What is the resource limit?
By default, there is no container resource constraints, it will be able to use as much as possible host of resources allocated to it. Docker is provided a control how much of the allocated memory, CPU, or blocking I / O to an embodiment of the container, i.e., configured by a flag set to run at the time when the docker run or docker create command.
Many of these features require you to support Linux kernel function, you can check whether the support by docker info command, if the kernel disable a feature, you may receive a Warning in below.
docker-info
On Linux hosts, if detected by the kernel does not have enough memory to perform the important function of the system, it throws a OOME (Out Of Memory Exception), once OOME happen, Linux will start killing processes to free up memory. Any process are likely to be killed, including docker daemon and other important applications. If the wrong process is killed, it can reduce the effect of the use of the entire system.
Docker limit the use of memory
Resource constraints used in Docker may impose restrictions on the container, i.e. only the use of the container does not exceed a system memory or other soft limits of a given number. Here are a few of the most common options, we can specify when docker run or docker create create a container for resource usage restrictions limiting container.
|
Options
|
description
|
|
-m 或 -memory=
|
The maximum amount of memory that can be used in containers. If you set this option, then the minimum allowable value is 4m (4MB).
|
|
--memory-swap
|
This allows the container exchange amount of memory to disk.
|
|
--kernel-memory
|
The maximum amount of memory the kernel of the container may be used, allowing a minimum value 4m (4MB). Since the kernel memory can not be swapped out, so the lack of kernel memory containers may block a host of resources, which could have a host of other vessels and cause side effects.
|
Docker CPU usage restrictions
By default, each container for access to the host CPU cycles are unlimited. We can set various constraints to restrict access to a given container host CPU cycles. Most users use and configure the CFS scheduler (the default) or real-time scheduler. Here are several common options for configuring the default CFS scheduler to limit the use of the container for the CPU.
|
Options
|
description
|
|
--cpus=<value>
|
The amount of available CPU resources specified container may be used, for example, there are four host CPU, you can set up a container --cpus = "3.5", the limit maximum of 3.5 CPU container.
|
|
--cpuset-cpus
|
Limited to a particular CPU core or container may be used, for example, there are four host CPU, you can give the container provided --cpuset-cpus = "1,3", the vessel is restricted only use the second and fourth CPU .
|
Verify Docker resource constraints
(1) View host resource information
lscpu
free -h
As can be seen, I am a poor force, could only afford this configuration of the cloud server (for personal use)
(2) for pulling the pressure sensed image
docker pull lorel/docker-stress-ng
For instructions on how docker-stress-ng mirroring refer to the official documentation on the Hub Docker:
https://hub.docker.com/r/lorel/docker-stress-ng/
(3) If you want to view usage docker-stress-ng, you can use the following command to get help options --help meaning
docker run --name stress --rm lorel/docker-stress-ng:latest stress --help
Help document gives an Example:
stress-ng --cpu 8 --io 4 --vm 2 --vm-bytes 128M --fork 4 --timeout 10s
下面是它的重要选项的说明:
- -c N, --cpu N 启动 N 个子进程( cpu )
- --vm N 启动 N 个进程对内存进行压测
- --vm-bytes 128M 每个子进程使用多少内存(默认 256M )
(4)测试内存使用限制
docker run --name stress -it --rm -m 256m lorel/docker-stress-ng:latest stress --vm 2
说明:
- 限制内存使用最多256M
- 开启压测启动2个进程,每个进程使用256M(默认值)
验证:
docker stats stress
可以看到,无论启动多少个使用256M的进程做压测(这里启动了2个进程,按理会使用512MB内存),stress容器的最大内存使用量始终维持在256MB。
(5)测试CPU使用限制
docker run --name stress --rm --cpus 1 lorel/docker-stress-ng:latest stress --cpu 4
这里由于我的宿主机只有2个CPU,因此这里限制stress容器只能使用最多1个CPU,但是压测进程可以使用4个CPU。
验证:
docker stats stress
可以看到,无论压测的进程被允许使用多少个CPU,stress的CPU使用量始终在100%左右(存在一定误差是正常的)。
那么,如果我们不限制CPU呢?
docker run --name stress --rm lorel/docker-stress-ng:latest stress --cpu 4
从上图可知,stress容器会尽可能地吃掉尽可能多的CPU资源,由于宿主机只有2个CPU,因此原则上不会使用超过200%的CPU(当然,也会存在一定的误差,正常的)
小结
本文探索了Docker的资源限制相关知识,在日常开发中应该给容器设置一个合理的资源限制值,以防出现OOME的情况导致Linux杀掉错误的进程。
参考资料
(1)马哥,《Docker资源限制及验证》
(2)阿龙,《
Docker的系统资源限制详解》