10.4 Resource Usage

Understanding Resource Usage in Containers

Monitoring how containers use system resources helps you keep applications fast, stable, and predictable. In this chapter you will focus only on what is specific to resource usage, not general debugging or logging.

Why Resource Usage Matters

Containers share the host’s CPU, memory, disk, and network. If one container consumes too much, it can slow down or break other services on the same machine. Watching resource usage lets you:

Identify performance bottlenecks inside containers.
Detect runaway processes that leak memory or spin the CPU.
Check that resource limits you configured elsewhere in this course are actually respected.
Plan capacity, for example how many containers a host can safely run.

Using `docker stats` for Live Metrics

The main tool to see container resource usage in real time is docker stats. It streams metrics similar to a lightweight task manager.

When you run docker stats with no arguments, Docker shows statistics for all running containers. You see columns for container ID and name, CPU usage percentage, memory usage and limit, memory percentage, network I/O, block I/O, and the number of processes or threads inside the container.

You can pass one or more container names or IDs to focus on specific containers. This is helpful when one service behaves poorly or you are comparing two versions of the same application.

The CPU percentage shows how much of a single CPU core the container is using. On a multi core system, you might see values above 100 percent. For example, if a container uses two full cores on a four core machine, you can see about 200 percent.

Memory usage shows how much RAM the container is currently using, and if there is a limit, that limit appears next to it. The memory percentage is simply:

$$\text{memory\_percent} = \frac{\text{memory\_used}}{\text{memory\_limit}} \times 100$$

If you did not set a memory limit when starting the container, Docker shows the host memory as the reference, so you must interpret these numbers in that context.

Network I/O and block I/O columns show total bytes sent and received since the container started. These values grow over time. They help you see which containers are heavy on bandwidth or disk access, which can matter for performance tuning or cost.

Interpreting CPU and Memory Consumption

CPU and memory usage mean slightly different things inside containers than in traditional virtual machines, since containers share the kernel and hardware.

If a container constantly shows high CPU usage in docker stats, it might indicate a busy service handling many requests, or a bug such as an infinite loop. Short spikes are often normal, but a steady near 100 percent (or higher when multiple cores are used) can starve other workloads. In those cases you may decide to adjust resource limits in other parts of your workflow or scale the service.

Memory usage that keeps climbing over time can indicate a memory leak in the application. If memory usage approaches the container memory limit, the kernel may start reclaiming memory aggressively, and eventually processes can be killed with out of memory errors. In such situations, you typically combine docker stats with other tools inside the container to understand which process allocates memory.

You should always interpret container memory usage together with the memory limit you configured. A container using 1 GB might be fine on a machine with plenty of RAM, but critical on a small host. Conversely, a container that sits near 90 percent of its memory limit might be healthy if you intentionally set a strict limit to control behavior.

Disk and Network Usage at a Glance

Disk and network activity directly affect application performance, especially for databases, caching layers, and web services.

High block I/O values in docker stats suggest that the container writes or reads a lot from disk. This can be completely normal for databases, but it can also reveal problems like too frequent logging or inefficient file operations. Since docker stats only shows cumulative bytes, you typically watch how quickly the numbers grow over a short interval to understand the rate.

Network I/O shows how much data the container has sent and received. Large and fast growing values can either be expected for busy APIs or can indicate unexpected traffic. Combined with port mapping and networking concepts from earlier chapters, these numbers help you confirm that traffic patterns match your expectations.

Resource Usage over Time and External Tools

The Docker CLI focuses on live and current state, not long term history. If you need to track resource usage over days or weeks, you usually combine Docker with external monitoring tools. These tools collect metrics from the host and from containers, then store and visualize them.

In such systems, the key ideas from this chapter remain the same. You still look at container specific CPU, memory, disk, and network usage, but now you see them as time series graphs rather than a single snapshot. This lets you spot trends, such as gradually increasing memory usage or recurrent spikes at specific times.

Using Resource Information in Your Workflow

Knowing how to read container resource usage is only useful if you act on it. When you see a pattern in the metrics, you decide what to change elsewhere in your workflow.

If CPU usage is consistently high and you see slow responses, you might scale out by running more containers of the same service, or refine your resource limits. If memory usage is close to the limit and you see errors, you can increase the limit, optimize the application, or both. If disk or network use is heavier than expected, you can review logging strategies, caching, or database queries.

The important part is to treat resource metrics as signals. They tell you when containers behave differently from what you designed. You then connect these signals with the tools and techniques from other chapters to debug, tune, or redesign your system.