如何对从Docker容器上传的文件进行速率限制? [英] How to rate-limit upload from docker container?
问题描述
我需要防止长时间运行的数兆字节的上传占用我网络的所有带宽,但是我只能在进程级别上限制其带宽使用(这意味着减慢整个计算机的网络接口或减慢该用户的网络流量将无法正常工作)。幸运的是,上传是使用Docker容器化的。我该怎么做才能减慢Docker容器的出站流量?
感谢这个问题我意识到,您可以在一个容器将其上传速度设置为1兆比特/秒。
下面是一个示例Dockerfile,它通过生成一个随机文件并将其上传到 / dev / null-as-a-service ,上传速度约为25KB / s:
FROM ubuntu
#安装依赖项
运行apt-get更新
运行apt-get install -y iproute curl
#创建一个较大的随机文件以上传
RUN head -c 2M< / dev / urandom> /upload.data
#对网络接口进行速率限制,并且
#在运行docker image时上载数据
RUN echo#!/ bin / bash>> ; /upload.sh
运行回显 tc qdisc添加dev eth0根tbf速率25kbps延迟50ms突发2500 /upload.sh
RUN echo curl -d @ / upload.data http://devnull-as-a-service.com/dev/null>> /upload.sh
RUN chmod a + x /upload.sh
ENTRYPOINT exec /upload.sh
假定此Dockerfile位于当前工作目录中名为 ratelimit 的目录中,则可以使用以下命令运行它: / p>
docker build ratelimit -t ratelimit& docker run --cap-add = NET_ADMIN ratelimit
选项-cap -add = NET_ADMIN 授予容器修改其网络接口的权限。您可以在此处找到文档。
Dockerfile首先安装它需要的依赖项。 iproute 提供了 tc 工具,而 curl 允许我们提出我们限价的要求。安装依赖项后,我们会生成一个2MB的随机文件进行上传。下一节将构建一个脚本文件,该文件将配置速率限制并开始上载。最后,我们指定该脚本作为运行容器时要执行的操作。
此容器向网络接口添加了令牌桶过滤器,以将连接速度减慢到25KB / s。可以在此处找到提供给令牌桶过滤器的选项的文档。
>可以将该Dockerfile修改为执行任何其他网络任务,方法是删除对cURL的调用并在其位置执行上载(当然,在安装上载所需的任何工具之后)。 / p>
I need to prevent a long-running multiterabyte upload from eating all of my network's bandwidth, but I can only constrain its bandwidth usage on a process level (meaning that slowing down the whole machine's network interface or slowing down this user's network traffic won't work). Fortunately, the upload is containerized with Docker. What can I do to slow down the docker container's outbound traffic?
Thanks to this question I realized that you can run tc qdisc add dev eth0 root tbf rate 1mbit latency 50ms burst 10000 within a container to set its upload speed to 1 Megabit/s.
Here's an example Dockerfile that demonstrates this by generating a random file and uploading it to /dev/null-as-a-service at an approximate upload speed of 25KB/s:
FROM ubuntu
# install dependencies
RUN apt-get update
RUN apt-get install -y iproute curl
# create a large random file to upload
RUN head -c 2M </dev/urandom > /upload.data
# rate-limit the network interface and
# upload the data when docker image is run
RUN echo "#!/bin/bash" >> /upload.sh
RUN echo "tc qdisc add dev eth0 root tbf rate 25kbps latency 50ms burst 2500" >> /upload.sh
RUN echo "curl -d @/upload.data http://devnull-as-a-service.com/dev/null" >> /upload.sh
RUN chmod a+x /upload.sh
ENTRYPOINT exec /upload.sh
Assuming that you have this Dockerfile inside of a directory called ratelimit that is in your current working directory, you can run it with:
docker build ratelimit -t ratelimit && docker run --cap-add=NET_ADMIN ratelimit
The option --cap-add=NET_ADMIN gives the container permission to modify its network interface. You can find the documentation here.
The Dockerfile first installs the dependencies that it needs. iproute provides the tc tool, and curl allows us to make the request that we rate-limit. After installing our dependencies, we generate a 2MB random file to upload. The next section builds a script file that will configure the rate-limit and start an upload. Finally, we specify that script as the action to take when the container is run.
This container adds a Token Bucket Filter to the network interface to slow down the connection to 25KB/s. The documentation of the options provided to the Token Bucker Filter can be found here.
This Dockerfile could be modified to perform any other network task by removing the call to cURL and performing the upload in its place (after installing whatever tools the upload requires, of course).
这篇关于如何对从Docker容器上传的文件进行速率限制?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
