A container without limits will have access to all system resources, potentially starving other services or containers. To combat this you may want to enforce some limits to ensure all containers are treated equally, or that some become more equal than others. This tutorial will show you how to limit memory and CPU for Docker containers.
Setting Limits on Ubuntu 16.04
Out of the box a Docker installation on Ubuntu 16.04 we not be capable of setting limits. This is because cgroups swapping is disabled by default. When attempting to set limits you will be given the following error.
WARNING: Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap.
To address this error we can enable cgroup swapping by doing the following.
- Open the grub configuration file in a text editor.
vi /etc/default/grub
- Add the following line. If the GRUB_CMDLINE_LINUX optional already exists, modify it to include the values below.
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
- Save your changes and exit the text editor.
- Update the grub configuration.
sudo update-grub
- Before the changes will be applied you will need to reboot your docker host.
Running Without Limits
Containers will automatically have access to the entire range of RAM and CPU processing power of its host. If you are running a single container, this may not be an issue. When you start hosting multiple containers, each one will than start stepping on each other.
We started an NGINX container as a demonstration of memory usage. As you can see from the screenshot below the container’s limit is 8GB.
We can apply memory limits to ensure the container never uses more than 256 MB of RAM, for example. We’ll keep the first container running and launch a new one with the limits applied.
Limiting Memory
To limit memory we use the memory flag when starting a container. For example, we used the following to limit our NGINX server to only 256 MB of RAM.
docker run -d -p 8081:80 --memory="256m" nginx
This sets a hard limit. That means that under no circumstances will the container be allowed to use more than 256 MB of RAM. Alternatively, we could set a soft limit. Soft limits ensure our container can still request additional memory after hitting its limit, preventing service outages.
The flag to set a soft limit is memory-reservation. To set a soft limit of 256 MB or RAM we would run the following command.
docker run -d -p 8081:80 --memory-reservation="256m" nginx
Limiting CPU
Allowing one container to monopolize the processors in your Docker host could cause service outages, by starving your other services and containers. Limit how much CPU a container can use.
Limit Number of Cores
We can limit the number of cores available to container by using the cpus flag.
Lock Container to Specific Cores
Just limiting the number of cores means your process will use any available core available. For most purposes this is fine. Sometimes, however, you may want to lock your containers to specific cores.
Limit CPU Time
Limiting CPU time ensure how often a process is able to interrupt the processor or a set of cores.
Shares and Weights
Rather than breaking out the calculator and being very specific about how many cores or CPU time a process can have, apply shares to your process instead. This allows more critical containers to have priority over the CPU when needed.