To enhance the visibility of container resources, kernel interfaces for the container resource visualization feature are provided in Alibaba Cloud Linux 2 starting with kernel version 4.19.91-22.2.al7 and Alibaba Cloud Linux 3 starting with kernel version 5.10.46-7.al8. This topic describes the interfaces and provides examples on how to use the interfaces.
Background information
By default, the container resource visualization feature of Alibaba Cloud Linux is disabled. If you enable the feature and then run commands such as top and free in a container to read data from the following interfaces, the resource information of the container is returned rather than the resource information of the Elastic Compute Service (ECS) instance on which the container resides:
/proc/cpuinfo
/proc/meminfo
/sys/devices/system/cpu/online
Interfaces
Interface | Description |
/proc/sys/kernel/rich_container_enable | Specifies whether to enable the container resource visualization feature. Valid values:
Default value: 0. |
/proc/sys/kernel/rich_container_source | The data source of the cgroup interface. Valid values:
Default value: 0. |
/proc/sys/kernel/rich_container_cpuinfo_source | The number of CPUs that are displayed in the /proc/cpuinfo and /sys/devices/system/cpu/online interfaces. Valid values:
Default value: 0. |
/proc/sys/kernel/rich_container_cpuinfo_sharesbase | When the /proc/sys/kernel/rich_container_cpuinfo_source interface is set to 2, use this interface as part of the formula to obtain the final value. The value must be an integer that is greater than or equal to 2. Default value: 1024. |
Examples
In the examples, Docker is deployed on a Linux instance, and a container that has 1 GB of memory is created on the instance.
If the container resource visualization feature is disabled, the value of the /proc/sys/kernel/rich_container_enable interface is 0. When you run the free -m command in the container, the resource information of the Linux instance on which the container resides is displayed, as shown in the following figure.
If you run the echo 1 > /proc/sys/kernel/rich_container_enable command on the Linux instance to enable the container resource visualization feature and then run the free -m command in the container, the resource information of the container is displayed, as shown in the following figure.
Special scenarios
In most cases, after you enable the container resource visualization feature, the default values of the interfaces can meet your business requirements. However, you must take note of the interface configurations in the following scenarios:
For a pod in which the process ID (PID) namespace is not shared, each container is an independent PID namespace. If you run the systemd command to start a privileged container and the container process is Process 1, the task of collecting monitoring data is run in a child cgroup instead of the root cgroup of the container.
For example, when you log on to the container by using an SSH key pair and run the cat /proc/cpuinfo command, one of the following scenarios may occur:
If the /proc/sys/kernel/rich_container_source interface is set to 0 when you run the command, the current pointer resides in the child cgroup that is created by sshd.service in the container. In this case, error data is returned.
If you run the echo 1 > /proc/sys/kernel/rich_container_source command, the cgroup in which the child reaper resides is used as a data source. In this case, valid data is returned.