Detailed explanation of the application of Docker underlying technology Namespace Cgroup

Detailed explanation of the application of Docker underlying technology Namespace Cgroup

Docker underlying technology:

The two core technologies at the bottom of Docker are Namespaces and Control groups.

Namespace: It is the core technology of container virtualization and is used to isolate containers and resolve conflicts between containers.

This is mainly achieved through the following six isolation technologies:
There are two pseudo file systems: /proc and /sys/

  • UTS: Allows each container to have an independent hostname and domainname, so that it can be regarded as an independent node on the network rather than a process on the host.
  • IPC: The process interaction in container still adopts the common inter-process interaction method of Linux, including common semaphores, message queues and shared memory. The interaction between container processes is actually the interaction between processes with the same PID on the host.
  • PID: Processes of different users are isolated by pid namesapce, and the same pid can exist in different namespaces. The parent process of all LXC (linux containers) processes in docker is the docker process, and each LXC process has a different namespace.
  • NET: Processes of different users are isolated by pidnamespace, and the same pid can exist in different namespaces. The parent process of all LXC processes in docker is the docker process, and each lxc process has a different namespace.
  • MNT: The mount point of the file system.
  • USRE: Each container can have different user and groupid, which means that you can use the user inside the container to execute the program instead of the user on the host.

As long as these six items are decoupled, even if other system resources are shared, the computer will consider them to be in two different systems.

cgroup (controls the resource usage of programs)

The main purpose of implementing cgroup is to provide a unified interface for resource management at different user levels. From resource control of a single process to virtualization at the operating system level.

The role of cgroup:

1) Resource limitation: cgroup can limit the total amount of resources used by the process group.
2) Priority allocation: The number of CPU time slices and disk IO bandwidth allocated is actually equivalent to controlling the priority of the process operation.
3) Resource statistics: Cgroup can count the usage of system resources. Such as CPU usage time, memory usage, etc.
Available for pay-as-you-go billing.
4) Process control: You can suspend, resume, and perform other operations on process groups.

Application of cgroup:

1) Limitations of memory and swap partition:

The container consists of two parts: physical memory and swap

In Docker, you can control the usage of container memory through parameters:

-m or --memory: Set memory usage limit

--memory-swap: Set the usage limit of swap (swap partition)

//Based on the centos image, the memory limit is 200M and the memory of the swap partition is 300M

[root@sqm-docker01 ~]# docker run -it -m 200M --memory-swap 300M centos

Enter the container to view the limited memory:

[root@05a0be7b870a /]# cat /sys/fs/cgroup/memory/memory.limit_in_bytes 
209715200 #Displays bytes [root@05a0be7b870a /]# cat /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes 
314572800

2) Container CPU restrictions:

Use -c or --cpu-shares to set the cpu weight of the container experiment. If not set, the default is 1024.

//Based on the centos image, run a container named containerB with a cpu weight limit of 512:
[root@sqm-docker01 ~]# docker run -it --name containerB -c 512 centos
[root@b2cf9f28ce1d /]# cat /sys/fs/cgroup/cpu/cpu.shares 
512

3) Limit the container's Block io (disk read and write):

bps: The amount of data read and written per second. byte per second
iops: The number of io operations per second. io per second

--device-read-bps: Set the bps of the read device
--device-write-bps: Set the bps for writing to the device

--device-read-iops: Set the iops of the read device
--device-write-iops: Set the iops for writing to the device

//Create a container named testA and limit the amount of disk writes per second to 30MB.
[root@sqm-docker01 ~]# docker run -it --name testA --device-write-bps /dev/sda:30MB centos

Write data for testing:

Parameter explanation:
infile=extract from /dev/zero
outfile=customize a name
bs=1M file size is 1M
count=800 means write 800 times in total.
oflag=direct: Used to specify directory IO mode to write files, so that --device-write-bps will take effect.

It can be found that the amount written per second is 80M, which takes about 26s.

When writing to disk normally:

The above is all the knowledge points about Docker underlying technology introduced this time. Thank you for your learning and support for 123WORDPRESS.COM.

You may also be interested in:
  • Detailed explanation of Cgroup, the core principle of Docker
  • Detailed explanation of docker cgroup resource monitoring
  • Detailed explanation of how to use cgroups to limit resource usage in Docker containers
  • This article will help you thoroughly understand the specific use of cgroup in Docker

<<:  Can't connect to local MySQL through socket '/tmp/mysql.sock' solution

>>:  mysql code to implement sequence function

Recommend

Detailed explanation of Vue development website SEO optimization method

Because the data binding mechanism of Vue and oth...

How to set background blur with CSS

When making some pages, in order to make the page...

Detailed tutorial for downloading and installing mysql8.0.21

Official website address: https://www.mysql.com/ ...

Use h1, h2, and h3 tags appropriately

In the process of making web pages, it is inevita...

JS implements simple calendar effect

This article shares the specific code of JS to ac...

How to set the default value of a MySQL field

Table of contents Preface: 1. Default value relat...

Detailed explanation of MySQL table name case-insensitive configuration method

By default, MySQL in Linux distinguishes between ...

MySQL data operation-use of DML statements

illustrate DML (Data Manipulation Language) refer...

Teach you how to implement a react from html

What is React React is a simple javascript UI lib...

JavaScript Dom Object Operations

Table of contents 1. Core 1. Get the Dom node 2. ...

HTML 5 Preview

<br />Original: http://www.alistapart.com/ar...

JavaScript to achieve a simple magnifying glass effect

There is a picture in a big box. When you put the...

Usage and demonstration of ref in Vue

ref definition: used to register reference inform...