Docker 17.06-ce default container memory limit on shared host resources

Question

I have a host with a resource of 8 cores / 16 GB RAM. We use cgroup to allocate CPU and memory for our custom application. We tried

Answer 1

So what you need to do is create a SystemD slice for the memory.

# /etc/systemd/system/limit-docker-memory.slice
[Unit]
Description=Slice with MemoryLimit=8G for docker
Before=slices.target

[Slice]
MemoryAccounting=true
MemoryLimit=8G

Then configure that slice in /etc/docker/daemon.json

{
    "cgroup-parent": "limit-docker-memory.slice"
}

Reload systemctl and restart docker

systemctl daemon-reload
systemctl restart docker

See the relevant section in documentation

DEFAULT CGROUP PARENT

The --cgroup-parent option allows you to set the default cgroup parent to use for containers. If this option is not set, it defaults to /docker for fs cgroup driver and system.slice for systemd cgroup driver.

If the cgroup has a leading forward slash (/), the cgroup is created under the root cgroup, otherwise the cgroup is created under the daemon cgroup.

Assuming the daemon is running in cgroup daemoncgroup, --cgroup-parent=/foobar creates a cgroup in /sys/fs/cgroup/memory/foobar, whereas using --cgroup-parent=foobar creates the cgroup in /sys/fs/cgroup/memory/daemoncgroup/foobar

The systemd cgroup driver has different rules for --cgroup-parent. Systemd represents hierarchy by slice and the name of the slice encodes the location in the tree. So --cgroup-parent for systemd cgroups should be a slice name. A name can consist of a dash-separated series of names, which describes the path to the slice from the root slice. For example, --cgroup-parent=user-a-b.slice means the memory cgroup for the container is created in /sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-.scope.

This setting can also be set per container, using the --cgroup-parent option on docker create and docker run, and takes precedence over the --cgroup-parent option on the daemon.