I'm trying to limit the total resources accessible from docker (for example only 90% of the RAM and 1500% of the CPU). I cannot use CPU and RAM limit when I'm launching my containers, that's why I need to limit the total resources available for docker containers.
I have around 20 containers which can consume the maximum CPU and memory but not at the same time, so I cannot set the CPU and RAM limit, that's why I need to limit the total resource used by docker
First of all I've created a slice: I tried the instruction above, but impossible to limit both the RAM and the CPU usage
# /etc/systemd/system/docker_limit.slice
[Unit]
Description=Slice that limits docker resources
Before=slices.target
[Slice]
CPUAccounting=true
CPUQuota=700%
#Memory Management
MemoryAccounting=true
MemoryHigh=20G
MemoryMax=25G
MemoryMaxSwap=10G
And my daemon.json
{
"insecure-registries" : [ "url1", "url2"],
"cgroup-parent": "docker_limit.slice"
}
But when I try from a container:
stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.9;}' < /proc/meminfo)k --vm-keep -m 1
I can see from docker stats it's using 111Go of Ram (full capacity of my server)
stress --cpu 16
I can see from docker stats it's using near 1600 % (full capacity of my server)
I think I've missed something but I don't know what
Best Answer
Prefix the
cgroup_parent
in/etc/docker/daemon.json
with a/
, so the cgroup name is absolute. Otherwise, docker will put the containers into a sub-cgroup of the daemon's cgroup:Without the
/
, depending on your system, the containers might end up in/system.slice/containerd.service/docker_limit.slice
or similar.systemd-cgtop
orsystemd-cgls
can be used to check where things ended up running.