PouchContainer is Alibaba Group's efficient, open source, enterprise-class container engine technology featuring strong isolation, high portability and low resource consumption. It can assist enterprise clients in containerizing inventory operations and improve the utilization of physical resources in ultra-large-scale data centers.
Resource management is an important part of the container runtime. This article will introduce you to the common APIs of PouchContainer resource management and corresponding underlying kernel APIs. This article provides test cases for some APIs for the sake of understandability.
| API | Description |
| --blkio-weight | The relative weight of block device IO, which is an integer ranging from 0 to 100. |
| --blkio-weight-device | IO relative weight of the specified block device. |
| --cpu-period | Period value in the completely fair algorithm. |
| --cpu-quota | Quota value in the completely fair algorithm. |
| --cpu-share | CPU share (relative weight). |
| --cpuset-cpus | Limits CPU cores used by the container. |
| --cpuset-mems | Limits memory nodes used by the container, which only applies in NUMA systems. |
| --device-read-bps | Limits read rate for the device, which is a positive integer measured in KB, MB, or GB. |
| --device-read-iops | Limits read IO per second for the device, which is a positive integer. |
| --device-write-bps | Limits write rate for the device, which is a positive integer measured in KB, MB, or GB. |
| --device-write-iops | Limits write IO per second for the device, which is a positive integer. |
| -m, --memory | Memory limit, which is a positive integer measured in B, KB, MB, or GB. |
| --memory-swap | Total memory (physical memory + swap partition) limit, which is a positive integer measured in B, KB, MB, or GB. |
| --memory-swappiness | The option to adjust the swap partition used by the container memory, which is an integer between 0 and 100 (inclusive). |
| --memory-wmark-ratio | Used to calculate low_wmark, range of values: an integer between 0 and 100 (inclusive). |
| --oom-kill-disable | Whether to kill the container when the memory is used up. |
| --oom-score-adj | Sets the possibility that the container process will trigger OOM, the larger the value, the easier the OOM of the container process will be triggered. |
| --pids-limit | Used to limit the number of PIDs inside the container. |
| API | Corresponding Kernel API | Kernel API Description |
| -m, --memory | cgroup/memory/memory.limit_in_bytes |
Sets the memory limit in bytes, and kb/KB, mb/MB or gb/GB can also be used. |
| --memory-swap | cgroup/memory/memory.memsw.limit_in_bytes |
Sets the total memory and swap partition usage. By setting this value, you can prevent the process from using up the swap partition. |
| --memory-swappiness | cgroup/memory/memory.swappiness | Controls the tendency of the kernel to use the swap partition. Range of values: an integer between 0 and 100 (inclusive). The smaller the value, the more likely it is to use physical memory. |
| --memory-wmark-ratio | cgroup/memory/memory.wmark_ratio |
Used to calculate low_wmark, low_wmark = memory.limit_in_bytes * MemoryWmarkRatio. When memory.usage_in_bytes is greater than low_wmark, the kernel thread is triggered to perform memory reclamation. When the memory.usage_in_bytes is less than high_wmark, the reclamation is stopped. |
| --oom-kill-disable | cgroup/memory/memory.oom_control |
If it is set to 0, then when the memory usage exceeds the limit, the system will not kill the process, but block the process until memory is released for use. On the other hand, the system will send an event notification to the user mode, and the monitor of the user mode can respond according to the event, for example, increase the memory limit. |
| --oom-score-adj | /proc/$pid/oom_score_adj |
Sets the possibility that the process will trigger OOM. The larger the value, the easier the OOM of the container process will be triggered. |
| API | Corresponding cgroup API | Cgroup API Description |
| --cpu-period | cgroup/cpu/cpu.cfs_period_us |
Used to limit CPU bandwidth, and needs to be used with cpu.cfs_quota_us. We can set the interval to 1 second and the quota to 0.5 seconds. The process in the cgroup can only run for a maximum of 0.5 seconds in 1 second, and then it will be forced to hibernate until the next 1 second. |
| --cpu-quota | cgroup/cpu/cpu.cfs_quota_us |
Used to limit CPU bandwidth, and needs to be used with cpu.cfs_period_us. |
| --cpu-share | cgroup/cpu/cpu.shares | An API used to allocate the CPU proportion. Assuming that we create two cgroups (C1 and C2) in the root directory of cgroupfs, and configure cpu.shares to 512 and 1024 respectively. When there is a CPU contention between C1 and C2, C2 will get twice as much CPU usage as C1. It should be noted that CPU share will only work when they contend for CPU. If C2 is idle, then C1 can get the entire CPU resource. |
| --cpuset-cpus | cgroup/cpuset/cpuset.cpus | A list of CPUs that the process is allowed to use (for example: 0–4, 9). |
| --cpuset-mems | cgroup/cpuset/cpuset.mems | A list of memory nodes that the process is allowed to use (for example: 0–1). |
| API | Corresponding cgroup API | Cgroup API Description |
| --blkio-weight | cgroup/blkio/blkio.weight | Sets the weight value, which is an integer between 10 and 1,000 (inclusive). This is similar to cpu.shares, which allocates proportion instead of an absolute bandwidth limit, so it only works when different cgroups contend for the bandwidth of the same block device. |
| --blkio-weight-device | cgroup/blkio/blkio.weight_device | Sets the weight value for the specific device, which will override the above blkio.weight. |
| --device-read-bps | cgroup/blkio/blkio.throttle.read_bps_device |
Sets the bandwidth limit for reading from the block device per second for a specific device. |
| --device-write-bps | cgroup/blkio/blkio.throttle.write_bps_device |
Sets the bandwidth limit for writing to the block device per second. The device must be specified. |
| --device-read-iops | cgroup/blkio/blkio.throttle.read_iops_device |
Sets the IO limit for reading from the block device. The device must be specified. |
| --device-write-iops | cgroup/blkio/blkio.throttle.write_iops_device |
Sets the IO limit for writing to the block device. The device must be specified. |
| API | Corresponding cgroup API | Cgroup API Description |
| --pids-limit | cgroup/pids/pids.max | Limits the number of processes. |
Exploring Alibaba Group's PouchContainer Resource Management APIs – Part 2
506 posts | 48 followers
FollowAmber Wang - August 8, 2018
Alibaba System Software - December 6, 2018
Alibaba System Software - November 29, 2018
Alibaba Clouder - November 8, 2018
Alibaba System Software - August 6, 2018
Alibaba Developer - May 8, 2019
506 posts | 48 followers
Follow
Alibaba Cloud Linux
Alibaba Cloud Linux is a free-to-use, native operating system that provides a stable, reliable, and high-performance environment for your applications.
Learn More
ACK One
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn More
Container Registry
A secure image hosting platform providing containerized image lifecycle management
Learn More
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreMore Posts by Alibaba Cloud Native Community
