An unconstrained container can consume as much CPU and memory as the host scheduler allows. Setting Docker resource limits gives one workload a defined boundary, which reduces the chance that a busy or faulty container starves other services on the same host.

The common runtime controls are --memory for a hard memory limit and --cpus for CPU quota. Docker stores those settings in the container host configuration, and docker stats shows whether a running container is approaching the limit.

Limits should match the workload's normal and peak behavior. A memory limit that is too low can trigger out-of-memory kills, while a CPU quota that is too tight can turn normal traffic into latency or timeout failures.

Related: How to run a Docker container
Related: How to inspect container details in Docker

Steps to set Docker container resource limits:

  1. Start the container with explicit CPU and memory limits. 
    $ docker run --detach --name app --memory 128m --cpus 0.50 registry.example.com/team/app:1.0
25136e2fd2d3
  2. Inspect the stored host configuration. 
    $ docker inspect app
[
  {
    "HostConfig": {
      "Memory": 134217728,
      "NanoCpus": 500000000
    }
  }
]

    NanoCpus set to 500000000 represents half of one CPU.

  3. Check live usage after the workload starts. 
    $ docker stats --no-stream app
CONTAINER ID   NAME   CPU %     MEM USAGE / LIMIT   MEM %     NET I/O       BLOCK I/O   PIDS
25136e2fd2d3   app    0.18%     38.2MiB / 128MiB    29.84%    1.2kB / 0B    0B / 0B     3
  4. Update a running container when the initial limit is too small. 
    $ docker update --memory 256m --cpus 1.00 app
app

    Raising a limit does not fix an application memory leak. Treat repeated increases as a signal to inspect the workload.

  5. Confirm the updated values before leaving the change. 
    $ docker inspect app
[
  {
    "HostConfig": {
      "Memory": 268435456,
      "NanoCpus": 1000000000
    }
  }
]