Skip to content

Linux Cgroups (Control Groups)

Linux Cgroups (Control Groups) is a Linux kernel feature designed to limit, account for, and isolate resource usage (such as CPU, memory, and disk I/O) for a specific set of processes.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Docker基础.md]

Core Function

The primary function of Cgroups is to set constraints on process groups. While Linux Namespaces are responsible for modifying a process's view of the world (isolation), Cgroups act as the mechanism to enforce resource limits on those isolated processes.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Docker基础.md] This allows the system to ensure that a specific group of processes does not exceed allocated resources like CPU time or memory.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Docker基础.md]

Role in Containerization

In the context of Linux containers, Cgroups are fundamental to the technology's implementation. A container is essentially a special process with a modified view (via Namespaces) and restricted resources (via Cgroups).^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Docker基础.md] When launching a container (e.g., using docker run), the container engine sets specific Cgroups parameters to define the resource boundaries for that process.^[400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Docker基础.md]

  • [[Namespaces]]
  • [[Containers]]
  • [[Rootfs]]

Sources

  • 400-devops__06-Kubernetes__k8s-paas__原理及源码解析__Docker基础.md