Pods and cgroups

Learn about control groups and the atomic deployment of Pods.

We'll cover the following

Atomic deployment of Pods

At a high level, Control Groups (cgroups) are a Linux kernel technology that prevents individual containers from consuming all of the available CPU, RAM, and IOPS on a node. You could say that cgroups actively police resource usage.

Individual containers have their own cgroup limits.

This means it’s possible for two containers in the same Pod to have their own set of cgroup limits. This is a powerful and flexible model. If we assume the typical multi-container Pod example, where a web server that utilizes a file synchronizer, you could set a cgroup limit on the file sync container so that it has access to less resources than the web service container. This might reduce the risk of it starving the web service container of CPU and memory.

Get hands-on with 1200+ tech skills courses.

Kubernetes Primer

Kubernetes Principles of Operation

Installing Kubernetes

Working With Pods: Theory

Working With Pods: Hands-On

Kubernetes Deployments

Kubernetes Services: Theory

Kubernetes Services: Hands-On

Service Discovery

Kubernetes Storage

ConfigMaps

StatefulSets

Threat Modeling Kubernetes

Real-World Kubernetes Security

Conclusion

APPENDIX A: Other Important Stuff

Pods and cgroups