Docker-cgroup資源限制
阿新 • • 發佈:2022-05-15
啟動容器後,如果不對容器最大使用資源進行限制,則宿主機允許其佔用無限大的記憶體空間,當宿主機記憶體資源不夠,則殺死使用資源最多的程序,影響其他容器正常執行,甚至導致OOM。
linux Control Groups 可以限制一個程序能夠申請使用的資源上限,包括CPU、記憶體、磁碟、網路頻寬等;
]# cat /boot/config-3.10.0-1160.45.1.el7.x86_64 |grep -i cgroup CONFIG_CGROUPS=y # CONFIG_CGROUP_DEBUG is not set CONFIG_CGROUP_FREEZER=y CONFIG_CGROUP_PIDS=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_HUGETLB=y CONFIG_CGROUP_PERF=y CONFIG_CGROUP_SCHED=y CONFIG_BLK_CGROUP=y # CONFIG_DEBUG_BLK_CGROUP is not set CONFIG_NETFILTER_XT_MATCH_CGROUP=m CONFIG_NET_CLS_CGROUP=y CONFIG_NETPRIO_CGROUP=y
記憶體模組
[root@web ~]# cat /boot/config-4.4.222-1.el7.elrepo.x86_64 |grep memcg -i CONFIG_MEMCG=y CONFIG_MEMCG_SWAP=y CONFIG_MEMCG_SWAP_ENABLED=y CONFIG_MEMCG_KMEM=y
cgroup具體實現
[root@web ~]# ll /sys/fs/cgroup/ total 0 dr-xr-xr-x 4 root root 0 Apr 28 23:43 blkio lrwxrwxrwx 1 root root 11 Apr 28 23:43 cpu -> cpu,cpuacct lrwxrwxrwx 1 root root 11Apr 28 23:43 cpuacct -> cpu,cpuacct dr-xr-xr-x 5 root root 0 Apr 28 23:43 cpu,cpuacct dr-xr-xr-x 3 root root 0 Apr 28 23:43 cpuset dr-xr-xr-x 4 root root 0 Apr 28 23:43 devices dr-xr-xr-x 3 root root 0 Apr 28 23:43 freezer dr-xr-xr-x 3 root root 0 Apr 28 23:43 hugetlb dr-xr-xr-x 5 root root 0 Apr 28 23:43 memory lrwxrwxrwx 1 root root 16 Apr 28 23:43 net_cls -> net_cls,net_prio dr-xr-xr-x 3 root root 0 Apr 28 23:43 net_cls,net_prio lrwxrwxrwx 1 root root 16 Apr 28 23:43 net_prio -> net_cls,net_prio dr-xr-xr-x 3 root root 0 Apr 28 23:43 perf_event dr-xr-xr-x 4 root root 0 Apr 28 23:43 pids dr-xr-xr-x 4 root root 0 Apr 28 23:43 systemd