How does a container use more memory than the limit?

My project can be an overloaded system, and I have to increase reliability by specifying a suitable container limit by which the shared mem from node should not be shared. But I am confused with the following statements in the Kubernetes v1.1 Qos Resource document :

Incompressible resource guarantees

  • if they exceed their memory request, they can be killed (if any other container needs memory)

  • Containers will be killed if they use more memory than their limit.

and the docker stats shows "LIMIT" for each container:

enter image description here

I think this means that containers will not use mems more than "LIMIT", since I sometimes met with MEM% 100% , so how and when are the containers killed?

Update

I think OOM Killer is enabled with a default value of 0 .

 > cat /proc/sys/vm/oom_kill_allocating_task 0 
0
source share
1 answer

The cgroup memory limit function is used, so I recommend reading the cgroup document:

Tasks that attempt to consume more memory than they are solved are immediately killed by the OOM killer.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/sec-memory.html

+1
source

Source: https://habr.com/ru/post/1244417/


All Articles