-
Docker server - the
docker
command run in daemon mode on a Linux host -
Docker image - packaged application with all needed files (libs, configs)
$ docker pull ... $ docker build ...
-
Docker container - a chrooted process that has been instantiated from a Docker image
$ docker run ...
- a container has no resource constraints by default
- Docker provides a way to limit memory, CPU and block IO resources
- your kernel must support Linux capabilities (
docker info | grep WARNING
)
- if the kernel detects that there is not enough memory, it starts killing processes
- any process is subject to killing (including Docker)
- a process that uses lot of memory but has not been running for long time is a most likely candidate to get killed (OOM)
- Docker adjusts OOM priority in the Docker daemon so it's less likely to get killed
- the OOM priority on containers is not adjusted so they are more likely to be killed than the Docker daemon
- you should not allow a container to consume too much of the host machine’s memory
$ git clone git@github.com:jreisinger/mem-muncher.git
$ cd mem-muncher
$ docker build -t mem-muncher .
$ sudo swapoff -a
# in separate terminal tab/window
$ docker stats
$ docker run -it --rm --name mem-muncher mem-muncher
# in separate terminal tab/window
$ docker kill mem-muncher
# limit the memory to 500MB and forbid access to swap
$ docker run -it --rm --name mem-muncher --memory=500m mem-muncher
$ sudo swapon -a
https://docs.docker.com/config/containers/resource_constraints/