docker--resource control
Overview
Because a host puts multiple containers, by default, docker does not limit the hardware resources of the container image. When the container load is too high, it will occupy the host's resources, so you need to set an upper limit on the container resources. Network resources, CPU, I / O, memory are used to limit.
1. Network resource control
When installing Docker, it will automatically create three networks, bridge (the container is connected to this network by default), none, host.
host (host mode only): The container will not virtualize its own network card, configure its own IP, etc., but use the IP and port of the host machine.
Advantage: The network performance is better, but the network isolation is not good
Container (container mode): the created container will not create its own network card, configure its own IP, but share the IP and port range with a specified container
None: This mode turns off the network function of the container.
Bridge (Bridge Mode): This mode assigns each container, sets the IP, etc., and connects the container to a docker 0 virtual bridge, and communicates with the host through the docker 0 bridge and IPtable nat table configuration.
Network resource management commands
[1] View network mode
docker network ls
[2] Use the bridge mode to create
docker run -itd --name test1 --network bridge --ip 127.17.0.10 centos:7 /bin/bash
//会发现使用bridge无法支持指定IP
// 可以生成镜像和容器 但是无法开启容器
// 如果不加 --ip IP地址 是可以生成容器和镜像的 容器是启动状态
//进容器 发现没有IP地址 可以先装一个 yum install net-tools -y,在查询IP地址 就是发现有一个
[3] Custom network IP
docker network create --subnet = network segment / 24 name
docker network create --subnet=172.18.0.0/16 mynetwork
//最后的mynetwork可以按个人喜欢命名
给容器test3固定mynetwork的网段IP地址
docker run -itd --name test3 --net mynetwork --ip 172.18.0.10 centos:7 /bin/bash
2. CPU usage
cd / sys / fs / cgroup / cpu / docker / You can see the information of all containers.
[1] Limit CPU usage to more than 20%
The number of CPU processes is 100000, then 20% of the CPU is 20000
cpu-quota: Specify the percentage of the upper limit of CPU usage
docker run -itd --name test1 --cpu-quota 20000 centos:7 /bin/bash
-i:表示输入 -t:表示绑定终端
或者
echo 20000 > /sys/fs/cgroup/cpu/docker/容器ID号/cpu.cfs_quota_us
[2] Allocate CPU in proportion
cpu-shares:
cpu resources provide a group of containers to use, the containers in the group use cpu resources proportionally, cpu resources are occupied by containers loaded by load (distributed according to compression ratio), when running idle, cpu resources are allocated Other containers
Create two containers as c1 and c2. If there are only two containers, set the weight of the container so that the CPU resources of c1 and c2 account for 33.3% and 66.7%
docker run -itd --name c1 --cpu-shares 512 centos:7
docker run -itd --name c2 --cpu-shares 1024 centos:7
Verification: enter the container separately and install two software
yum install epel-release -y
yum install stress -y
stress -c 4 //产生四个CPU线程
Verify the CPU percentage on another terminal page, you can see that the cpu of c2 is twice that of c1
docker stats
//可以看到容器的百分比
[3] Restrict the container to use the specified CPU
cpuset-cpus: Specifies that the container can only run on that cpu core (bound cpu); the core uses 0, 1, 2, 3 numbers
docker run -itd --name test2 --cpuset-cpus 1,3 centos:7 /bin/bash
//进容器,安装软件
yum install epel-release -y
yum install stress -y
stress -c 4 //产生四个CPU线程
//验证方法:
//开启另一个终端输入:top 按 1 检查
[4] Memory usage restrictions
docker run -itd --name test3 -m 512m centos:7
验证:
另一个终端查看容器状态 docker stats
[5] Disk I / O read and write optimization
--device-read-bps:限制读某个设备的bps(数据量)
列:docker run -d --device-read-bps /dev/sda:30M centos:7
--device-write-bps:限制写入某个设备的bos(数据量)
列:docker run -d --device-write-bps /dev/sda:30M centos:7
--device-read-iops:限制读某个设备的iops(次数)
--device-write-iops:限制写入某个设备的iops(次数)