In this comprehensive guide, we will delve into the importance of Docker resource limits and how they play a vital role in ensuring the smooth performance of your production applications. By default, Docker containers have unrestricted access to CPU and RAM, which can lead to resource exhaustion and negatively impact other critical processes on the host system. We will explore two crucial aspects of resource management: limiting memory access and restricting CPU usage.
Checkout our previous docker blogs
Why Docker Resource Limits are Essential for Production Environments
Preventing Out-of-Memory Issues
Avoiding System Overload and Process Killings
Docker resource limits are crucial in production environments to prevent resource contention and system instability. Without limits, containers can consume excessive CPU and RAM, affecting other critical processes. By setting boundaries, we avoid out-of-memory issues and ensure fair resource distribution. Memory limits, including hard and soft limits, safeguard against excessive memory usage. Meanwhile, CPU limits prevent containers from monopolizing system resources. Properly managed resource limits maintain application performance and stability in a shared environment.
There are 2 ways in which we can limit our container’s resources
1: Limiting docker memory access
2: Limiting docker CPU access.
Next, we are going to learn how to set these limits for the containers.
Limiting docker memory access
Docker can enforce 2 limits on a container one is a hard limit which doesn’t allow the container to not use more than the memory specified and the other is a soft limit which allows the container to use as much memory unless a certain condition is met.
There are several memory limitations in docker.
- Setting maximum memory for a container. (Hard limit)
- Setting up soft limit
- Setting swap to disk memory limit
1: Setting maximum memory for a container. (Hard limit)
To set a hard memory limit for a Docker container, you can use the –memory or –m flag with the docker run command. This limit restricts the maximum amount of memory the container can use
For example, if you want to set a maximum memory limit for an ubuntu container use the
–memory or the –m command along with the docker run command.
-m or –memory = The maximum amount of memory the container can use. The minimum value is 6M so you need to set a value greater than this
sudo docker run -it –memory=”[memory_limit]” [docker_image]
sudo docker run -d -it –memory=”1g” ubuntu
Now the Ubuntu container is running on the memory limit we defined in order to confirm it use the docker inspect command and you can see fields similar to the below image.
2: Setting up soft limit.
Memory reservation allows you to specify a soft limit smaller than –memory which is activated when Docker detects contention or low memory on the host machine.
The soft limit must be lower than the hard limit.
For example in order to set the ubuntu container memory reservation of 500M and maximum memory to 1GB use the below command. So whenever there is low memory on the host machine the docker detects it and activates the soft limit for the container so automatically if the container’s memory is at its peak it gets lowered over a period of limitation.
sudo docker run -it –memory=”1g” –memory-reservation=”500m” ubuntu
3: Setting swap to disk memory limit
If the container exhausted all the RAM allocated to it by hard limit it can still write excessive memory requirements to disk memory (swap). This is not recommended in production use cases as it will slow down the performance.
In order to use the swap memory you need to already define the hard limit of the container using the –memory of the -m flag.
Swap memory = total amount of swap + the total amount of non-swap memory (–memory controls the non-swap memory)
The container will still continue to write memory to swap disk even if the memory limit of 1GB is reached for example, if you want to define –1 GB of swap memory for a ubuntu container use the below syntax
sudo docker run -it –memory=”[memory_limit]” –memory-swap=”[memory_limit]” [docker_image]
sudo docker run -d -ti –memory=”1g” –memory-swap=”2g” ubuntu
Limiting docker CPU access
To set CPU limits for Docker containers, you can use the –cpus flag with the docker run command. This flag allows you to specify the number of CPU cores or a fraction of the total available CPU resources that a container can use.
Suppose we are having 2 CPU’s in our system we can limit our containers to only use 1 CPU in order to run using the command
sudo docker run -it –cpus=”1.0″ ubuntu
In this example, the –cpus=”1.0” flag restricts the container to utilize one CPU core. If your system has multiple CPU cores, this ensures that the container will not exceed the processing power of a single core.
Using Docker-Compose to Define Resource Boundaries
In Docker Compose, you can define resource boundaries for containers by using the deploy section and specifying the resources field. This allows you to set memory and CPU limits for each service in the docker-compose.yml file. Here’s an example of how to limit memory and CPU for a service:
Here’s a sample
docker-compose.yml file that pulls the official
nginx image from Docker Hub and sets CPU and memory limits
version: '3' services: web: image: nginx restart: always ports: - "80:80" deploy: resources: limits: cpus: '0.5' memory: '256m'
In this file, we define a service called
web that uses the
nginx image. We also set the service to always restart in case of failure. The
ports section maps port 80 of the container to port 80 of the host.
deploy section, we specify the resources that this service can use. Specifically, we set a CPU limit of 0.5 and a memory limit of 256 megabytes.
By specifying these limits in the
docker-compose.yml file, Docker Compose will enforce these constraints when starting the service, ensuring that the container does not exceed the defined resource boundaries. This helps in maintaining the stability and performance of your application within the Docker environment.
In this article, we have learned how to set a docker resource limit for a container
For more details regarding resources, and limitations check out the docker official documentation.