问题
Below is the CloudFormation template to configure ECS task containers on AWS EC2 instance(Linux):
TodobackendTaskDefinition:
Type: "AWS::ECS::TaskDefinition"
Properties:
ContainerDefinitions:
- Name: todobackend
Image: someacct/todobackend
Memory: 450
MountPoints:
- ContainerPath: /var/www/todobackend
SourceVolume: webroot
- Name: nginx
Image: someacct/todobackend-nginx
Memory: 300
PortMappings:
- ContainerPort: "8000"
HostPort: "8000"
MountPoints:
- ContainerPath: /var/www/todobackend
SourceVolume: webroot
Volumes:
- Name: webroot
Host:
SourcePath: /ecs/webroot
TodobackendAdhocTaskDefinition:
Type: "AWS::ECS::TaskDefinition"
Properties:
ContainerDefinitions:
- Name: todobackend
Image: someacct/todobackend
Memory: 245
MountPoints:
- ContainerPath: /var/www/todobackend
SourcePath: webroot
Volumes:
- Name: webroot
Host:
SourcePath: /ecs/webroot
where memory attribute for three containers are evenly divided(450+300+250 MB) assuming that these 3 containers are running on t2.micro EC2 instance type that has 1 GB RAM allocated(physical)
Changing these values(of "Memory") randomly makes the container run or fail without knowing proper reason for failure.
On failure, we get such errors, on debugging in AWS cloud:
Containers do not run ON docker. Containers are processes - they run on linux kernel. Containers are Linux processes(or Windows)
Docker container namespace is internally created using runtime·clone() system call.
Memory management map each process virtual address space to physical address space. Process management refers virtual addresses, but not physical address.
For Memory: 300MB syntax in the above code, AWS documentation says: "The amount (in MiB) of memory to present to the container."
In docker world, containerd creates shim process for every new container.
runc actually creates a container process.
1)
What does assigning of RAM Memory: 300MB size to a container process, mean?in the above code... Is it a size of physical address space of a process(or virtual address space of a process)?
2)
Does runc userspace program use runtime·clone() system call to set physical memory space(Memory: 300MB) for each container process?
https://github.com/golang/go/blob/1650f1ba0b964a06a242c3318e85b3b46f010614/src/runtime/sys_linux_amd64.s#L540
回答1:
You should not use memory parameter in such a small instance with such minimum memory, remember there is one big difference between these two, by reaching memory limit your container will be killed.
With memoryReservation you container can consume more memory and if one container under load then it will able consume memory more then desired limit.
memoryReservation
The soft limit (in MiB) of memory to reserve for the container. When system memory is under contention, Docker attempts to keep the container memory to this soft limit; however, your container can consume more memory when needed.
memory
The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed.
container_definition_memory
Where this memory parameter not controlled by the container itself but controlled by ECS agent.
ECS_agent
How to calculate memory size needed for each docker container?
Where your this question is a concern, this totally depends on the underlying application that you are going to run in the container. I saw you are using nginx you can read here nginx-plus-sizing-guide
来源:https://stackoverflow.com/questions/59222213/does-user-space-programrunc-regulate-the-size-of-physical-address-space-of-a-d