Setting limits per container is good but not enough: having an upper limit in place for the whole stuff makes me more confident about system health status.
A trivial way would be modifying existing docker cgroups at boot
Code: Select all
[me@nas ~]# cat /etc/crontabs/root |grep reboot
@reboot /root/bin/limit-containers.sh
[me@nas ~]# cat /root/bin/limit-containers.sh
#!/bin/bash
CG_NAME=docker
MEMORY=3200 # Mb
CPU=180 # percentage: dual core max is 200
# Create the cgroups in case they don't exist yet
mkdir -p /sys/fs/cgroup/memory/$CG_NAME
mkdir -p /sys/fs/cgroup/cpu/$CG_NAME
# Set the limits
echo $(($MEMORY * 1024 * 1024)) > /sys/fs/cgroup/memory/$CG_NAME/memory.limit_in_bytes
echo 100000 > /sys/fs/cgroup/cpu/$CG_NAME/cpu.cfs_period_us
echo $(($CPU * 1000)) > /sys/fs/cgroup/cpu/$CG_NAME/cpu.cfs_quota_us
Any advice?