<style>
.reveal {
font-size: 26px;
}
</style>
# CGroups an introduction
<!-- Put the link to this slide here so people can follow -->
+ slide: https://hackmd.io/@tvannahl/cgroups
+ documentation:
* `cgroups(7)`
* [Kernel Docs: cgroups v1](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/cgroups.html)
* [Kernel Docs: cgroups v2](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html)
* `systemd.resource-control(5)`
* [K8s: Managing Resources for Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)
---
## History
* v1 in Kernel since Jan. 2008
* Contribution by Google engineers
* Kick-off tech for SRE/DevOps
* Since 2016 v2 available
+ Hierachical structure
+ supported by `podman>=1.6.2`
+ supported by `Docker>=20.10`
+ Supported by `systemd`
---
## Features
* Resource Limiting and Prioritization
+ [memory](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/memory.html)
+ [CPU usage](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/cpuacct.html)
+ [CPU sets](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/cpusets.html)
+ [Disk IO usage](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/blkio-controller.html#)
+ [Network IO usage](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/net_cls.html)
---
## Features
* Accounting
+ e.g. for [billing processes](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/cpuacct.html)
* Control
+ freezing
+ checkpointing
+ restarting
---
## Manual dive in
* Interface via VFS (virtual file system)
* Usually already mounted to be used by `systemd`
---
```
# $ mount | grep ^cgroup
cgroup2 on /sys/fs/cgroup type cgroup2 (…,seclabel,nsdelegate,memory_recursiveprot)
```
* thread mode
---
### Defaults for every unit
*-- Live demo and discussion --*
```bash
# tree -d
.
├── dev-hugepages.mount
├── dev-mqueue.mount
├── init.scope
├── machine.slice
├── sys-kernel-tracing.mount
├── system.slice
│ ├── accounts-daemon.service
│ ├── alsa-state.service
│ ├── auditd.service
│ ├── avahi-daemon.service
│ ├── bluetooth.service
[…]
│ ├── var.mount
│ └── wpa_supplicant.service
└── user.slice
└── user-1000.slice
├── session-2.scope
└── user@1000.service
├── app.slice
[…]
└── uresourced.service
```
---
```
$ cat /proc/$$/cgroup
0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.gnome.Terminal.slice/vte-spawn-b721f961-1eac-4b21-8016-cacb6fd03729.scope
```
---
## Kubernetes frontend interface
* `spec.containers[].resources.limits.cpu`
* `spec.containers[].resources.limits.memory`
---
## Docker frontend interface
* `docker run --cpu-shares…`
* `docker run --memory…`
---
## Systemd frontend interface
* Show cgroups of unit: `systemctl status`
* `systemd.resource-control(5)`
+ Can be added to common unit sections (e.g. `[Service]`, `[Scope]`)
+ Example options:
- `CPUAccounting=`
- `CPUQuota=`
- `MemoryLimits=bytes`
- `TasksMax=N`
- `IPAccounting=true`
---
{"metaMigratedAt":"2023-06-15T05:59:02.015Z","metaMigratedFrom":"YAML","title":"cgroups Introduction","breaks":true,"description":"Basic introduction into cgroups","contributors":"[{\"id\":\"bb7dc7c9-31fd-4a5c-a52d-d96ddf9fa911\",\"add\":6867,\"del\":3638}]"}