search

docker / for-linux

Docker Engine for Linux
https://docs.docker.com/engine/installation/
753 stars 85 forks source link

Add support for --pids-limit and --ulimit options in docker update #322

Open madankumark opened 6 years ago

madankumark commented 6 years ago

Expected behavior

We have --pids-limit and --ulimit in docker container create/run in order to control the resource usage for a container. However these options are missing from docker update command. This feature will be helpful for upgrading the existing containers based on usage.

Output of docker version:

    Client:
     Version:      18.03.1-ce
     API version:  1.37
     Go version:   go1.9.5
     Git commit:   9ee9f40
     Built:        Thu Apr 26 07:20:16 2018
     OS/Arch:      linux/amd64
     Experimental: false
     Orchestrator: swarm

    Server:
     Engine:
      Version:      18.03.1-ce
      API version:  1.37 (minimum version 1.12)
      Go version:   go1.9.5
      Git commit:   9ee9f40
      Built:        Thu Apr 26 07:23:58 2018
      OS/Arch:      linux/amd64
      Experimental: false
JOduMonT commented 6 years ago

Hi @madankumark;

I use this kind of config for different containers and cpushares and pids-limits works at least with: Docker version 18.06.1-ce

CONTAINER=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd | rev | cut -d/ -f 1 | rev) CPUS=100 # 1024 = 100% IMAGE= MEM=16M PIDS=100 RESTART=unless-stopped

[[ -f .env ]] && \ source .env

[[ -z $DATA ]] && \ DATA=$CONTAINER

docker stop $CONTAINER docker rm $CONTAINER docker pull $IMAGE

docker run -d \ -e PGID=$PGID \ -e PUID=$PUID \ -e TZ=$TZ \ --cpu-shares=$CPUS \ --memory $MEM \ --name $CONTAINER \ $NETWORK \ --pids-limit=$PIDS \ --restart $RESTART \ --security-opt no-new-privileges \ -v $DATA:/config \ $IMAGE

docker run --help|grep pid
      --pid string                     PID namespace to use
      --pids-limit int                 Tune container pids limit (set -1 for unlimited)

ref: https://github.com/docker/labs/blob/master/security/cgroups/README.md#step-1-cgroups-and-the-docker-cli

what make you suspicious ? did it trow you an error ? which kind of test are you making to say it's not working ?

plattenschieber commented 5 years ago

What about the PR as seen in the moby project, which got already merged? https://github.com/moby/moby/pull/32519