CGroup of docker resource limitation

Lianhuasheng 2021-05-04 16:57:16
cgroup docker resource limitation



1. Liunx cgroup

Use namespace Isolated operating environment , Make the process run as if it were in a stand-alone environment . However , Isolation is not enough , You have to limit it namespace Isolated resources . otherwise ,namespace Unlimited access to system resources . also , When system resources are exhausted, the kernel triggers OOM Kill the process you don't want to close .

Liunx Provide cgroup Manage resources , It can be limited by namespace Isolated resources , At the same time, you can set weights on resources , Calculate usage , Control process / Thread start and stop, etc .

( Details can be found at man cgroup and here )

2. docker cgroup

stay docker Of cgroup In the implementation ,docker daemon It will be created in the control group directory of each subsystem called docker Control group for . then , Create containers for each container under the control group ID Container control group named . To limit the amount of CPU Create a container for example :

root@chunqiu:/# docker run -d --cpu-shares 30 --cpu-quota 25000 --cpu-period 1000 --name chunqiu sleep infinity
25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00
root@chunqiu:/# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
25dbad77c117 5bafba9edb0b "sleep infinity" 4 seconds ago Up 2 seconds chunqiu

View the container control group :

root@chunqiu:/sys/fs/cgroup/cpu/docker# ls
25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00 cpuacct.stat cpu.cfs_period_us cpu.stat
cgroup.clone_children cpuacct.usage cpu.cfs_quota_us notify_on_release
cgroup.procs cpuacct.usage_percpu cpu.shares tasks
root@chunqiu:/sys/fs/cgroup/cpu/docker# cd 25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00/
root@chunqiu:/sys/fs/cgroup/cpu/docker/25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00# ls
cgroup.clone_children cpuacct.stat cpuacct.usage_percpu cpu.cfs_quota_us cpu.stat tasks
cgroup.procs cpuacct.usage cpu.cfs_period_us cpu.shares notify_on_release
root@chunqiu:/sys/fs/cgroup/cpu/docker/25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00# cat tasks
15331
root@chunqiu:/sys/fs/cgroup/cpu/docker/25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00# cat cpu.cfs_quota_us
25000
root@chunqiu:/sys/fs/cgroup/cpu/docker/25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00# cat cpu.shares
30
root@chunqiu:/sys/fs/cgroup/cpu/docker/25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00# cat cpu.cfs_period_us
1000

You can see , The resources of the container ( process 15331) Write to cgroup In control group , Implements the restrictions on the container's access to system resources .

Into the container , Start another process , See if the process is added to the container control group :

/* Go into the container and open a bash process */
root@chunqiu:/sys/fs/cgroup/cpu/docker# docker exec -it chunqiu /bin/bash
bash-5.0$

View the container control group :

root@chunqiu:/sys/fs/cgroup/cpu/docker/25dbad77c117efc91b03fd76162ffbab01d2c2ada42ac3d25baa00c97a693e00# cat tasks
15331
15890
root@chunqiu:/# ps -ef | grep 15313 | grep -v grep
root 15313 817 0 07:52 ? 00:00:00 containerd-shim /var/run/docker/runtime-runc
9999 15331 15313 0 07:52 ? 00:00:00 /usr/bin/sleep infinity
9999 15890 15313 0 08:15 pts/0 00:00:00 /bin/bash

A new process has been added to the container 15890, It's in the container bash process ,cgroup For the container control group sleep and bash The process is limited .

版权声明
本文为[Lianhuasheng]所创,转载请带上原文链接,感谢
https://javamana.com/2021/05/20210504165533456z.html

  1. Realization of reactor Kafka through spring boot Webflux
  2. RPC框架设计----Socket与I/0模型
  3. Problems in upgrading from Java 8 to Java 11
  4. RPC framework design -- socket and I / 0 model
  5. RPC框架设计----I/0模型
  6. RPC framework design: I / 0 model
  7. RPC框架设计----NIO编程缓冲区Buffer
  8. RPC框架设计----NIO编程缓冲区Buffer
  9. RPC framework design -- NiO programming buffer
  10. RPC framework design -- NiO programming buffer
  11. Java多线程基础
  12. Java multithreading Foundation
  13. 码农飞升记-00-Java发展历程
  14. Development history of coder-00-java
  15. 码农飞升记-00-Java发展历程
  16. Development history of coder-00-java
  17. Spring and Autumn Moon
  18. Node.js与Spring Boot比较? - Ryan Gleason
  19. Spring WebFlux的明显陷阱 - ŁukaszKyć
  20. Spring创始人Rod大叔对YAML的真实想法
  21. Compare node.js with spring boot- Ryan Gleason
  22. Obvious pitfalls of spring Webflux- Ł ukaszKy ć
  23. Spring founder uncle rod's real thoughts on yaml
  24. 码农飞升记-02-OracleJDK是什么?OracleJDK的版本怎么选择?
  25. What is manong feisheng-02-oracle JDK? How to choose the version of Oracle JDK?
  26. Spring tide surging Xinanjiang
  27. Linux内核软中断
  28. Linux kernel soft interrupt
  29. Linux内核软中断
  30. Linux kernel soft interrupt
  31. Java multithreading Foundation
  32. The construction of Maven private library nexus
  33. I / O stream in Java
  34. JDK 16:Java 16的新功能 - InfoWorld
  35. 在Java中本地进行线程间数据传输的三种方式和源码展示
  36. jdon导致cpu 99%最后tomcat死掉---banq给予回复
  37. 用领域事件模拟AOP注入
  38. JDK 16: new function of Java 16 - InfoWorld
  39. Cartoon: from JVM lock to redis distributed lock
  40. Spring 3.1 终于加入了Cache支持
  41. Prototype与JQuery对比
  42. Three ways of data transmission between threads in Java and source code display
  43. Jdon causes 99% of CPU and Tomcat dies -- banq replies
  44. docker 原理之 user namespace(下)
  45. Simulating AOP injection with domain events
  46. Spring 3.1 finally adds cache support
  47. Comparison between prototype and jquery
  48. User namespace of docker principle (2)
  49. The way to learn java IO stream and XML
  50. Why does a seemingly correct code cause the Dubbo thread pool to be full
  51. 0 基础 Java 自学之路(2021年最新版)
  52. 0 basic Java self study road (latest version in 2021)
  53. c#—基础拾遗(1) 面向对象
  54. C - basic information (1) object oriented
  55. 技术分享|SQL和 NoSQL数据库之间的差异:MySQL(VS)MongoDB
  56. Technology sharing differences between SQL and NoSQL databases: MySQL (VS) mongodb
  57. PHP教程/面向对象-3~构造函数和析构函数
  58. Spring Cloud的Feign客户端入门
  59. 优化Spring Boot应用的Docker打包速度
  60. PHP tutorial / object oriented - 3 ~ constructor and destructor