Skip to content

Cgroups (Control Groups)

Cgroups (control groups) is a Linux Kernel feature designed to limit, account for, and isolate resource usage (such as CPU, memory, disk I/O) for a process group.^[400-devops-06-kubernetes-k8s-paas-docker.md]

In the context of containers, Cgroups is the primary technology used to implement resource constraints, while Namespace technology is used to modify process views.^[400-devops-06-kubernetes-k8s-paas-docker.md]

Core Function

The fundamental capability of a container is to create a boundary by constraining and modifying the dynamic behavior of a process.^[400-devops-06-kubernetes-k8s-paas-docker.md] Cgroups facilitates this by acting as the mechanism that enforces limits and controls on the resources available to a specific set of processes, preventing any single container from exhausting the host's resources.^[400-devops-06-kubernetes-k8s-paas-docker.md]

Application in Containers

When the Docker engine initializes a container, it sets specific Cgroups parameters to define the resource boundaries for the containerized process.^[400-devops-06-kubernetes-k8s-paas-docker.md] This ensures that the application process runs within the allocated resource limits, sharing the host kernel effectively but with controlled access to hardware resources.^[400-devops-06-kubernetes-k8s-paas-docker.md]

Sources

  • 400-devops-06-kubernetes-k8s-paas-docker.md