Docker uses cgroups (control groups)<\/strong> to manage resource constraints like CPU, memory, and I\/O for containers. These cgroups are orchestrated through cgroup drivers<\/strong> that act as an interface between Docker and the Linux kernel.<\/p>\n\n\n\n Understanding Docker\u2019s cgroup drivers is critical for:<\/p>\n\n\n\n A cgroup driver<\/strong> tells Docker which mechanism to use to allocate and manage resource control groups<\/strong> (cgroups) in the Linux system.<\/p>\n\n\n\n Docker supports two cgroup driver types:<\/p>\n\n\n\n As of Docker v20+, both are still relevant depending on OS and platform.<\/p>\n\n\n\n Definition:<\/strong> Docker directly creates and manages cgroups by interacting with the kernel\u2019s cgroup filesystem.<\/p>\n\n\n\n Filesystem structure:<\/strong><\/p>\n\n\n Definition:<\/strong> Docker delegates cgroup management to systemd<\/strong>, ensuring that containers and system services are part of the same unified hierarchy.<\/p>\n\n\n\n Hierarchy example:<\/strong><\/p>\n\n\n Output example:<\/p>\n\n\n Set Restart Docker:<\/p>\n\n\n Occurs when Docker is using Fix:<\/strong> Align both to use Upgrade Docker runtime to v20+ and configure Docker supports two primary cgroup drivers \u2014 This ensures unified resource control between system services and containers, avoids cgroup conflicts, and fully supports cgroup v2.<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Introduction Docker uses cgroups (control groups) to manage resource constraints like CPU, memory, and I\/O for containers. These cgroups are orchestrated through cgroup drivers that act as an interface between… <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[11138],"tags":[],"class_list":["post-54093","post","type-post","status-publish","format-standard","hentry","category-best-tools"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/54093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=54093"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/54093\/revisions"}],"predecessor-version":[{"id":54094,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/54093\/revisions\/54094"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=54093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=54093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=54093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n\n\n\n\ud83d\udccb What Are Cgroup Drivers?<\/h2>\n\n\n\n
\n
systemd<\/code>, which manages cgroups unified with system services<\/li>\n<\/ol>\n\n\n\n
\n\n\n\n\ud83e\uddf1 List of Docker Cgroup Drivers<\/h2>\n\n\n\n
Driver<\/th> Control Mode<\/th> Supported Linux Cgroup Versions<\/th><\/tr><\/thead> cgroupfs<\/code><\/td>Direct via \/sys\/fs\/cgroup<\/code><\/td>cgroup v1 and hybrid v1\/v2<\/td><\/tr> systemd<\/code><\/td>Delegated to systemd\u2019s unified hierarchy<\/td> Fully cgroup v2 compliant<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udd27 1. cgroupfs Driver<\/h2>\n\n\n\n
\/sys\/fs\/cgroup\/\n \u251c\u2500\u2500 cpu\/\n \u251c\u2500\u2500 memory\/\n \u251c\u2500\u2500 blkio\/\n \u2514\u2500\u2500 ...\n<\/code><\/span><\/pre>\n\n\n\u2714\ufe0f Pros:<\/h3>\n\n\n\n
\n
\u274c Cons:<\/h3>\n\n\n\n
\n
\ud83d\udce6 Use Cases:<\/h3>\n\n\n\n
\n
\n\n\n\n\ud83e\udded 2. systemd Driver<\/h2>\n\n\n\n
\/sys\/fs\/cgroup\/system.slice\/docker-<container-id<\/span>><\/span>.scope\/\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>\n\n\n\u2714\ufe0f Pros:<\/h3>\n\n\n\n
\n
cgroupDriver: systemd<\/code><\/li>\n\n\n\n\u274c Cons:<\/h3>\n\n\n\n
\n
\ud83d\udce6 Use Cases:<\/h3>\n\n\n\n
\n
\n\n\n\n\ud83d\udcca Comparison Summary<\/h2>\n\n\n\n
Feature<\/th> cgroupfs<\/code><\/th>systemd<\/code><\/th><\/tr><\/thead>Kubernetes-friendly<\/td> \u274c No<\/td> \u2714\ufe0f Yes<\/td><\/tr> Works without systemd<\/td> \u2714\ufe0f Yes<\/td> \u274c No<\/td><\/tr> Unified control system<\/td> \u274c No<\/td> \u2714\ufe0f Yes<\/td><\/tr> cgroup v2 support<\/td> Partial<\/td> Full<\/td><\/tr> Simplicity<\/td> \u2714\ufe0f Yes<\/td> Moderate<\/td><\/tr> Recommended by Docker?<\/td> Only for non-systemd hosts<\/td> \u2714\ufe0f Preferred driver<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udee0\ufe0f How to Check Which Cgroup Driver You’re Using<\/h2>\n\n\n\n
For Docker:<\/h3>\n\n\n
docker info | grep -i cgroup\n<\/code><\/span><\/pre>\n\n\nCgroup Driver: systemd\nCgroup Version: 2\n<\/code><\/span><\/pre>\n\n\nFor Kubernetes:<\/h3>\n\n\n
kubectl get node -o jsonpath='{.items[0].status.nodeInfo.cgroupDriver}'<\/span>\n<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
\n\n\n\n\ud83e\udde0 Best Practices and Recommendations<\/h2>\n\n\n\n
\n
systemd<\/code> cgroup driver (especially with CRI runtimes)<\/li>\n\n\n\ncgroupfs<\/code><\/li>\n\n\n\nsystemd<\/code><\/li>\n\n\n\n
\n\n\n\n\ud83d\udcd6 Configure Docker Cgroup Driver<\/h2>\n\n\n\n
Edit Docker daemon configuration:<\/h3>\n\n\n
sudo vim \/etc\/docker\/daemon.json\n<\/code><\/span><\/pre>\n\n\nsystemd<\/code> driver:<\/p>\n\n\n{\n \"exec-opts\"<\/span>: [\"native.cgroupdriver=systemd\"<\/span>]\n}\n<\/code><\/span>Code language:<\/span> JSON \/ JSON with Comments<\/span> (<\/span>json<\/span>)<\/span><\/small><\/pre>\n\n\nsudo systemctl restart docker\n<\/code><\/span><\/pre>\n\n\n
\n\n\n\n\ud83e\udded Troubleshooting Common Issues<\/h2>\n\n\n\n
\u274c Error: “cgroup driver conflict”<\/h3>\n\n\n\n
cgroupfs<\/code> while Kubernetes (kubelet) uses systemd<\/code>.<\/p>\n\n\n\nsystemd<\/code><\/p>\n\n\n\n\u274c Not recognized cgroup v2<\/h3>\n\n\n\n
systemd<\/code> as cgroup driver.<\/p>\n\n\n\n
\n\n\n\n\ud83e\udde9 Summary<\/h2>\n\n\n\n
cgroupfs<\/code> and systemd<\/code>. The modern recommendation, especially for Kubernetes or systemd-based distributions, is to use systemd<\/code><\/strong> as the cgroup driver.<\/p>\n\n\n\nScenario<\/th> Recommended Driver<\/th><\/tr><\/thead> Modern Linux with systemd (Ubuntu, RHEL, Debian)<\/td> systemd<\/td><\/tr> Kubernetes clusters<\/td> systemd<\/td><\/tr> Minimal Linux without systemd<\/td> cgroupfs<\/td><\/tr> Legacy Docker usage on old OS<\/td> cgroupfs<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n