In the constant pursuit for workload isolation and resource optimization, we witnessed the move from physical to virtualized machines using hypervisors. Using virtualization implies a certain degree of resource usage inefficiency, as the storage, CPU, and memory need to be allocated to each running VM whether it uses them or not. A lot of work has been done in this area to mitigate such inefficiencies but, in the end, fully taking advantage of system resources is still a difficult problem.
With the rise of operating-system-level virtualization on Linux (that is, the use of containers), the mindset changed. We no longer want a full copy of an OS for each workload, but instead, only properly isolated processes to do the desired work. To achieve this, and focusing specifically on Linux containers, a set of kernel features responsible for isolating hardware resources (named cgroups or control groups) and kernel resources (named namespaces) were made available. Resources managed by cgroups are as follows:
- CPU
- Memory
- Disk I/O
- Network
These kernel features allow the user to have fine control over what resources a given workload has available, thus optimizing resource usage. Cgroups metrics are invaluable to any modern monitoring system.