feat: limit resource usage

ansible/group_vars/all.yml

@@ -35,7 +35,21 @@ docker_registry_password: "{{ docker_registry_password if docker_registry_passwo
 docker_log_driver: "json-file"
 docker_log_opts:
   max-size: 30m
-  max-file: '3'
+  max-file: "3"
+# Docker memory limit in format <number>[<unit>]. Number is a positive integer.
+# Unit can be B (byte), K (kibibyte, 1024B), M (mebibyte), G (gibibyte), T (tebibyte), or P (pebibyte).
+# Omitting the unit defaults to bytes.
+#
+# By default, set the maximum available memory
+docker_memory_limit: "{{ ansible_memtotal_mb }}M"
+# Docker memory swap limit. Using swap allows the container to write excess memory
+# requirements to disk when the container has exhausted all the RAM that's available
+# to it. There is a performance penalty for applications that swap memory to disk often.
+#
+# By default, set the same value as docker_memory_limit to prevent containers from using the swap
+docker_memory_swap_limit: "{{ docker_memory_limit }}"
+# How much of the available CPU resources a container can use.
+docker_cpus_limit: "{{ ansible_processor_count }}"
 
 ##################
 # Service options

ansible/roles/alertmanager/defaults/main.yml

@@ -7,6 +7,11 @@ alertmanager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ al
 alertmanager_volume: "alertmanager_data"
 alertmanager_docker_log_driver: "{{ docker_log_driver }}"
 alertmanager_docker_log_opts: "{{ docker_log_opts }}"
+# Docker resource limit
+alertmanager_docker_memory_limit: "{{ docker_memory_limit }}"
+alertmanager_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+alertmanager_docker_cpus_limit: "{{ docker_cpus_limit }}"
+
 amtool_docker_namespace: "{{ docker_namespace if docker_namespace else 'kiennt26' }}"
 amtool_version: "v2.52.0-v0.27.0"
 amtool_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ amtool_docker_namespace }}/pramtool:{{ amtool_version }}"
@@ -164,3 +169,6 @@ alertmanager_services:
         {{ pre }}-{{ flag }}={{ flag_value }}{% endfor %}
     log_driver: "{{ alertmanager_docker_log_driver }}"
     log_options: "{{ alertmanager_docker_log_opts }}"
+    memory: "{{ alertmanager_docker_memory_limit }}"
+    memory_swap: "{{ alertmanager_docker_memory_swap_limit }}"
+    cpus: "{{ alertmanager_docker_cpus_limit }}"

ansible/roles/alertmanager/tasks/config.yml

@@ -70,6 +70,9 @@
     network_mode: "{{ item.value.network_mode }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   when:
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool

ansible/roles/cadvisor/defaults/main.yml

@@ -5,6 +5,10 @@ cadvisor_docker_namespace: "{{ docker_namespace if docker_namespace else 'cadvis
 cadvisor_image: "{{ docker_registry ~ '/' if docker_registry else 'gcr.io/' }}{{ cadvisor_docker_namespace }}/cadvisor:v{{ cadvisor_version }}"
 cadvisor_docker_log_driver: "{{ docker_log_driver }}"
 cadvisor_docker_log_opts: "{{ docker_log_opts }}"
+# Docker resource limit
+cadvisor_docker_memory_limit: "{{ docker_memory_limit }}"
+cadvisor_docker_cpus_limit: "{{ docker_cpus_limit }}"
+cadvisor_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
 
