Setting absolute limits on CPU for Docker containers

I’m trying to set absolute limits on Docker container CPU usage. The CPU shares concept (docker run -c <shares>) is relative, but I would like to say something like “let this container use at most 20ms of CPU time every 100ms. The closest answer I can find is a hint from the mailing list on using cpu.cfs_quota_us and cpu.cfs_period_us. How does one use these settings when using docker run?

I don’t have a strict requirement for either LXC-backed Docker (e.g. pre0.9) or later versions, just need to see an example of these settings being used–any links to relevant documentation or helpful blogs are very welcome too. I am currently using Ubuntu 12.04, and under /sys/fs/cgroup/cpu/docker I see these options:

  • How to install docker without cgroup
  • How to monitor docker container disk access metrics when using overlayFS
  • Read cgroups data without mounting it
  • Alpine based Docker images fully compatible on Ubuntu host?
  • Memory usage of Docker containers
  • Distributed CPU-intensive processes in Kubernetes/Docker
  • $ ls /sys/fs/cgroup/cpu/docker
    cgroup.clone_children  cpu.cfs_quota_us   cpu.stat
    cgroup.event_control   cpu.rt_period_us   notify_on_release
    cgroup.procs           cpu.rt_runtime_us  tasks
    cpu.cfs_period_us      cpu.shares
    

  • Use Prometheus “target relabeling” to extract cAdvisor's Docker image name without tag
  • Docker volume container store in different drives
  • Docker dotnet image container do not allow me to rebuild after change
  • Docker swarm with a custom network
  • Marathon treats healthy tasks as unhealthy and kills them
  • Can ALL untagged docker.io images be safely removed?
  • One Solution collect form web for “Setting absolute limits on CPU for Docker containers”

    I believe I’ve gotten this working. I had to restart my Docker daemon with --exec-driver=lxc as I
    could not find a way to pass cgroup arguments to libcontainer. This approach worked for me:

    # Run with absolute limit
    sudo docker run --lxc-conf="lxc.cgroup.cpu.cfs_quota_us=50000" -it ubuntu bash
    

    The necessary CFS docs on bandwidth limiting are here.

    I briefly confirmed with sysbench that this does seem to introduce an absolute limit, as shown below:

    $ sudo docker run --lxc-conf="lxc.cgroup.cpu.cfs_quota_us=10000" --lxc-conf="lxc.cgroup.cpu.cfs_period_us=50000" -it ubuntu bash
    root@302e651c0686:/# sysbench --test=cpu --num-threads=1 run
       <snip> 
       total time:                          90.5450s
    $ sudo docker run --lxc-conf="lxc.cgroup.cpu.cfs_quota_us=20000" --lxc-conf="lxc.cgroup.cpu.cfs_period_us=50000" -it ubuntu bash
    root@302e651c0686:/# sysbench --test=cpu --num-threads=1 run
       <snip> 
        total time:                          45.0423s
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.