c76d

📥 Commits

Reviewing files that changed from the base of the PR and between d3140e6 and 32a049e.

📒 Files selected for processing (20)
  • internal/catalog/catalog.go
  • internal/catalog/catalog_test.go
  • internal/runtime/runtime.go
  • internal/runtime/runtime_test.go
  • services/_schema.yml
  • services/bandwidth/bitping.yml
  • services/bandwidth/earnapp.yml
  • services/bandwidth/earnfm.yml
  • services/bandwidth/honeygain.yml
  • services/bandwidth/iproyal.yml
  • services/bandwidth/mysterium.yml
  • services/bandwidth/packetstream.yml
  • services/bandwidth/proxybase.yml
  • services/bandwidth/proxylite.yml
  • services/bandwidth/proxyrack.yml
  • services/bandwidth/repocket.yml
  • services/bandwidth/traffmonetizer.yml
  • services/bandwidth/urnetwork.yml
  • services/depin/anyone-protocol.yml
  • services/storage/storj.yml
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/service-resource-limits

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 90.24390% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.41%. Comparing base (d3140e6) to head (32a049e).

Files with missing lines Patch % Lines
internal/runtime/runtime.go 90.24% 4 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main      #53      +/-   ##
==========================================
+ Coverage   62.81%   63.41%   +0.60%     
==========================================
  Files           8        8              
  Lines        1826     1867      +41     
==========================================
+ Hits         1147     1184      +37     
- Misses        597      601       +4     
  Partials       82       82              
Files with missing lines Coverage Δ
internal/catalog/catalog.go 34.83% <ø> (ø)
internal/runtime/runtime.go 54.65% <90.24%> (+3.07%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@GeiserX

GeiserX commented Jul 5, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@GeiserX GeiserX merged commit c4c3a4d into main Jul 5, 2026
5 checks passed
@GeiserX GeiserX deleted the feat/service-resource-limits branch July 5, 2026 18:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant