I'm running cerbos in Kubernetes, is there a recommended CPU and memory limit to give it?

Hi! Cerbos is very lightweight and doesn't require a lot of resources. Obviously, the actual requirements depend on factors like requests per second, number of policies etc. For a typical situation you can start with maybe 64mb of memory limit and 0.1 CPU request. Don't set a CPU limit because that'd just throttle Cerbos even when there's plenty of CPU available. Monitor the performance with those settings and adjust as necessary.

Cool, yeah I figured it shouldn't need much. But I'm seeing very high latencies (~1.5s) when checking 50 resources. Is that expected?

Do you run cerbos as a sidecar and send requests to it from the main container? (or how does your setup look like?) Does latency change when you increase the resources?

I'm running it as a standalone service. I need to have resource limits for compliance reasons, so I just bumped it up to this setup:

resources:
  requests:
    cpu: 150m
    memory: 192Mi
  limits:
    cpu: 1
    memory: 384Mi

and it improved somewhat, about 500ms

Since there are many policies referenced in the request, cerbos parallelizes some of the work. That’s why we highly recommend not using the cpu limits at all with the cerbos. In addition, it is important; 1. what storage method is used? 2. is the client sending requests to cerbos at the same cluster?

The request I'm making is actually against just one policy. (many resources, but just one resource kind). Does it still parallelize in that case? I'm using the disk driver for storage. There are no other requests happening since this is in a non-production environment.

Yes, it does parallelize in that case too.