 # Cadvisor arguments
 # ------------------
@@ -52,3 +56,6 @@ cadvisor_services:
     network_mode: "host"
     log_driver: "{{ cadvisor_docker_log_driver }}"
     log_options: "{{ cadvisor_docker_log_opts }}"
+    memory: "{{ cadvisor_docker_memory_limit }}"
+    memory_swap: "{{ cadvisor_docker_memory_swap_limit }}"
+    cpus: "{{ cadvisor_docker_cpus_limit }}"

ansible/roles/cadvisor/tasks/config.yml

@@ -11,6 +11,9 @@
     network_mode: "{{ item.value.network_mode }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   when:
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool

ansible/roles/grafana/defaults/main.yml

@@ -6,6 +6,11 @@ grafana_data_volume: "grafana"
 grafana_logs_volume: "grafana_log"
 grafana_docker_log_driver: "{{ docker_log_driver }}"
 grafana_docker_log_opts: "{{ docker_log_opts }}"
+# Docker resource limit
+grafana_docker_memory_limit: "{{ docker_memory_limit }}"
+grafana_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+grafana_docker_cpus_limit: "{{ docker_cpus_limit }}"
+
 grafana_config_dir: "{{ ansitheus_config_dir }}/grafana/"
 grafana_data_dir: "/var/lib/grafana"
 grafana_log_dir: "/var/log/grafana"
@@ -122,3 +127,6 @@ grafana_services:
       - "{{ grafana_logs_volume }}:/var/log/grafana"
     log_driver: "{{ grafana_docker_log_driver }}"
     log_options: "{{ grafana_docker_log_opts }}"
+    memory: "{{ grafana_docker_memory_limit }}"
+    memory_swap: "{{ grafana_docker_memory_swap_limit }}"
+    cpus: "{{ grafana_docker_cpus_limit }}"

ansible/roles/grafana/tasks/config.yml

@@ -78,4 +78,7 @@
     network_mode: "{{ item.value.network_mode }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   with_dict: "{{ grafana_services }}"

ansible/roles/haproxy/defaults/main.yml

@@ -4,6 +4,10 @@ haproxy_docker_namespace: "{{ docker_namespace if docker_namespace else '' }}"
 haproxy_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ haproxy_docker_namespace ~ '/' if haproxy_docker_namespace else '' }}haproxy:{{ haproxy_version }}"
 haproxy_docker_log_driver: "{{ docker_log_driver }}"
 haproxy_docker_log_opts: "{{ docker_log_opts }}"
+# Docker resource limit
+haproxy_docker_memory_limit: "{{ docker_memory_limit }}"
+haproxy_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+haproxy_docker_cpus_limit: "{{ docker_cpus_limit }}"
 
 haproxy_config_dir: "{{ ansitheus_config_dir }}/haproxy/"
 set_sysctl: "yes"
@@ -42,3 +46,6 @@ haproxy_services:
     log_options: "{{ haproxy_docker_log_opts }}"
     cap_add:
       - NET_ADMIN
+    memory: "{{ haproxy_docker_memory_limit }}"
+    memory_swap: "{{ haproxy_docker_memory_swap_limit }}"
+    cpus: "{{ haproxy_docker_cpus_limit }}"

ansible/roles/haproxy/tasks/config.yml

@@ -59,6 +59,9 @@
     restart_policy: "{{ item.value.restart_policy }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   when:
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool

ansible/roles/mysqld_exporter/defaults/main.yml

@@ -5,6 +5,10 @@ mysqld_exporter_docker_namespace: "{{ docker_namespace if docker_namespace else
 mysqld_exporter_docker_log_driver: "{{ docker_log_driver }}"
 mysqld_exporter_docker_log_opts: "{{ docker_log_opts }}"
 mysqld_exporter_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ prometheus_docker_namespace }}/mysqld-exporter:v{{ mysqld_exporter_version }}"
+# Docker resource limit
+mysqld_exporter_docker_memory_limit: "{{ docker_memory_limit }}"
+mysqld_exporter_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+mysqld_exporter_docker_cpus_limit: "{{ docker_cpus_limit }}"
 
 mysqld_exporter_web_listen_address: "{{ api_interface_address }}:{{ mysqld_exporter_port }}"
 mysqld_exporter_config_dir: "{{ ansitheus_config_dir }}/mysqld_exporter"
@@ -75,3 +79,6 @@ mysqld_exporter_services:
     network_mode: "host"
     log_driver: "{{ mysqld_exporter_docker_log_driver }}"
     log_options: "{{ mysqld_exporter_docker_log_opts }}"
+    memory: "{{ mysqld_exporter_docker_memory_limit }}"
+    memory_swap: "{{ mysqld_exporter_docker_memory_swap_limit }}"
+    cpus: "{{ mysqld_exporter_docker_cpus_limit }}"

