Development

Docker Bootcamp – Resource Limits

Viktor Theo Mkg01ffx8nm Unsplash (1)

Welcome back to Docker Bootcamp. In this post, we’ll look at setting resource limits on containers. By default, containers have full access to the host CPU and RAM just like a regular application installed and running on the host machine. Docker gives us control over how much CPU and RAM each container can consume.  Multiple containers will work together to share idle CPU time and available ram, so it is important to consider your application’s needs and available hardware on the host.

Terminology

  • CPU Scheduler – Allows a single CPU to share system resources between multiple processes. It selects a process in the queue that is ready for execution.

Commands

  • info – Display docker system info
  • run – Create and start a new container
  • stats – Display a live stream of container resource usage statistics

Command Details

You can find a full list of commands and all available flags at https://docs.docker.com/engine/reference/commandline/docker/.

 info

docker info

run

docker run [options] image [command] [args…]
Outputs: ContainerID

–cpus O Specify how much of the available CPUs a container can use (relative to available cpus on the host)

  • 0.5 (equivalent to –cpu-period=”100000” –cpu-quota=”50000”)
  • 1.0 (equivalent to –cpu-period=”100000” –cpu-quota=”100000”)
  • 1.5 (equivalent to –cpu-period=”100000” –cpu-quota=”150000”)
  • 2.0 (equivalent to –cpu-period=”100000” –cpu-quota=”200000”)
–cpuset-cpus O Limit which CPU cores are available to a container

  • Single Number (0 = first core)
  • Range (0-3 = first four cores)
  • List (1,3 = second and fourth cores)
–cpu-period O Used with cpu-quota to configure the cpu scheduler.  Sets the scheduler period.
–cpu-quota O Used with cpu-period to configure the cpu scheduler.  Sets the scheduler limit per period.
–cpu-shares -c O CPU Shares (weight relative to other containers)

  • Default value is 1024
  • A container with a share value of 682 will have twice the cpu priority as a container with share value of 341
  • Only used when cpu cycles are constrained
–memory -m O Memory limit

  • A positive integer followed by a size suffix (b, k, m, g for byte, kilobyte, megabyte, gigabyte)
  • A hard limit that cannot be surpassed
  • This setting is internal to docker
  • The container will not know it has a limit

 

stats

docker stats [options] [container]

–all -a O Show all containers (defaults to only show running containers)
–no-stream O Disable streaming stats (display the results and exit)

 

Examples

Setup

The first thing we want to do is check the configuration of our Docker system so we can validate that our resource limits are applied correctly. My test machine has 3 CPUs and 8GB ram.

  • Check docker configuration
    • docker info
      • Notice the lines for CPUs and Total Memory

Mine shows 3 CPUs and 6.195GB ram. The Docker daemon is limited from using all the available ram on the system and locking us out of the host machine. Now we will create a container with no resource limits to make sure it matches what is available to Docker.

  • Create, start and run an interactive container
    • docker run -it –name resourcebase busybox /bin/sh
  • List number of available processors
    • nproc
      • Outputs 3
  • List memory usage in MB
    • free -m
      • Lists 6344MB (6344/1024 = 6.195GB)
  • Inspect container details
    • docker inspect resourcebase
      • Under HostConfig { CpuShares } you can see a value of 0
      • Under HostConfig { Memory } you can see a value of 0
      • Under HostConfig { NanoCpus } you can see a value of 0
      • Under HostConfig { CpusetCpus } you can see an empty string
  • Check stats
    • docker stats –no-stream
      • Lists memory limit 6.195GB

You can see the baseline container has the full CPU and ram that is available to Docker.

CPU Limit

  • Create, start and run an interactive container with limited CPU
    • docker run -it –cpus=”1.5” –name cpulimit busybox /bin/sh
      • This container will have access to all available cores but limited on compute time
  • List number of available processors
    • nproc
      • Outputs 3
  • Inspect container details
    • docker inspect cpulimit
      • Under HostConfig { NanoCpus } you can see a value of 1500000000 (1.5 converted to nanoseconds)

Core Limit

  • Create, start and run an interactive container with limited cores
    • docker run -it –cpuset-cpus=”1-2” –name corelimit busybox /bin/sh
      • This container will have full access to the second and third cores
  • List number of available processors
    • nproc
      • Outputs 2
  • Inspect container details
    • docker inspect corelimit
      • Under HostConfig { CpusetCpus } you can see a value 1-2

Memory Limit

  • Create, start and run an interactive container with limited memory
    • docker run -it –memory=”1g” –name memorylimit busybox /bin/sh
      • This container will have 1gb of ram available
  • List memory usage in MB
    • free -m
      • Lists 6344MB (6344/1024 = 6.195GB)
      • The limit is a setting internal to docker
  • Inspect container details
    • docker inspect memorylimit
      • Under HostConfig { Memory } you can see a value of 1073741824 (1gb)
  • Check stats
    • docker stats
      • Lists memory limit 1GB
        • Allow to refresh so we can watch the memory fill up
  • Use the available ram
    • tail /dev/zero
      • Watch the stats
      • When the memory usage reaches 100%, the process is killed

Resource limits are a great way to divide the physical resources of the host and tune container performance. Make sure to give each container enough resources to perform at reasonable levels. Make sure the host has enough resources to run all the required containers.

Don’t forget to clean up your container workspace and be ready for the next lesson! Until next time! Thanks for reading!

About the Author

More from this Author

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up
Categories