Welcome back to Docker Bootcamp. In this post, we’ll look at setting resource limits on containers. By default, containers have full access to the host CPU and RAM just like a regular application installed and running on the host machine. Docker gives us control over how much CPU and RAM each container can consume. Multiple containers will work together to share idle CPU time and available ram, so it is important to consider your application’s needs and available hardware on the host.
Terminology
- CPU Scheduler – Allows a single CPU to share system resources between multiple processes. It selects a process in the queue that is ready for execution.
Commands
- info – Display docker system info
- run – Create and start a new container
- stats – Display a live stream of container resource usage statistics
Command Details
You can find a full list of commands and all available flags at https://docs.docker.com/engine/reference/commandline/docker/.
info
docker info
run
docker run [options] image [command] [args…]
Outputs: ContainerID
| –cpus | O | Specify how much of the available CPUs a container can use (relative to available cpus on the host)
|
|
| –cpuset-cpus | O | Limit which CPU cores are available to a container
|
|
| –cpu-period | O | Used with cpu-quota to configure the cpu scheduler. Sets the scheduler period. | |
| –cpu-quota | O | Used with cpu-period to configure the cpu scheduler. Sets the scheduler limit per period. | |
| –cpu-shares | -c | O | CPU Shares (weight relative to other containers)
|
| –memory | -m | O | Memory limit
|
stats
docker stats [options] [container]
| –all | -a | O | Show all containers (defaults to only show running containers) |
| –no-stream | O | Disable streaming stats (display the results and exit) |
Examples
Setup
The first thing we want to do is check the configuration of our Docker system so we can validate that our resource limits are applied correctly. My test machine has 3 CPUs and 8GB ram.
- Check docker configuration
- docker info
- Notice the lines for CPUs and Total Memory
- docker info
Mine shows 3 CPUs and 6.195GB ram. The Docker daemon is limited from using all the available ram on the system and locking us out of the host machine. Now we will create a container with no resource limits to make sure it matches what is available to Docker.
- Create, start and run an interactive container
- docker run -it –name resourcebase busybox /bin/sh
- List number of available processors
- nproc
- Outputs 3
- nproc
- List memory usage in MB
- free -m
- Lists 6344MB (6344/1024 = 6.195GB)
- free -m
- Inspect container details
- docker inspect resourcebase
- Under HostConfig { CpuShares } you can see a value of 0
- Under HostConfig { Memory } you can see a value of 0
- Under HostConfig { NanoCpus } you can see a value of 0
- Under HostConfig { CpusetCpus } you can see an empty string
- docker inspect resourcebase
- Check stats
- docker stats –no-stream
- Lists memory limit 6.195GB
- docker stats –no-stream
You can see the baseline container has the full CPU and ram that is available to Docker.
CPU Limit
- Create, start and run an interactive container with limited CPU
- docker run -it –cpus=”1.5” –name cpulimit busybox /bin/sh
- This container will have access to all available cores but limited on compute time
- docker run -it –cpus=”1.5” –name cpulimit busybox /bin/sh
- List number of available processors
- nproc
- Outputs 3
- nproc
- Inspect container details
- docker inspect cpulimit
- Under HostConfig { NanoCpus } you can see a value of 1500000000 (1.5 converted to nanoseconds)
- docker inspect cpulimit
Core Limit
- Create, start and run an interactive container with limited cores
- docker run -it –cpuset-cpus=”1-2” –name corelimit busybox /bin/sh
- This container will have full access to the second and third cores
- docker run -it –cpuset-cpus=”1-2” –name corelimit busybox /bin/sh
- List number of available processors
- nproc
- Outputs 2
- nproc
- Inspect container details
- docker inspect corelimit
- Under HostConfig { CpusetCpus } you can see a value 1-2
- docker inspect corelimit
Memory Limit
- Create, start and run an interactive container with limited memory
- docker run -it –memory=”1g” –name memorylimit busybox /bin/sh
- This container will have 1gb of ram available
- docker run -it –memory=”1g” –name memorylimit busybox /bin/sh
- List memory usage in MB
- free -m
- Lists 6344MB (6344/1024 = 6.195GB)
- The limit is a setting internal to docker
- free -m
- Inspect container details
- docker inspect memorylimit
- Under HostConfig { Memory } you can see a value of 1073741824 (1gb)
- docker inspect memorylimit
- Check stats
- docker stats
- Lists memory limit 1GB
- Allow to refresh so we can watch the memory fill up
- Lists memory limit 1GB
- docker stats
- Use the available ram
- tail /dev/zero
- Watch the stats
- When the memory usage reaches 100%, the process is killed
- tail /dev/zero
Resource limits are a great way to divide the physical resources of the host and tune container performance. Make sure to give each container enough resources to perform at reasonable levels. Make sure the host has enough resources to run all the required containers.
Don’t forget to clean up your container workspace and be ready for the next lesson! Until next time! Thanks for reading!
