Benchmark of performance degradation by Docker’s overhead with knowhow of installation&usage of docker
What is Docker and its usage
Docker is virtual environment like vagrant but there are following differences.
– Underlying kernel is shared among running containers(=virtual environment) and its overhead is far smaller than Vagrant which requires OS for each virtual environment and necessary resource
– By describing the system settings in a file, reproducibility of the same system can be secured
– Many docker images for many applications have already been created, shared and distributed like a library of programming language
You have to be cautious to use Docker for production environment but it is definitely suitable for the purpose of defining and sharing development & testing environments.
Benchmark of performance degradation due to Docker overhead
Though docker is said that its overhead is smaller compared to vagrant but it cannot avoid overhead (use of extra resources).
The question is how much performance degradation it is?
Here is result of benchmark.
[Conditions of benchmark]
Used server: Linode Dedicated Instance, 2CPU (AMD EPYC 7501 32-Core Processor) + memory 4GB
Benchmark: Unixbench (What is Unixbench?)
Targets of comparison:
1) No docker
2) Docker
3) Docker with option to make security off for performance ( –security-opt seccomp=unconfined )
Measurement | No Docker | Docker | Docker (Security Off) |
---|---|---|---|
Total CPU score | 1735 | 1255 (-28%) | 1331 (-23%) |
1 CPU score | 1124 | 822 (-27%) | 895 (-20%) |
Dhrystone 2 using register variables | 3536 | 3485 | 3542 |
Double-Precision Whetstone | 1646 | 1633 | 1647 |
Execl Throughput | 1332 | 1300 | 1324 |
File Copy 1024 bufsize 2000 maxblocks | 2503 | 1329 | 1369 |
File Copy 256 bufsize 500 maxblocks | 1646 | 841 | 863 |
File Copy 4096 bufsize 8000 maxblocks | 4091 | 2530 | 2810 |
Pipe Throughput | 1243 | 1162 | 1249 |
Pipe-based Context Switching | 750 | 594 | 625 |
Process Creation | 1291 | 633 | 1016 |
Shell Scripts (1 concurrent) | 2007 | 1113 | 1142 |
Shell Scripts (8 concurrent) | 1953 | 1039 | 1071 |
System Call Overhead | 1201 | 893 | 1197 |
So you have to expect performance degradation about 25% if you make your application run on docker instead of making it run without docker.
Especially
– File IO
– Execution of Shell scripts, which normally represents CPU&OS performance
got much more performance degradation.
Seeing result, if we turn off the security of Docker, you can expect some amount of performance improvement, it is not so much thought process creation can get much more improvement.
And if you use Docker, you have to be careful of how much disk space are used by docker containers & images.
How to install Docker
If you want to install latest version of official docker, not latest of Linux distributor, you can do it like this.
In the case of CentOS 8 or later
sudo dnf remove docker docker-common docker-selinux docker-engine; sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo; sudo dnf install docker-ce;
If you encounter error message like this
Problem: package docker-ce-3: 19.03.10-3.el7.x86_64 requires containerd.io>= 1.2.2-3, but none of the providers can be installed
you should download latest containerd.io from
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm; dnf remove containerd.io; dnf install -y containerd.io-1.2.13-3.2.el7.x86_64.rpm; dnf install -y docker-ce docker-ce-cli;
In the case of CentOS 7 or earlier
sudo yum remove docker docker-common docker-selinux docker-engine sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo yum install docker-ce
Run Docker Daemon
sudo systemctl enable docker.service; sudo systemctl start docker.service
Run the hello world docker and check the operation
docker run hello-world
If you are user with root privilege, you can make it run but if you are a general user, you may encounter following error message.
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix/var/run/docker.sock: connect: permission denied.
In that case, docker can be executed only by a user who belongs to the docker group.
Add the user to docker group to resolve the problem.
sudo gpasswd -a $USERID docker;
Please note that even if a user is added to a group, they must be logged out and logged in again.
Then type
docker run hello-world
and check if the result is displayed properly.
Commands frequently used for Docker
Create Docker image from Dockerfile
docker build --rm -t $IMAGENAME .;
List running Docker processes
docker ps;
Execute command in specified Docker container
docker exec -i -t $container id $something $command
Stop all running Docker processes
docker kill $(docker ps -q);
Delete Docker image
docker rmi $IMAGE;
Delete all Docker images
docker images -aq | xargs docker rmi;
Remove all stopped Docker containers
docker rm $(docker ps -a -q);
Run docker-compose as a daemon (=always running process)
docker-compose up -d
Stop the process launched by docker-compose
docker-compose stop
What is VPS?
OS & Virtual Environment
- How to switch to AlmaLinux from CentOS(RHE’s clone)
- How to upgrade to CentOS 8 from CentOS 7 and its merit
- Benchmark of performance degradation by Docker's overhead with knowhow of installation&usage of docker
Database
Programming Language