ApacheDockerHttpClient may cause memory leak when client tls verify is set to true and client certificate is provided.
DockerClientConfig custom = DefaultDockerClientConfig.createDefaultConfigBuilder()
.withDockerHost("tcp://docker.somewhere.tld:2376")
.withDockerTlsVerify(true)
.withDockerCertPath("/home/user/.docker")
.withRegistryUsername(registryUser)
.withRegistryPassword(registryPass)
.withRegistryEmail(registryMail)
.withRegistryUrl(registryUrl)
.build();
DockerHttpClient httpClient = new ApacheDockerHttpClient.Builder()
.dockerHost(custom.getDockerHost())
.sslConfig(custom.getSSLConfig())
.build();
The code is copied from https://github.com/docker-java/docker-java/blob/master/docs/getting_started.md
The problem is when build ApacheDockerHttpClient, the maxConnections parameter is not set, the default value is Integer.MAX_VALUE. HttpClient will not reuse the connection when using a client certificate, the result is HttpClient create a new connection for every request and never release one. Here is the explanation.
Suggestion:
Disable connection state when build the HttpClient.
httpClient = HttpClients.custom().disableConnectionState()...
ApacheDockerHttpClient may cause memory leak when client tls verify is set to true and client certificate is provided.
DockerClientConfig custom = DefaultDockerClientConfig.createDefaultConfigBuilder()
.withDockerHost("tcp://docker.somewhere.tld:2376")
.withDockerTlsVerify(true)
.withDockerCertPath("/home/user/.docker")
.withRegistryUsername(registryUser)
.withRegistryPassword(registryPass)
.withRegistryEmail(registryMail)
.withRegistryUrl(registryUrl)
.build();
DockerHttpClient httpClient = new ApacheDockerHttpClient.Builder()
.dockerHost(custom.getDockerHost())
.sslConfig(custom.getSSLConfig())
.build();
The code is copied from https://github.com/docker-java/docker-java/blob/master/docs/getting_started.md
The problem is when build ApacheDockerHttpClient, the maxConnections parameter is not set, the default value is Integer.MAX_VALUE. HttpClient will not reuse the connection when using a client certificate, the result is HttpClient create a new connection for every request and never release one. Here is the explanation.
Suggestion:
Disable connection state when build the HttpClient.
httpClient = HttpClients.custom().disableConnectionState()...