Control groups, usually referred to as cgroups, is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network) for a collection of processes.
Stuff you wanna know:
- Cgroups are a Linux kernel feature which allow processes to be organized into hierarchical groups whose usage of various types of resources can then be limited and monitored.
- A cgroup is, amongst other things, a hierarchical grouping of processes. In Kubernetes, this grouping is found at the container level.
- One idea for making use of cgroup-bpf, is to install BPF programs that collect detailed per-pod and/or per-container network statistics.
More stuff:
- Linux Man page on cgroups — https://man7.org/linux/man-pages/man7/cgroups.7.html
- Pod and Container level network statistics — https://kubernetes.io/blog/2017/12/using-ebpf-in-kubernetes/#pod-and-container-level-network-statistics
- Configuring a cgroup driver — https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/
- Configuring the container runtime cgroup drive — https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/#configuring-the-container-runtime-cgroup-driver
- Configuring the kubelet cgroup driver — https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/#configuring-the-kubelet-cgroup-driver
- Using the cgroupfs driver — https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/#using-the-cgroupfs-driver
- Update the cgroup driver on all nodes — https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/#update-the-cgroup-driver-on-all-nodes
- Verify Pod cgroup limits — https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/#verify-pod-cgroup-limits