Container Namespace and Cgroup

Posted on | Edited on | In

Different OS the namespace/cgroup path is slightly different.

Ubuntu

As for Ubuntu, CPU cgroup for example is from:

1
2
# if you run docker container
cd /sys/fs/cgroup/cpu/docker

then you will see folder named as docker container ID, for example:

1
2
3
4
5
6
7
cd 9a89252ea39e15c5f90cc7b1a606bc64d4acb3a50c112ab53f3e751d06ba85db

# limit: cfs_quota_us/cfs_period_us
cpu.cfs_period_us
cpu.cfs_quota_us
# request: proportional to other container CPU shares
cpu.shares

For other cgroups, following the similiar path pattern, for example, the memory path is /sys/fs/cgroup/memory/docker.

GKE

In Google GKE node, the CPU cgroup path is like:

1
2
3
# burstable is a type of QoS (quality of service)
# you can see QoS in pod description status section
cd /sys/fs/cgroup/cpu/kubepods/burstable/podf13115bf-9e5b-4871-b855-d24430b31aa6/84b07d37a9f07c57fe9e642f2cd951f7821b5d2333c92eae945b99f5dd996491

The 84b07d37a9f07c57fe9e642f2cd951f7821b5d2333c92eae945b99f5dd996491 is container ID inside of the pod. Using kubectl describe can see it, then you can see the cpu limit/request source of truth.

0%