From e6ca94e0f51b98f9c7f51c8e1ddf7ad7fcfa0543 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Mon, 2 Apr 2018 10:52:06 -0700
Subject: [PATCH] Updated How to Install Falco using Containers and or
 Orchestration (markdown)

---
 ...o-Install-Falco-using-Containers-and-or-Orchestration.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/How-to-Install-Falco-using-Containers-and-or-Orchestration.md b/How-to-Install-Falco-using-Containers-and-or-Orchestration.md
index c95b3c4..965b62d 100644
--- a/How-to-Install-Falco-using-Containers-and-or-Orchestration.md
+++ b/How-to-Install-Falco-using-Containers-and-or-Orchestration.md
@@ -47,3 +47,9 @@ sysdig-probe-loader
 ## Container install (K8s)
 
 If you'd like to run falco as a K8s DaemonSet, we have instructions and a sample yaml files [here](https://github.com/draios/falco/tree/dev/examples/k8s-using-daemonset).
+
+## Additional Notes on Running Falco in Containers/K8s
+
+### Growing Memory Usage for Falco Container When Using File Output
+
+If you notice that the memory usage for a container running Falco increases when using file output methods, even when the memory usage of the falco process itself does not increase, it could be due to the buffer page cache being counted against the memory usage of the container. See falco issue https://github.com/draios/falco/issues/338 for a longer discussion, and the underlying K8s bug/feature is discussed in https://github.com/kubernetes/kubernetes/issues/43916. You can safely cap the memory size of the container to a value like 160Mb, at which point the buffer page cache growth will be limited.