共享主机资源上的Docker 17.06-ce默认容器内存限制 [英] Docker 17.06-ce default container memory limit on shared host resources
问题描述
我有一台主机,具有8核/ 16 GB RAM的资源。我们使用 cgroup 为我们的自定义分配 CPU 和内存应用。我们尝试在自定义应用程序和docker之间创建静态分区资源。例如,我们尝试分配以下内容:-
I have a host with a resource of 8 cores / 16 GB RAM. We use cgroup to allocate CPU and memory for our custom application. We tried to create a static partition resource between our custom application and docker. For example, we are trying to allocate the following :-
4 CPU cores / 8 GB RAM --> docker
3 CPU cores / 6 GB RAM --> custom_app_1
the remaining for OS
我们已经设法对 custom_app_1 。问题是如何在不使用标志-memory 或-cpus 用于单个容器。我不需要限制每个容器,但我需要确保主机中运行的所有容器都不会超过8GB RAM和4个CPU内核的使用量,否则,它将与我的 custom_app_1争用资源
We have manage to perform the segregation for custom_app_1. Question is how I create a default limit memory and cpu to our container without having to use the flag --memory or --cpus for individual container. I don't need to limit each container but I need to make sure that all containers running in the host cannot exceed the usage of 8GB RAM and 4 CPU cores, otherwise, it will be fighting resources with my custom_app_1
当我执行 docker stats 时,每个容器看到16 GB RAM,我如何进行配置,以使他们只能看到8 GB RAM和4个CPU内核
When i perform docker stats, each container is seeing 16 GB RAM, how do I configure so that they only see 8 GB RAM and 4 CPU cores instead
推荐答案
所以您需要做的是创建一个内存的SystemD切片。
So what you need to do is create a SystemD slice for the memory.
# /etc/systemd/system/limit-docker-memory.slice
[Unit]
Description=Slice with MemoryLimit=8G for docker
Before=slices.target
[Slice]
MemoryAccounting=true
MemoryLimit=8G
然后在 /etc/docker/daemon.json
{
"cgroup-parent": "limit-docker-memory.slice"
}
重新加载systemctl并重新启动docker
Reload systemctl and restart docker
systemctl daemon-reload
systemctl restart docker
请参见文档
--cgroup-parent选项允许您设置用于容器的默认cgroup父级。如果未设置此选项,则对于fs cgroup驱动程序,其默认值为/ docker;对于systemd cgroup驱动程序,其默认值为system.slice。
The --cgroup-parent option allows you to set the default cgroup parent to use for containers. If this option is not set, it defaults to /docker for fs cgroup driver and system.slice for systemd cgroup driver.
如果cgroup带有正斜杠(/),则cgroup
If the cgroup has a leading forward slash (/), the cgroup is created under the root cgroup, otherwise the cgroup is created under the daemon cgroup.
假定该守护程序在cgroup守护程序组中运行,--cgroup-parent = / foobar在/中创建一个cgroup。 sys / fs / cgroup / memory / foobar,而使用--cgroup-parent = foobar在/ sys / fs / cgroup / memory / daemoncgroup / foobar中创建cgroup
Assuming the daemon is running in cgroup daemoncgroup, --cgroup-parent=/foobar creates a cgroup in /sys/fs/cgroup/memory/foobar, whereas using --cgroup-parent=foobar creates the cgroup in /sys/fs/cgroup/memory/daemoncgroup/foobar
systemd cgroup驱动程序对于--cgroup-parent有不同的规则。 Systemd按切片表示层次结构,切片的名称对树中的位置进行编码。因此,systemd cgroups的--cgroup-parent应该是切片名称。名称可以包含一系列用短划线分隔的名称,这些名称描述了从根切片到切片的路径。例如,--cgroup-parent = user-ab.slice表示在/sys/fs/cgroup/memory/user.slice/user-a.slice/user-ab.slice/docker中创建容器的内存cgroup -.scope。
The systemd cgroup driver has different rules for --cgroup-parent. Systemd represents hierarchy by slice and the name of the slice encodes the location in the tree. So --cgroup-parent for systemd cgroups should be a slice name. A name can consist of a dash-separated series of names, which describes the path to the slice from the root slice. For example, --cgroup-parent=user-a-b.slice means the memory cgroup for the container is created in /sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-.scope.
也可以使用每个容器设置此设置,使用docker create和docker run上的--cgroup-parent选项,并且优先于--cgroup-parent选项
This setting can also be set per container, using the --cgroup-parent option on docker create and docker run, and takes precedence over the --cgroup-parent option on the daemon.
这篇关于共享主机资源上的Docker 17.06-ce默认容器内存限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