ansible/roles/mysqld_exporter/tasks/config.yml

@@ -46,6 +46,9 @@
     network_mode: "{{ item.value.network_mode }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   when:
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool

ansible/roles/node_exporter/defaults/main.yml

@@ -5,6 +5,10 @@ node_exporter_docker_namespace: "{{ docker_namespace if docker_namespace else 'p
 node_exporter_docker_log_driver: "{{ docker_log_driver }}"
 node_exporter_docker_log_opts: "{{ docker_log_opts }}"
 node_exporter_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ prometheus_docker_namespace }}/node-exporter:v{{ node_exporter_version }}"
+# Docker resource limit
+node_exporter_docker_memory_limit: "{{ docker_memory_limit }}"
+node_exporter_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+node_exporter_docker_cpus_limit: "{{ docker_cpus_limit }}"
 
 node_exporter_web_disable_exporter_metrics: false
 node_exporter_web_listen_address: "{{ api_interface_address }}:{{ node_exporter_port }}"
@@ -79,3 +83,6 @@ node_exporter_services:
     network_mode: "host"
     log_driver: "{{ node_exporter_docker_log_driver }}"
     log_options: "{{ node_exporter_docker_log_opts }}"
+    memory: "{{ node_exporter_docker_memory_limit }}"
+    memory_swap: "{{ node_exporter_docker_memory_swap_limit }}"
+    cpus: "{{ node_exporter_docker_cpus_limit }}"

ansible/roles/node_exporter/tasks/config.yml

@@ -60,6 +60,9 @@
     network_mode: "{{ item.value.network_mode }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   when:
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool

ansible/roles/prometheus/defaults/main.yml

@@ -7,6 +7,11 @@ prometheus_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ prom
 prometheus_volume: "prometheus_data"
 prometheus_docker_log_driver: "{{ docker_log_driver }}"
 prometheus_docker_log_opts: "{{ docker_log_opts }}"
+# Docker resource limit
+prometheus_docker_memory_limit: "{{ docker_memory_limit }}"
+prometheus_docker_memory_swap_limit: "{{ docker_memory_swap_limit }}"
+prometheus_docker_cpus_limit: "{{ docker_cpus_limit }}"
+
 prometheus_web_listen_address: "{{ api_interface_address }}:{{ prometheus_port }}"
 prometheus_web_external_url: "http://{{ prometheus_vip_address }}:{{ prometheus_port }}"
 promtool_docker_namespace: "{{ docker_namespace if docker_namespace else 'kiennt26' }}"
@@ -55,7 +60,6 @@ prometheus_remote_read: []
 prometheus_external_labels:
   environment: "{{ ansible_fqdn | default(ansible_host) | default(inventory_hostname) }}"
 
-
 # Container constructor
 # ---------------------
 prometheus_services:
@@ -109,3 +113,6 @@ prometheus_services:
       {% endfor %}
     log_driver: "{{ prometheus_docker_log_driver }}"
     log_options: "{{ prometheus_docker_log_opts }}"
+    memory: "{{ prometheus_docker_memory_limit }}"
+    memory_swap: "{{ prometheus_docker_memory_swap_limit }}"
+    cpus: "{{ prometheus_docker_cpus_limit }}"

ansible/roles/prometheus/tasks/config.yml

@@ -102,8 +102,10 @@
     network_mode: "{{ item.value.network_mode }}"
     log_driver: "{{ item.value.log_driver }}"
     log_options: "{{ item.value.log_options }}"
+    memory: "{{ item.value.memory }}"
+    memory_swap: "{{ item.value.memory_swap }}"
+    cpus: "{{ item.value.cpus }}"
   with_dict: "{{ prometheus_services }}"
   register: prometheus_container
   notify:
     - Restart keepalived service
-