Container 왜, 어떻게 이렇게 동작하지 궁금하셨던 분들을 위한 설명입니다.
CGROUP, NAMESPACE, LXC, SECCOMP를 알고 계시는 리눅스 마스터이시다면(저는 몰랐었어요...;;;) 컨테이너가 이래서 이렇게 동작할거 같네 추측하실 수 있으리라 생각합니다.
출처 :
1. Cgroup(컨트롤그룹) : 리소스관리
리눅스에서 Cgroup이 어디있는지 제 짧은 지식으로 찾아봤습니다.
메모리, CPU, 블록IO 같은 익숙한 자원들이 보여요!
#cat /proc/cgroups
#subsys_name hierarchy num_cgroups enabled
cpuset 11 4 1
cpu 2 67 1
cpuacct 2 67 1
memory 7 67 1
devices 8 67 1
freezer 3 4 1
net_cls 5 4 1
blkio 6 67 1
perf_event 10 4 1
hugetlb 4 4 1
pids 9 67 1
net_prio 5 4 1
검색해 보니 아래와 같습니다.
Docker에서도 리소스 관련 옵션을 찾아봅니다. 뭔가 CGROUP을 사용하는 것 같아요!
Option |
Description |
-m, --memory="" |
Memory limit (format: <number>[<unit>]). Number is a positive integer. Unit can be one of b, k, m, or g. Minimum is 4M. |
--memory-swap="" |
Total memory limit (memory + swap, format: <number>[<unit>]). Number is a positive integer. Unit can be one of b, k, m, or g. |
--memory-reservation="" |
Memory soft limit (format: <number>[<unit>]). Number is a positive integer. Unit can be one of b, k, m, or g. |
--kernel-memory="" |
Kernel memory limit (format: <number>[<unit>]). Number is a positive integer. Unit can be one of b, k, m, or g. Minimum is 4M. |
-c, --cpu-shares=0 |
CPU shares (relative weight) |
--cpus=0.000 |
Number of CPUs. Number is a fractional number. 0.000 means no limit. |
--cpu-period=0 |
Limit the CPU CFS (Completely Fair Scheduler) period |
--cpuset-cpus="" |
CPUs in which to allow execution (0-3, 0,1) |
--cpuset-mems="" |
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems. |
--cpu-quota=0 |
Limit the CPU CFS (Completely Fair Scheduler) quota |
--cpu-rt-period=0 |
Limit the CPU real-time period. In microseconds. Requires parent cgroupsbe set and cannot be higher than parent. Also check rtprioulimits. |
--cpu-rt-runtime=0 |
Limit the CPU real-time runtime. In microseconds. Requires parent cgroupsbe set and cannot be higher than parent. Also check rtprioulimits. |
--blkio-weight=0 |
Block IO weight (relative weight) accepts a weight value between 10 and 1000. |
--blkio-weight-device="" |
Block IO weight (relative device weight, format: DEVICE_NAME:WEIGHT) |
--device-read-bps="" |
Limit read rate from a device (format: <device-path>:<number>[<unit>]). Number is a positive integer. Unit can be one of kb, mb, or gb. |
--device-write-bps="" |
Limit write rate to a device (format: <device-path>:<number>[<unit>]). Number is a positive integer. Unit can be one of kb, mb, or gb. |
--device-read-iops="" |
Limit read rate (IO per second) from a device (format: <device-path>:<number>). Number is a positive integer. |
--device-write-iops="" |
Limit write rate (IO per second) to a device (format: <device-path>:<number>). Number is a positive integer. |
--oom-kill-disable=false |
Whether to disable OOM Killer for the container or not. |
--oom-score-adj=0 |
Tune container’s OOM preferences (-1000 to 1000) |
--memory-swappiness="" |
Tune a container’s memory swappiness behavior. Accepts an integer between 0 and 100. |
--shm-size="" |
Size of /dev/shm. The format is <number><unit>. number must be greater than 0. Unit is optional and can be b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). If you omit the unit, the system uses bytes. If you omit the size entirely, the system uses 64m. |
진짜 CGROUP을 쓰는지 한번 docker를 수행시켜 봅니다.