By default, Docker containers run without any resource limits. Processes running in containers can use an unlimited amount of memory, potentially impacting neighboring containers and other workloads on your host.
This is dangerous in production environments. Each container must be configured with an appropriate memory limit to prevent excessive resource consumption. This will help reduce the number of conflicts, which will maximize the overall stability of the system.
How do docker memory limits work?
Docker allows you to set hard and soft memory limits for individual containers. They affect the amount of available memory and behavior when the limit is reached in different ways.
- Memory hard limits set the absolute limit of memory given to the container. Exceeding this limit usually results in the termination of the container process due to lack of memory in the kernel.
- Soft limit memory specifies the amount of memory the container should use. The container is allowed to use more memory if there is free space. It may terminate if it exceeds the soft limit under low memory conditions.
Docker also provides controls for setting limits on swapping memory and changing what happens when the memory limit is reached.
You will see how to use them in the following sections.
Setting Hard and Soft Memory Limits
The hard limit of memory is set by the -m or –memory flag of the docker run command.
It takes the value of 512m (for megabytes) or 2G (for gigabytes):
$ docker run --memory=512m my-app:latest
- The minimum memory requirement for containers is 6 MB.
- Attempting to use –memory values less than 6m will result in an error.
- Soft limit s are set using the –memory-reservation flag.
- This value must be less than -memory.
The limit will only apply if there is contention for container resources or the host runs out of physical memory.
$ docker run --memory=512m --memory-reservation=256m my-app:latest
This example starts a container that has 256 MB of reserved memory. The process can be terminated if it uses 300MB and the capacity runs out. It will always stop if usage exceeds 512MB.
Related: Data Management platform: Best 15 major DMP platforms in 2022
Swap memory management
Containers can be allocated swap memory to provide high utilization without impacting physical memory consumption.
- Swap allows you to write the contents of memory to disk when the available RAM is exhausted.
- The –memory-swap flag controls the amount of swap space available.
- It only works in combination with –memory.
When you set –memory and –memory-swap to different values, the swap value controls the total amount of memory available to the container, including swap space.
The value of the –memory option specifies the portion of this space that is physical memory.
$ docker run --memory=512m --memory-swap=762m my-app:latest
This container has access to 762 MB of memory, of which 512 MB is physical RAM.
The remaining 250 MB is swap space stored on disk.
Setting –memory without –memory-swap gives the container access to the same amount of swap space as physical memory:
$ docker run --memory=512m my-app:latest
This container has a total of 1024MB of memory, of which 512MB of RAM and 512MB of swap.
Swap can be disabled for a container by setting the –memory-swap flag to the same value as –memory.
Because –memory-swap sets the total amount of memory and –memory allocates a fraction of the physical memory, you are telling Docker that 100% of the available memory should be RAM.
In any case, swap only works when it is enabled on your host.
Swap reporting within containers is unreliable and should not be used.
Commands such as free run inside a container display the total amount of swap space on the Docker host, not the swap available to the container.
Conclusion
Docker containers come with no pre-set resource limits. This allows container processes to freely consume an unlimited amount of memory, threatening the stability of your host.
Read also: How Tensorflow works