Enforcing resource limits is a critical best practice for running containers on a host or shared platforms like Kubernetes, Openshift...
If a container runs without a resource limitation, it may use all the resources available on the host, producing a disaster in production on a shared platform. This lack of deterministic resource usage could be a big problem for other applications on the host or container orchestrators.
Setting resources limits will:
- prevent applications from consuming more than their expected resources on the host.
- provide autoscaling controllers critical information needed to add and remove instances of a containerized service based on resource usage.
Setting resources limits for a Docker container is not required by default.
However, every Docker container gets its own Cgroup by default in order to permit you to set resources limits.
Cgroups(Control groups) is a Linux kernel feature for managing and monitoring system resource like CPU, disk I/O, memory and bandwidth usage.
- Resource limiting: a group can be configured not to exceed a specified resource limit.
- Prioritization: one or more groups may be configured to utilize fewer or more CPUs or disk I/O throughput.
- Accounting: a group's resource usage is monitored and measured.
- Control: groups of processes can be frozen or stopped and restarted.
Cgroups partition those resources into groups then assigning tasks to those groups.
Providing a stable product in production is a journey, in this brief article we learned the importance of limiting resources usage, the big challenges are to determine the container requirement resources and to configure containerized application runtimes ( e.g: JDK) to stick to the configured resources limits.