Containerized applications are increasingly popular due to their portability and scalability.
However, uncontrolled use of system resources like disk space and bandwidth can lead to performance bottlenecks, security risks, and even system downtime.
Here’s why setting limits becomes crucial:
Disk Overrun: Without limits, containers may consume excess disk space, impacting other applications.
Network Saturation: Unregulated bandwidth can throttle the performance of critical services.
Security Risks: Unrestricted usage increases the risk of DoS attacks or resource exhaustion.
Step-by-Step Instructions for Disk and Bandwidth Limits:
In this example, let's set the disk size limit to 10 GB and the bandwidth limit to 10 Mbps.
We've chosen Ubuntu, a widely used Linux distribution in cloud and container environments.
Step 1: Set Disk Size Limit to 10GB:
Edit the Docker Daemon configuration file to enforce a disk limit:
sudo nano /etc/docker/daemon.json
Add this configuration to restrict containers to 10GB of disk space:
{
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.size=10G"
]
}
Restart Docker to apply the limit:
sudo systemctl restart docker
Step 2: Set Bandwidth Limit to 10Mbps
Create a script that limits bandwidth for all Docker containers:
sudo nano /usr/local/bin/limit_bandwidth.sh
Add the following content to the script:
#!/bin/bash
INTERFACE=$(docker inspect -f '' $(docker ps -q))
tc qdisc add dev $INTERFACE root tbf rate 10mbit burst 32kbit latency 400ms
Make the script executable:
sudo chmod +x /usr/local/bin/limit_bandwidth.sh
Create a systemd service to apply the bandwidth limit automatically when Docker starts:
sudo nano /etc/systemd/system/docker-bandwidth-limit.service
Add this content to the service file:
[Unit]
Description=Limit bandwidth for Docker containers
After=docker.service
[Service]
ExecStart=/usr/local/bin/limit_bandwidth.sh
Type=oneshot
RemainAfterExit=true
[Install]
WantedBy=multi-user.target
Enable the service and start it:
sudo systemctl daemon-reload
sudo systemctl start docker-bandwidth-limit.service
sudo systemctl enable docker-bandwidth-limit.service
Step 3: Verify the Limits
Run a container above the 10GB limit:
docker run -d --storage-opt size=15G ubuntu
Expected output:
Error response from daemon: error creating overlay mount to /var/lib/docker/overlay2: disk quota exceeded
Try exceeding the 10Mbps bandwidth limit:
docker run -d --cap-add=NET_ADMIN ubuntu tc qdisc add dev eth0 root tbf rate 20mbit burst 32kbit latency 400ms
Expected output:
Error: argument "20mbit" is wrong: Rate too high for configured limit
With this, you create a controlled and predictable environment.
Hope you find this use case helpful in your learning journey!