Introduction A Docker container consuming excessive CPU can degrade host performance, trigger throttling, and impact other containers on the same host. Without CPU limits, a single container can monopolize all available CPU resources.
Symptoms - Host CPU usage above 90% from a single container - `docker stats` shows container using >100% CPU (multi-core) - Other containers on same host become unresponsive - Container process stuck in infinite loop or tight polling - Application response times degrading
Common Causes - No CPU limits configured on the container - Infinite loop or busy-wait in application code - Tight polling loops without backoff - Garbage collection storms (JVM, Go) - Cryptocurrency mining malware in compromised container
Step-by-Step Fix 1. **Identify the offending container**: ```bash docker stats --no-stream --format "table {{.Name}} {{.CPUPerc}} {{.MemUsage}}" ```
- 1.Find the CPU-consuming process inside the container:
- 2.```bash
- 3.docker top <container-name> -eo pid,pcpu,pmem,comm | sort -k2 -rn | head -10
- 4.# Or with nsenter
- 5.PID=$(docker inspect --format '{{.State.Pid}}' <container-name>)
- 6.nsenter -t $PID -m -u -i -n -p -- top -bn1 | head -20
- 7.
` - 8.Apply CPU limits immediately:
- 9.```bash
- 10.# Docker Compose
- 11.# deploy:
- 12.# resources:
- 13.# limits:
- 14.# cpus: "2.0"
- 15.# reservations:
- 16.# cpus: "0.5"
# Or docker run docker run --cpus=2.0 --cpu-shares=512 my-app ```
- 1.Update running container limits:
- 2.```bash
- 3.docker update --cpus=2.0 --cpu-shares=512 <container-name>
- 4.
`