Introduction
Docker uses cgroups (control groups) to manage resource constraints like CPU, memory, and I/O for containers. These cgroups are orchestrated through cgroup drivers that act as an interface between Docker and the Linux kernel.
Understanding Docker’s cgroup drivers is critical for:
- Optimizing container resource management
- Integrating container runtime with Kubernetes
- Debugging container performance problems
- Ensuring compatibility with modern OS distributions
📋 What Are Cgroup Drivers?
A cgroup driver tells Docker which mechanism to use to allocate and manage resource control groups (cgroups) in the Linux system.
Docker supports two cgroup driver types:
- cgroupfs — Docker directly manages cgroups via the kernel’s cgroup filesystem
- systemd — Docker delegates cgroup management to
systemd, which manages cgroups unified with system services
As of Docker v20+, both are still relevant depending on OS and platform.
🧱 List of Docker Cgroup Drivers
| Driver | Control Mode | Supported Linux Cgroup Versions |
|---|---|---|
cgroupfs | Direct via /sys/fs/cgroup | cgroup v1 and hybrid v1/v2 |
systemd | Delegated to systemd’s unified hierarchy | Fully cgroup v2 compliant |
🔧 1. cgroupfs Driver
Definition: Docker directly creates and manages cgroups by interacting with the kernel’s cgroup filesystem.
Filesystem structure:
/sys/fs/cgroup/
├── cpu/
├── memory/
├── blkio/
└── ...
✔️ Pros:
- Works with systems without systemd (e.g., Alpine, older distros)
- No systemd overhead
- Independent cgroup hierarchy — doesn’t rely on OS unit governance
❌ Cons:
- Container and system services may use different cgroup hierarchies, causing interference
- Not recommended for Kubernetes — kubelet prefers unified hierarchy
- Difficult to manage under cgroup v2-only systems
📦 Use Cases:
- Minimal Linux OS without systemd (e.g., Alpine, some IoT or embedded systems)
- Isolated, single-node Docker usage
🧭 2. systemd Driver
Definition: Docker delegates cgroup management to systemd, ensuring that containers and system services are part of the same unified hierarchy.
Hierarchy example:
/sys/fs/cgroup/system.slice/docker-<container-id>.scope/
Code language: HTML, XML (xml)✔️ Pros:
- Kubernetes recommended driver via
cgroupDriver: systemd - Prevents conflicting resource handling between services and containers
- Supports cgroup v2 (unified) by default
- Integrated with host’s unit management (service-level resource control)
❌ Cons:
- Requires systemd (not present on Alpine or older distros)
- Slightly more overhead in cgroup management
📦 Use Cases:
- Kubernetes clusters
- Modern Linux systems (Ubuntu 20.04+, RHEL 8+, Debian 11+)
- Mixed workloads where system services and containers need consistent resource governance
📊 Comparison Summary
| Feature | cgroupfs | systemd |
|---|---|---|
| Kubernetes-friendly | ❌ No | ✔️ Yes |
| Works without systemd | ✔️ Yes | ❌ No |
| Unified control system | ❌ No | ✔️ Yes |
| cgroup v2 support | Partial | Full |
| Simplicity | ✔️ Yes | Moderate |
| Recommended by Docker? | Only for non-systemd hosts | ✔️ Preferred driver |
🛠️ How to Check Which Cgroup Driver You’re Using
For Docker:
docker info | grep -i cgroup
Output example:
Cgroup Driver: systemd
Cgroup Version: 2
For Kubernetes:
kubectl get node -o jsonpath='{.items[0].status.nodeInfo.cgroupDriver}'
Code language: PHP (php)🧠 Best Practices and Recommendations
- On Kubernetes clusters: always use
systemdcgroup driver (especially with CRI runtimes) - On lightweight systems without systemd: use
cgroupfs - On cgroup v2-only systems (e.g., newer Ubuntu, RHEL): ensure your Docker is using
systemd - Set cgroup driver consistently across Docker, containerd, and Kubernetes components to avoid mismatch errors
📖 Configure Docker Cgroup Driver
Edit Docker daemon configuration:
sudo vim /etc/docker/daemon.json
Set systemd driver:
{
"exec-opts": ["native.cgroupdriver=systemd"]
}
Code language: JSON / JSON with Comments (json)Restart Docker:
sudo systemctl restart docker
🧭 Troubleshooting Common Issues
❌ Error: “cgroup driver conflict”
Occurs when Docker is using cgroupfs while Kubernetes (kubelet) uses systemd.
Fix: Align both to use systemd
❌ Not recognized cgroup v2
Upgrade Docker runtime to v20+ and configure systemd as cgroup driver.
🧩 Summary
Docker supports two primary cgroup drivers — cgroupfs and systemd. The modern recommendation, especially for Kubernetes or systemd-based distributions, is to use systemd as the cgroup driver.
This ensures unified resource control between system services and containers, avoids cgroup conflicts, and fully supports cgroup v2.
| Scenario | Recommended Driver |
|---|---|
| Modern Linux with systemd (Ubuntu, RHEL, Debian) | systemd |
| Kubernetes clusters | systemd |
| Minimal Linux without systemd | cgroupfs |
| Legacy Docker usage on old OS | cgroupfs |
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
