Kubernetes Notes
  • README
  • 序:Kubernetes之道
  • 搭建开发环境
    • 搭建本地开发测试环境
  • 基本概念
    • Workloads
      • StatefulSet
    • 认证鉴权
      • 理解证书
      • Kubelet配置
    • 垃圾回收
    • Service
  • 基础组件
    • Scheduler
    • 自动扩缩容(HPA)
  • 容器运行时(Container Runtime)
    • CRI
    • Docker
      • 安装配置Docker
      • Docker FAQ
    • Containerd
  • 资源隔离与限制
    • 基础知识
      • Cgroup
      • Namespaces
    • CPU
    • Memory
    • 网络出/入带宽
    • GPU
    • Container
    • FAQ
  • 网络
    • 基础知识
      • Linux network interfaces
      • Iptables
      • Overlay network
    • CNI
    • Flannel
      • Flannel原理
      • host-gw
      • vxlan
      • ipip
    • Calico
    • Cilium
  • Service Mesh
    • Istio
  • 扩展Kubernetes
    • Admission controller
    • Custom resource definition(CRD)
    • Scheduler extender
    • 扩展资源维度
    • Kubectl plugin
    • Aggregator
    • Device plugin
  • 现网问题
    • Kubernetes
    • ETCD
    • Docker
  • 最佳实践
    • 各组件参数配置调优
    • 各大公司生产环境实践
    • 如何打造一个Kubernetes平台
  • 生产力小工具
    • 生成特定权限和配额的kubeconfig
  • 社区贡献
  • 学习资料
  • 附录:RTFSC
    • Informer
    • Pod deletion
Powered by GitBook
On this page
  • 1. 基本操作
  • 参考资料

Was this helpful?

  1. 资源隔离与限制
  2. 基础知识

Cgroup

1. 基本操作

  • Mount cgroup

    mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
mount -t cgroup -o devices cgroup /sys/fs/cgroup/devices
mount -t cgroup -o memory cgroup /sys/fs/cgroup/memory
mount -t cgroup -o cpuset cgroup /sys/fs/cgroup/cpuset
mount -t cgroup -o freezer cgroup /sys/fs/cgroup/freezer
mount -t cgroup -o net_cls cgroup /sys/fs/cgroup/net_cls
mount -t cgroup -o blkio cgroup /sys/fs/cgroup/blkio
mount -t cgroup -o cpu,cpuacct cgroup /sys/fs/cgroup/cpu,cpuacct

    注:

    • Cgroup v1 named hierarchies

      mount -t cgroup -o none,name=somename none /some/mount/point

      Multiple instances of such hierarchies can be mounted; each hierarchy must have a unique name. The only purpose of such hierarchies is to track processes. (See the discussion of release notification below.) An example of this is the name=systemd cgroup hierarchy that is used by systemd(1) to track services and user sessions.

    • mount -t cgroup -o cpuset none /cpuset 中 none的作用

      Certain filesystems aren't associated with a physical device (such as a partition or network share, which is what is expected at that point in the mount command) and it is/was customary to use none for these.

  • 向task中增加pid

    每次只能echo一个pid到task里

    Attaching processes
-----------------------

# /bin/echo PID > tasks

Note that it is PID, not PIDs. You can only attach ONE task at a time.
If you have several tasks to attach, you have to do it one after another:

# /bin/echo PID1 > tasks
# /bin/echo PID2 > tasks
    ...
# /bin/echo PIDn > tasks

  • 向task中减少pid

    如果想把一个pid从某个cgroup task里移除,可以将它echo到另一个(比如:根cgroup)下即可,因为每个pid都必须属于某个cgroup管理。

参考资料

  • Cgroup(from Linux Programmer's Manual): http://man7.org/linux/man-pages/man7/cgroups.7.html

  • https://www.kernel.org/doc/Documentation/cgroup-v1/

  • https://www.kernel.org/doc/Documentation/cgroup-v2.txt

  • RedHat RESOURCE MANAGEMENT GUIDE: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/resource_management_guide/

  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/resource_management_guide/

  • Understanding the new control groups API: https://lwn.net/Articles/679786/

  • What does 'none' mean in “mount -t cgroup -o cpuset none /cpuset”: https://stackoverflow.com/questions/29674879/what-does-none-mean-in-mount-t-cgroup-o-cpuset-none-cpuset

Previous基础知识NextNamespaces

Last updated 4 years ago

Was this helpful?