Alibaba Cloud Linux 2 with a kernel of the 4.19.91-22.2.al7 or later version provides kernel interfaces for the container resource visualization feature to enhance the visibility of container resources. This topic describes these interfaces and their sample scenarios.
|/proc/sys/kernel/rich_container_enable||Specifies whether the container resource visualization feature is enabled. Valid values:
|/proc/sys/kernel/rich_container_source||Specifies the data source of the cgroup interface. Valid values:
|/proc/sys/kernel/rich_container_cpuinfo_source||Specifies the number of CPUs that are displayed in the /proc/cpuinfo and /sys/devices/system/cpu/online interfaces. Valid values:
|/proc/sys/kernel/rich_container_cpuinfo_sharesbase||When the value of the /proc/sys/kernel/rich_container_cpuinfo_source interface is set to 2, you must use this interface as a part of the formula to obtain
the final value. The value must be an integer greater than or equal to 2.
Default value: 1024.
In the examples, Docker is deployed in a Linux instance, and a container with 1 GB memory is created.
- If the container resource visualization feature is disabled, the value of the /proc/sys/kernel/rich_container_enable interface is set to 0. When you run the free -m command in the container, resource information is displayed, as shown in the following figure. It is the resource information of the Linux instance on which the container resides.
- If you have run the echo 1 > /proc/sys/kernel/rich_container_enable command on the Linux instance to enable the container resource visualization feature, when you run the free -m command in the container, resource information is displayed, as shown in the following figure. It is the resource information of the container.
In most cases, after the container resource visualization feature is enabled, the default values of the interfaces can meet your requirements. However, you must take note of the interface configurations in the following special scenarios:
For a pod in which the PID namespace is not shared, each container is an independent PID namespace. If you run the systemd command to start a privileged container and if the container process is Process 1, the task of collecting monitoring data is run in a child cgroup instead of the root cgroup of the container.
- If the value of the /proc/sys/kernel/rich_container_source interface is set to 0 when you run the command, the current pointer resides in the child cgroup that is created by sshd.service in the container. In this case, error data is returned.
- If you run the echo 1 > /proc/sys/kernel/rich_container_source command, the cgroup in which the child reaper resides is used as a data source. In this case, valid data is returned.