Manuel Ganter
5e470c33a5
All checks were successful
ci / build (push) Successful in 30s
Add cgroup-based process grouping to the resource collector. Processes are grouped by their cgroup path, with container names resolved via configurable process-to-container mapping. New features: - Read cgroup info from /proc/[pid]/cgroup (supports v1 and v2) - Parse K8s resource notation (500m, 1Gi, etc.) for CPU/memory limits - Group metrics by container using CGROUP_PROCESS_MAP env var - Calculate usage percentages against limits from CGROUP_LIMITS env var - Output cgroup metrics with CPU cores used, memory RSS, and percentages Environment variables: - CGROUP_PROCESS_MAP: Map process names to container names for discovery - CGROUP_LIMITS: Define CPU/memory limits per container in K8s notation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
81 lines
2.4 KiB
YAML
81 lines
2.4 KiB
YAML
# Docker Compose test setup for cgroup grouping verification
|
|
# Run with: docker compose -f test/docker/docker-compose.yaml up
|
|
#
|
|
# NOTE: Docker Compose doesn't have a direct equivalent to K8s shareProcessNamespace.
|
|
# Options:
|
|
# 1. pid: "host" - sees ALL host processes (not container-specific)
|
|
# 2. pid: "service:<name>" - chains PID namespace to another service
|
|
#
|
|
# For proper testing, use Kubernetes or run containers manually with --pid=container:<id>
|
|
|
|
services:
|
|
# Simulate a runner workload (this will be the "root" of the shared PID namespace)
|
|
# Uses 'cat' reading from a fifo as a unique identifiable process
|
|
runner:
|
|
image: busybox:latest
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
echo "Runner started (PID 1 in namespace)"
|
|
mkfifo /tmp/runner_fifo
|
|
# 'cat' will be our identifiable runner process (blocks on fifo)
|
|
cat /tmp/runner_fifo &
|
|
CAT_PID=$!
|
|
# Generate CPU load with dd
|
|
while true; do
|
|
dd if=/dev/zero of=/dev/null bs=1M count=50 2>/dev/null
|
|
done
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "0.5"
|
|
memory: 256M
|
|
# This container owns the PID namespace
|
|
|
|
# Simulate a sidecar service - shares PID namespace with runner
|
|
sidecar:
|
|
image: busybox:latest
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
echo "Sidecar started"
|
|
# List processes to verify shared namespace
|
|
ps aux
|
|
while true; do
|
|
sleep 10
|
|
done
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "0.1"
|
|
memory: 128M
|
|
pid: "service:runner" # Share PID namespace with runner
|
|
depends_on:
|
|
- runner
|
|
|
|
# Resource collector - shares PID namespace with runner
|
|
collector:
|
|
build:
|
|
context: ../..
|
|
dockerfile: Dockerfile
|
|
target: collector
|
|
command:
|
|
- --interval=3s
|
|
- --top=5
|
|
- --log-format=json
|
|
environment:
|
|
# Map unique process names to container names
|
|
# 'cat' runs only in runner, 'sleep' runs only in sidecar
|
|
CGROUP_PROCESS_MAP: '{"cat":"runner","sleep":"sidecar","resource-collec":"collector"}'
|
|
CGROUP_LIMITS: '{"runner":{"cpu":"500m","memory":"256Mi"},"sidecar":{"cpu":"100m","memory":"128Mi"},"collector":{"cpu":"100m","memory":"64Mi"}}'
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "0.1"
|
|
memory: 64M
|
|
pid: "service:runner" # Share PID namespace with runner
|
|
depends_on:
|
|
- runner
|
|
- sidecar
|