I have a host with a resource of 8 cores / 16 GB RAM.  We use cgroup to allocate CPU and memory for our custom application.  We tried to create a static partition resource between our custom application and docker. For example, we are trying to allocate the following :-
4 CPU cores / 8 GB RAM --> docker
3 CPU cores / 6 GB RAM --> custom_app_1
the remaining for OS
We have manage to perform the segregation for custom_app_1. Question is how I create a default limit memory and cpu to our container without having to use the flag --memory or --cpus for individual container.  I don't need to limit each container but I need to make sure that all containers running in the host cannot exceed the usage of 8GB RAM and 4 CPU cores, otherwise, it will be fighting resources with my custom_app_1
When i perform docker stats, each container is seeing 16 GB RAM, how do I configure so that they only see 8 GB RAM and 4 CPU cores instead
So what you need to do is create a SystemD slice for the memory.
# /etc/systemd/system/limit-docker-memory.slice
[Unit]
Description=Slice with MemoryLimit=8G for docker
Before=slices.target
[Slice]
MemoryAccounting=true
MemoryLimit=8G
Then configure that slice in /etc/docker/daemon.json
{
    "cgroup-parent": "limit-docker-memory.slice"
}
Reload systemctl and restart docker
systemctl daemon-reload
systemctl restart docker
See the relevant section in documentation
The --cgroup-parent option allows you to set the default cgroup parent to use for containers. If this option is not set, it defaults to /docker for fs cgroup driver and system.slice for systemd cgroup driver.
If the cgroup has a leading forward slash (/), the cgroup is created under the root cgroup, otherwise the cgroup is created under the daemon cgroup.
Assuming the daemon is running in cgroup daemoncgroup, --cgroup-parent=/foobar creates a cgroup in /sys/fs/cgroup/memory/foobar, whereas using --cgroup-parent=foobar creates the cgroup in /sys/fs/cgroup/memory/daemoncgroup/foobar
The systemd cgroup driver has different rules for --cgroup-parent. Systemd represents hierarchy by slice and the name of the slice encodes the location in the tree. So --cgroup-parent for systemd cgroups should be a slice name. A name can consist of a dash-separated series of names, which describes the path to the slice from the root slice. For example, --cgroup-parent=user-a-b.slice means the memory cgroup for the container is created in /sys/fs/cgroup/memory/user.slice/user-a.slice/user-a-b.slice/docker-.scope.
This setting can also be set per container, using the --cgroup-parent option on docker create and docker run, and takes precedence over the --cgroup-parent option on the daemon.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With