one,
We deploy a MySQL in the container. If there is no restriction, the MySQL will think that all the resources on this server are for it to use, which may consume a lot of resources. We can use cgroups to limit the usage of container resources.
The full name of cgroups is Linux Control Groups. Its main function is to limit, record and isolate the physical resources (cpu, memory, IO, etc.) used by process groups. cgroup provides two interfaces: cgroupfs, systemd, cgroupfs can be mounted, by default it is mounted in the /sys/fs/cgroup directory. Through the systemd-cgls command, we can see that the process PID of systemd is 1.
After limiting the resource, if the resource used exceeds the limit size, an OOM killed error will appear.
Limit the memory of the container:
For example: nerdctl run -it --name=c1 --rm -m 500m hub.c.163.com/library/centos:latest This container can only consume a maximum of 500M of memory, and cannot consume more. --rm means to automatically clean up the file system inside the container when the container exits, and -m means the upper limit of memory usage.
For container CPU limit:
First, you can execute lscpu under the host machine to see how many CPUs the system has.
When you do not specify the cpu of the container, you will find that the processes in the container are randomly assigned to run in the system's cpu.
To specify that a process in a container run on a specific CPU:
nerdctl run -it --name=c1 --cpuset-cpus=0 --rm hub.c.163.com/library/centos:latest All processes in this container run on cpu0.
If you want to distribute to different cpus --cpuset-cpus=0-3,7. It runs on 4 CPUs of 0, 1, 2, 3, and 7.
2. Container monitoring
Although the command line can use docker status to monitor the container, but the effect is not friendly. So you can use cadvisor to monitor. Developed by Google, the tool monitors host and container information.
First you need to pull the image to pull the image docker pull hub.c.163.com/xbingo/cadvisor:latest
Then check the image information through docker history, and know that port 8080 needs to be opened
use
docker run \
-v /var/run:/var/run \
-v /sys:/sys:ro \
-v /var/lib/docker:/var/lib/docker:ro \
-d -p 8080:8080 --name=mon \
hub.c.163.com/xbingo/cadvisor:latestThen visit ip:8080 to see the web interface:
Tool 2 weave scope
Weave Scope can be used for monitoring, visualization, and management of Docker and Kubernetes containers. It can automatically generate a relationship diagram between containers, and can intuitively understand, monitor, and control containers.
You need to download scope before installation
curl -L git.io/scope -o /usr/local/bin/scope
Then enter the directory scope, start the script scope launch, and you will be prompted to pull the mirror weaveworks/scope first: 1.13.1
docker pull weaveworks/scope:1.13.1
Then run the script again, the running path needs to be fully written, otherwise it may prompt that the command is not found.
You can access the web side of the scope through the returned address:
