We're trying to avoid using too many containers. In order to reduce it, we have come up with two options for the automation:
Which of them will fit better?
Hi @Josep , I would love to understand what led you to want to limit containers. You can reference these Docker Server Configurations, particularly the
containers.high.water.mark to understand how Cortex XSOAR handles containers per docker image. You may change this from the default of 20 to a lower number if you wish. The way to avoid docker memory issues would be through utilizing docker hardening. You can find detailed steps to do so here - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Docker...
Hi @EnesOzdemir , 200 containers is still high. Are your hosts meeting the MT sizing requirements stated here? The general recommendation is 1 tenant per host. If you have multiple tenants on a single host, you need to multiply the single tenant requirement by the times of tenants to find the host resource requirements. Highly recommend keeping the master in it's own host. For more detailed guidance please reach out to your Customer Success Architect available through our Premium Success offering.
Just following up on the previous suggestion. The containers.high.water.mark configuration adds an upper limit to the number of containers per image that will remain active and containers.low.water.mark is the corresponding lower limit. This means that at any point, there will be a number of active containers that correspond to the low water mark, in order to avoid the overhead of cold starting the container. Depending on your use cases, the containers required to process them may also vary with respect to dependencies. So, a single image solution is not the most effective one.
As per the previous recommendation, I would start by hardening docker (https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Docker...) to keep docker in check.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!