cgroup Controllers

# Enable CPU controller in a cgroup echo "+cpu" > /sys/fs/cgroup/myapp/cgroup.subtree_control # cpu.max — hard limit (quota-based) # Format: "quota_us period_us" cat /sys/fs/cgroup/myapp/cpu.max # max 100000 ← "max" = unlimited (default) # Limit to 50% of 1 CPU: echo "50000 100000" > /sys/fs/cgroup/myapp/cpu.max # 50000 us quota per 100000 us period = 50% of 1 core # Limit to 2 full CPUs: echo "200000 100000" > /sys/fs/cgroup/myapp/cpu.max # cpu.weight — relative share (CFS weight) cat /sys/fs/cgroup/myapp/cpu.weight # 100 ← default (range: 1-10000) # A group with weight 200 gets twice the CPU time as one with weight 100 # (only matters when CPUs are contended) # cpu.stat — CPU usage stats cat /sys/fs/cgroup/myapp/cpu.stat # usage_usec 12345678 ← total CPU time used (microseconds) # user_usec 10000000 ← user space time # system_usec 2345678 ← kernel time # nr_throttled 42 ← times the group hit its quota # throttled_usec 5000000 ← total time spent throttled

# memory.max — hard limit (OOM kill if exceeded) echo $((512 * 1024 * 1024)) > /sys/fs/cgroup/myapp/memory.max # 536870912 = 512MB # memory.high — soft limit (triggers reclaim, slows processes) # Processes continue but kernel aggressively reclaims cache echo $((400 * 1024 * 1024)) > /sys/fs/cgroup/myapp/memory.high # memory.min — guaranteed memory (kernel won't reclaim below this) echo $((100 * 1024 * 1024)) > /sys/fs/cgroup/myapp/memory.min # memory.current — current usage cat /sys/fs/cgroup/myapp/memory.current # 234567890 ← bytes currently used # memory.stat — detailed breakdown cat /sys/fs/cgroup/myapp/memory.stat # anon 123456789 ← anonymous memory (malloc, stack) # file 87654321 ← page cache (file-backed) # kernel_stack 65536 ← kernel stacks for threads in group # slab 12345678 ← kernel slab allocations # sock 98765 ← socket buffers # pgfault 12345 ← page faults # oom_kill 2 ← times OOM killer fired # memory.events — OOM events cat /sys/fs/cgroup/myapp/memory.events # low 0 ← memory.low was hit # high 5 ← memory.high was crossed (5 times) # max 0 ← memory.max was hit (would trigger reclaim) # oom 2 ← OOM conditions occurred # oom_kill 2 ← processes killed by OOM

# io.max — hard I/O rate limit # Format: "MAJ:MIN rbps=N wbps=N riops=N wiops=N" # MAJ:MIN = device major:minor numbers # Get device number: ls -la /dev/sda # brw-rw---- 1 root disk 8, 0 /dev/sda ← 8:0 # Limit reads to 50MB/s, writes to 20MB/s: echo "8:0 rbps=52428800 wbps=20971520" > /sys/fs/cgroup/myapp/io.max # Limit by IOPS: echo "8:0 riops=1000 wiops=500" > /sys/fs/cgroup/myapp/io.max # io.weight — relative priority (like cpu.weight) echo "8:0 200" > /sys/fs/cgroup/myapp/io.weight # io.stat — I/O accounting cat /sys/fs/cgroup/myapp/io.stat # 8:0 rbytes=12345678 wbytes=87654321 rios=1234 wios=5678 dbytes=0 dios=0 # rbytes/wbytes = total bytes read/written # rios/wios = total I/O operations

# Kubernetes pod spec: # resources: # requests: # memory: "256Mi" # cpu: "500m" # 0.5 CPU # limits: # memory: "512Mi" # cpu: "1000m" # 1 CPU # Translates to cgroup settings: # memory.min = 268435456 (256MiB requests) # memory.max = 536870912 (512MiB limit) # cpu.weight = 512 (500m = proportional weight) # cpu.max = "100000 100000" (1000m = 1 CPU = 100% of period) # Find pod's cgroup: # /sys/fs/cgroup/kubepods/burstable/pod-uuid/container-id/