Overview

In the usual local running some high resource consumption of the container, you may sometimes be unhappy with a container on the machine to make the card can not be, this time you want to shut down the container, but there can not shut down, I do not know if you have this trouble, at least I have, so here is how to limit the Docker container resource consumption.

CPU

Docker limits CPU in several dimensions.

In addition, docker also provides other cpu options, without going into detail, a brief description of them is

Memory

There are several options for limiting memory, so I’ll pick 4 meaningful ones and talk about them.

Disk

Limit disk size

By default Docker can only use a 10 G volume, if you want to go bigger, you need to modify the startup parameters: ```.

  1. [[email protected].io]# cat /etc/docker/daemon.json
  2. {
  3. "storage-driver": "devicemapper",
  4. "storage-opts": [
  5. "dm.basesize=40G"
  6. ]
  7. }

Limit disk IO

This option is a bit more involved, just look at the following list.

  1. --blkio-weight uint16 Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
  2. --blkio-weight-device list Block IO weight (relative device weight) (default [])
  3. --device-read-bps list Limit read rate (bytes per second) from a device (default [])
  4. --device-read-iops list Limit read rate (IO per second) from a device (default [])
  5. --device-write-bps list Limit write rate (bytes per second) to a device (default [])
  6. --device-write-iops list Limit write rate (IO per second) to a device (default [])

Example usage.

  1. # This is the disk limit
  2. [[email protected].io]# docker run -it --rm --device-write-bps /dev/sda:50mb ubuntu /bin/bash
  3. # This is the limit file
  4. [[email protected].io]# docker run -it --rm --device-write-bps /dev/dm-x:50mb centos /bin/bash

Networking

The need for networking would be all too common, but from what I’ve found, it doesn’t seem to be officially supported by Docker, however, some users have simply implemented it directly inside the container with the tc command, operating as follows

  1. [[email protected].io]# docker run --rm -it centos:7 /bin/sh
  2. tc qdisc add dev eth0 handle 1: ingress
  3. tc filter add dev eth0 parent 1: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 1mbit burst 10k drop flowid :1
  4. tc qdisc add dev eth0 root tbf rate 1mbit latency 25ms burst 10k`

This can be used to limit the eth0 interface to 1M, see: How can I rate limit network traffic on a docker container.

Ref