三、对内存使用的限制
3.1 限制容器可以使用的最大内存
-m(--memory=):用于限制容器可以使用的最大内存 [root@localhost ~]# docker run -itd --name c4 -m 512m centos:7 /bin/bash fb2ee21e0468d1426aacbd50bf628ba9314c9727ad67a0e7229d64901916f9f5 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fb2ee21e0468 centos:7 "/bin/bash" 7 seconds ago Up 6 seconds c4 81e3ea8f526e centos:7 "/bin/bash" 6 minutes ago Up 6 minutes c3 5c88ac86d48f centos:7 "/bin/bash" 13 minutes ago Exited (255) 6 minutes ago c2 5dfeb7d377aa centos:7 "/bin/bash" 15 minutes ago Exited (255) 6 minutes ago c1 [root@localhost ~]#docker stats CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS fb2ee21e0468 c4 0.00% 392KiB / 512MiB 0.07% 648B / 0B 0B / 0B 1 81e3ea8f526e c3 0.00% 202.2MiB / 1.781GiB 11.09% 32.3MB / 244kB 58.3MB / 25.3MB 1
3.2 限制可用的swap大小
–memory-swap :限制可用的swap大小
强调一下,–memory-swap是必须要与–memory一起使用的。
正常情况下,–memory-swap的值包含容器可用内存和可用swap。
所以-m 300m --memory-swap=1g的含义为:容器可以使用300M的物理内存,并且可以使用700M(1G-300)的swap。
如果–memory-swap 设置为0或者不设置,则容器可以使用的swap大小为-m值的两倍。
如果–memory-swap 的值和-m值相同,则容器不能使用swap。
如果–memory-swap值为-1,它表示容器程序使用的内存受限,而可以使用的swap空间使用不受限制(宿主机有多少swap容器就可以使用多少)。
四、对磁盘Io配额控制(blkio)的限制
–device-read-bps:限制某个设备上的读速度bps(数据量),单位可以是kb、mb(M)或者gb。
–device-read-iops:限制读某个设备的iops(次数)
–device-write-iops:限制写入某个设备的iops(次数)
例: docker run -itd --name test6 --device-read-bps /dev/sda:1mb centos:7 /bin/bash --device-write-bps:限制某个设备上的写速度bps(数据量),单位可以是kb、mb(M)或者gb。 例: docker run -itd --name c6 --device-write-bps /dev/sda:1mb centos:7 /bin/bash
4.1 创建容器,并限制写速度
#创建容器c6并限制写速度 [root@localhost ~]# docker run -itd --name c6 --device-write-bps /dev/sda:1mb centos:7 /bin/bash 525d77ff742386a8d676500326850597030fa966cdf9c1ef06bf3d3dd7f840c3 [root@localhost ~]# docker exec -it c6 bash #通过dd命令来验证写的速度 [root@525d77ff7423 /]# dd if=/dev/zero of=/opt/test.out bs=10M count=5 oflag=direct 5+0 records in 5+0 records out 52428800 bytes (52 MB) copied, 50.5056 s, 1.0 MB/s [root@525d77ff7423 /]#
五、清除docker占用的磁盘空间
docker system prune -a #可用于清理磁盘,删除关闭的容器、无用的数据卷和网络
#查看容器 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 525d77ff7423 centos:7 "/bin/bash" 3 minutes ago Up 3 minutes c6 fb2ee21e0468 centos:7 "/bin/bash" 12 minutes ago Up 12 minutes c4 81e3ea8f526e centos:7 "/bin/bash" 18 minutes ago Up 18 minutes c3 5c88ac86d48f centos:7 "/bin/bash" 25 minutes ago Exited (255) 19 minutes ago c2 5dfeb7d377aa centos:7 "/bin/bash" 27 minutes ago Exited (255) 19 minutes ago c1 #清理磁盘 [root@localhost ~]# docker system prune -a WARNING! This will remove: - all stopped containers - all networks not used by at least one container - all images without at least one container associated to them - all build cache Are you sure you want to continue? [y/N] y Deleted Containers: 5c88ac86d48f80c6261c834f92fbb1e89c67c3b8547d5cce91ec3ae56b476525 5dfeb7d377aafd309c90642799c6165026013af074b455e2da61cb2dfdb85957 Deleted Images: untagged: stevelugyq/nginx:latest untagged: stevelugyq/nginx@sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4 deleted: sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d deleted: sha256:1e877fb1acf761377390ab38bbad050a1d5296f1b4f51878c2695d4ecdb98c62 deleted: sha256:834e54d50f731515065370d1c15f0ed47d2f7b6a7b0452646db80f14ace9b8de deleted: sha256:d28ca7ee17ff94497071d5c075b4099a4f2c950a3471fc49bdf9876227970b24 deleted: sha256:096f97ba95539883af393732efac02acdd0e2ae587a5479d97065b64b4eded8c deleted: sha256:de7e3b2a7430261fde88313fbf784a63c2229ce369b9116053786845c39058d5 deleted: sha256:ad6562704f3759fb50f0d3de5f80a38f65a85e709b77fd24491253990f30b6be Total reclaimed space: 562.7MB #再次查看容器 [root@localhost ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 525d77ff7423 centos:7 "/bin/bash" 3 minutes ago Up 3 minutes c6 fb2ee21e0468 centos:7 "/bin/bash" 12 minutes ago Up 12 minutes c4 81e3ea8f526e centos:7 "/bin/bash" 18 minutes ago Up 18 minutes c3 [root@localhost ~]#
总结
1.对cpu的限制参数
docker run -cpu-period #设置调度周期时间1000~1000000 -cpu-quota #设置容器进程的CPU占用时间,要与调度周期时间成比例 --cpu-shares #设置多个容器之间的CPU资源占用比 --cpuset-cpus #绑核(第一个CPU从0开始)
2.对内存的限制
-m 物理内存 [--memory-swap=总值]
3.对磁盘IO的限制
--device-read-bps 设备文件:1mb/1M #读速度 --device-write-bps #写速度 --device-read-iops #读次数 --device-write-iops #写次数 docker system prune -a #释放无用的资源
