Why do we need to set limits for container resource usage?

Enforcing resource limits is a critical best practice for running containers on a host or shared platforms like Kubernetes, Openshift...

If a container runs without a resource limitation, it may use all the resources available on the host, producing a disaster in production on a shared platform. This lack of deterministic resource usage could be a big problem for other applications on the host or container orchestrators.

Setting resources limits will:

• prevent applications from consuming more than their expected resources on the host.
• provide autoscaling controllers critical information needed to add and remove instances of a containerized service based on resource usage.

Setting resources limits for a Docker container is not required by default.
However, every Docker container gets its own Cgroup by default in order to permit you to set resources limits.

Cgroups(Control groups) is a Linux kernel feature for managing and monitoring system resource like CPU, disk I/O, memory and bandwidth usage.
it provides:

• Resource limiting: a group can be configured not to exceed a specified resource limit.
• Prioritization: one or more groups may be configured to utilize fewer or more CPUs or disk I/O throughput.
• Accounting: a group's resource usage is monitored and measured.
• Control: groups of processes can be frozen or stopped and restarted.

Cgroups partition those resources into groups then assigning tasks to those groups.

Conclusion:

Providing a stable product in production is a journey, in this brief article we learned the importance of limiting resources usage, the big challenges are to determine the container requirement resources and to configure containerized application runtimes ( e.g: JDK) to stick to the configured resources limits.