Introduction
Docker containers consuming excessive CPU can degrade overall host performance and affect other containers. This guide covers systematic diagnosis and remediation using built-in Docker tools and Linux profiling utilities.
Symptoms
- Container CPU usage consistently above 80%
- Host system slowdown and increased load average
- Other containers experiencing throttling
- 'docker stats' showing high CPU percentages
- Container unresponsive to health checks
Common Causes
- Infinite loops or inefficient algorithms in application code
- Missing resource constraints allowing unlimited CPU usage
- Background processes spinning on polling
- Cryptocurrency miners or compromised containers
- Garbage collection thrashing in JVM/Node.js applications
- Database connection pool exhaustion causing retry loops
Step-by-Step Fix
- 1.Identify high CPU containers:
- 2.```bash
- 3.docker stats --no-stream --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"
- 4.
` - 5.Analyze processes inside the container:
- 6.```bash
- 7.docker exec <container> top -bn1 | head -20
- 8.docker exec <container> ps aux --sort=-%cpu | head -10
- 9.
` - 10.Profile with perf for detailed analysis:
- 11.```bash
- 12.# Run perf inside container (requires --privileged or appropriate caps)
- 13.docker run --rm --privileged --pid=host myimage perf top -p <pid>
- 14.
` - 15.Set CPU limits to constrain usage:
- 16.```bash
- 17.# Runtime limit
- 18.docker update --cpus="1.5" <container>
# Or in docker-compose.yml services: app: deploy: resources: limits: cpus: '1.5' reservations: cpus: '0.5' ```
- 1.Implement application-level fixes:
- 2.- Add backoff strategies for retry logic
- 3.- Optimize hot paths identified by profiling
- 4.- Tune garbage collection parameters
- 5.- Implement connection pooling properly
Prevention
- Always set CPU limits in production
- Use horizontal scaling instead of vertical scaling
- Implement proper circuit breakers
- Monitor CPU trends with alerting
- Profile applications before deployment