Docker Tutorials: Docker Cgroup Drivers – Complete Guide

Turn Your Vehicle Into a Smart Earning Asset

While you’re not driving your car or bike, it can still be working for you. MOTOSHARE helps you earn passive income by connecting your vehicle with trusted renters in your city.

🚗 You set the rental price
🔐 Secure bookings with verified renters
📍 Track your vehicle with GPS integration
💰 Start earning within 48 hours

It’s simple, safe, and rewarding. Your vehicle. Your rules. Your earnings.

Introduction

Docker uses cgroups (control groups) to manage resource constraints like CPU, memory, and I/O for containers. These cgroups are orchestrated through cgroup drivers that act as an interface between Docker and the Linux kernel.

Understanding Docker’s cgroup drivers is critical for:

Optimizing container resource management
Integrating container runtime with Kubernetes
Debugging container performance problems
Ensuring compatibility with modern OS distributions

📋 What Are Cgroup Drivers?

A cgroup driver tells Docker which mechanism to use to allocate and manage resource control groups (cgroups) in the Linux system.

Docker supports two cgroup driver types:

cgroupfs — Docker directly manages cgroups via the kernel’s cgroup filesystem
systemd — Docker delegates cgroup management to systemd, which manages cgroups unified with system services

As of Docker v20+, both are still relevant depending on OS and platform.

🧱 List of Docker Cgroup Drivers

Driver	Control Mode	Supported Linux Cgroup Versions
`cgroupfs`	Direct via `/sys/fs/cgroup`	cgroup v1 and hybrid v1/v2
`systemd`	Delegated to systemd’s unified hierarchy	Fully cgroup v2 compliant

🔧 1. cgroupfs Driver

Definition: Docker directly creates and manages cgroups by interacting with the kernel’s cgroup filesystem.

Filesystem structure:

/sys/fs/cgroup/
 ├── cpu/
 ├── memory/
 ├── blkio/
 └── ...

✔️ Pros:

Works with systems without systemd (e.g., Alpine, older distros)
No systemd overhead
Independent cgroup hierarchy — doesn’t rely on OS unit governance

❌ Cons:

Container and system services may use different cgroup hierarchies, causing interference
Not recommended for Kubernetes — kubelet prefers unified hierarchy
Difficult to manage under cgroup v2-only systems

📦 Use Cases:

Minimal Linux OS without systemd (e.g., Alpine, some IoT or embedded systems)
Isolated, single-node Docker usage

🧭 2. systemd Driver

Definition: Docker delegates cgroup management to systemd, ensuring that containers and system services are part of the same unified hierarchy.

Hierarchy example:

/sys/fs/cgroup/system.slice/docker-<container-id>.scope/
Code language: HTML, XML (xml)

✔️ Pros:

Kubernetes recommended driver via cgroupDriver: systemd
Prevents conflicting resource handling between services and containers
Supports cgroup v2 (unified) by default
Integrated with host’s unit management (service-level resource control)

❌ Cons:

Requires systemd (not present on Alpine or older distros)
Slightly more overhead in cgroup management

📦 Use Cases:

Kubernetes clusters
Modern Linux systems (Ubuntu 20.04+, RHEL 8+, Debian 11+)
Mixed workloads where system services and containers need consistent resource governance

📊 Comparison Summary

Feature	`cgroupfs`	`systemd`
Kubernetes-friendly	❌ No	✔️ Yes
Works without systemd	✔️ Yes	❌ No
Unified control system	❌ No	✔️ Yes
cgroup v2 support	Partial	Full
Simplicity	✔️ Yes	Moderate
Recommended by Docker?	Only for non-systemd hosts	✔️ Preferred driver

🛠️ How to Check Which Cgroup Driver You’re Using

For Docker:

docker info | grep -i cgroup

Output example:

Cgroup Driver: systemd
Cgroup Version: 2

For Kubernetes:

kubectl get node -o jsonpath='{.items[0].status.nodeInfo.cgroupDriver}'
Code language: PHP (php)

🧠 Best Practices and Recommendations

On Kubernetes clusters: always use systemd cgroup driver (especially with CRI runtimes)
On lightweight systems without systemd: use cgroupfs
On cgroup v2-only systems (e.g., newer Ubuntu, RHEL): ensure your Docker is using systemd
Set cgroup driver consistently across Docker, containerd, and Kubernetes components to avoid mismatch errors

📖 Configure Docker Cgroup Driver

Edit Docker daemon configuration:

sudo vim /etc/docker/daemon.json

Set systemd driver:

{
  "exec-opts": ["native.cgroupdriver=systemd"]
}
Code language: JSON / JSON with Comments (json)

Restart Docker:

sudo systemctl restart docker

🧭 Troubleshooting Common Issues

❌ Error: “cgroup driver conflict”

Occurs when Docker is using cgroupfs while Kubernetes (kubelet) uses systemd.

Fix: Align both to use systemd

❌ Not recognized cgroup v2

Upgrade Docker runtime to v20+ and configure systemd as cgroup driver.

🧩 Summary

Docker supports two primary cgroup drivers — cgroupfs and systemd. The modern recommendation, especially for Kubernetes or systemd-based distributions, is to use systemd as the cgroup driver.

This ensures unified resource control between system services and containers, avoids cgroup conflicts, and fully supports cgroup v2.

Scenario	Recommended Driver
Modern Linux with systemd (Ubuntu, RHEL, Debian)	systemd
Kubernetes clusters	systemd
Minimal Linux without systemd	cgroupfs
Legacy Docker usage on old OS	cgroupfs

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND

Rajesh Kumar DailyLogs

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification - Learn the fundamentals and advanced concepts of DevOps practices and tools.

DevSecOps Certification - Master the integration of security within the DevOps workflow.

SRE Certification - Gain expertise in Site Reliability Engineering and ensure reliability at scale.

MLOps Certification - Dive into Machine Learning Operations and streamline ML workflows.

AiOps Certification - Discover AI-driven operations management for next-gen IT environments.

3 Comments

Newest

Oldest Most Voted

Inline Feedbacks

View all comments

Skylar Bennett

8 days ago

This blog post on Docker cgroup drivers provides an in-depth and clear explanation of a fundamental aspect of container management. It effectively breaks down how Docker utilizes cgroups to manage and isolate system resources such as CPU, memory, and I/O, ensuring containers run efficiently and do not interfere with each other. The guide also does a great job of explaining the different cgroup drivers, like cgroupfs and systemd, and how they impact container performance and compatibility with orchestration tools like Kubernetes. This post is incredibly valuable for DevOps professionals and system administrators, especially those working with containerized environments in production. It offers essential insights into resource management and isolation, which are key to maintaining stable and reliable systems. Overall, it’s a must-read for anyone looking to deepen their understanding of Docker’s internal workings and improve their container management skills.

19 days ago

nice

Jason Mitchell

Loved this guide — it explained cgroup drivers in a way that finally made sense to me. Felt like chatting with a friend who actually knows Docker. Seriously, great job on this!