Dockerd resource usage limitations

In Docker environments, the most reliable way of limiting resource usage is by encapsulating the Docker daemon and assigning all the containers to a pre-defined resource slice.

Requirements:

• Linux based OS
• Package: cgroup-toolsV2

1. Create Slice file

Create a .slice file, for example:

touch /etc/systemd/system/<slice_name>.slice

[Unit]
Description=Slice that limits docker resources
Before=slices.target

[Slice]
CPUAccounting=true
CPUQuota=200%
#Memory Management
MemoryAccounting=true
MemoryLimit=500M

2. Load the slice into systemctl

sudo systemctl start <slice_name>.slice

3.1 Dockerd Slice

Assign slice as default for all containers.

Edit docker daemon config file:

sudo vim /etc/docker/daemon.json

Add the following configuration:

{
  "cgroup-parent": "<slice_name>.slice"
}

3.2. Container slice

It is also possible to assign specific slices to containers by using the cgroup-parent attribute when running the container:

docker run --rm --cgroup-parent=<slice_name>.slice hello_world

4. Restart dockerd

sudo systemctl restart docker

Special Case (RaspberryPi)

Cgroups for RaspberryPi OS have default limitations due to resource constraints. Memory management is disabled by default. To enable it:

Edit the file /boot/cmdline.txt and add:

cgroup_memory=1 cgroup_enable=memory

Then, reboot the device and memory management will be enabled.