I have a few services running on a VM. One of these services is user facing and can take up arbitrary amount of system resources bringing down the VM. This service spawns a docker container for each user. Since the resources are shared among many users, I cannot specify a hard limit per container but I want all user containers to pool from a hard limit on memory, cpu. I found out about --cgroup-parent option in docker.
I'm trying to set a custom cgroup as the cgroup parent for each docker container that this service spawns. However, the processes inside these containers are not showing up in /sys/fs/cgroup/memory/system.slice/containerd.service/customcgroup/cgroup.procs and hence they are not respecting limits set in /sys/fs/cgroup/memory/system.slice/containerd.service/customcgroup/memory.limit_in_bytes
These processes do show up in /sys/fs/cgroup/memory/system.slice/containerd.service/customcgroup/containerid/cgroup.procs which is how docker would handle per-container limits on system resources.
How can I pool system resources for only a specific set of docker containers? I'm using cgroups v1.
