SaustrupMay 20

After having been almost exclusively on the platform level of #Kubernetes for half a decade, it's definitely a change of scenery to be helping #Java developers moving legacy stuff from VMs to containers.

Today I went down the rabbit hole to investigate Java 8 container resource awareness. As expected, the support was spotty and outdated, requiring the old #cgroups v1. With a bit of hacking, if should be possible to add the proper parameters at runtime though, preventing the memory hungry Java container from the dreaded #OutOfMemory or OOM kill.

I miss having more control over the #platform, but that's not in the cards this time around.

Who Let The Dogs Out 🐾Apr 10

Making a firewall using eBPFs and cgroups

You can see entire implementation at https://github.com/nikofil/ebpf-firewall/

https://nfil.dev/coding/security/ebpf-firewall-with-cgroups/

#Linux #firewall #ebpf #cgroups

GitHub - nikofil/ebpf-firewall

Contribute to nikofil/ebpf-firewall development by creating an account on GitHub.

GitHub
N-gated Hacker NewsFeb 27
👀 So, here's 18 minutes of pure geeky bliss where we pretend #sandboxing is as thrilling as bungee jumping. 🏗️ Let's endlessly list things like namespaces, #cgroups, and #gVisor while forgetting that 99% of readers are now asleep. 😴 Keep your kernels close, folks, because apparently, they’re the rockstars of this yawn-fest. 🎸
https://www.shayon.dev/post/2026/52/lets-discuss-sandbox-isolation/ #geekybliss #techhumor #HackerNews #ngated
Let's discuss sandbox isolation

A dive into the spectrum of sandboxing and isolation, from Linux namespaces and gVisor to hardware-enforced microVMs and WebAssembly, and why picking the right boundary matters for multi-tenant workloads.

Shayon Mukherjee
Rodrigo LiraFeb 24

Cgroups v2 no Slackware

https://rodrigolira.eti.br/cgroups-v2-no-slackware/

#linux #slackware #cgroups

Cgroups v2 no Slackware

Salve, salve, pessoal! O Cgroups versão 2 foi implementado no Slackware apenas em janeiro de 2025, mais precisamente no dia 26. Porém, por padrão, ainda é recomendado utilizar a versão 1, a menos que você tenha uma necessidades específicas, como é o meu caso, pois estou tentando subir meu cluster Kubernetes de teste no Slackware. Mas isso é assunto para outro post.

RODRIGO LIRA
devopstalesFeb 22

🔍 Why do Kubernetes pods show the FULL host's CPU/RAM even with strict limits set?

Learn how cgroups, metrics servers, and monitoring tools actually work — and how to get accurate pod resource visibility.

#Kubernetes #DevOps #CloudNative #Observability #cgroups
🔗 https://devopstales.github.io/kubernetes/k8s-limits/

How to Manage Kubernetes Resource Limits

In this post I will show you the usage of the Kubernetes limits and requests.

devopstales
Paul BuetowJan 9

Cgroups all the way down https://blog.jessfraz.com/post/cgroups-all-the-way-down/

#linux #cgroups

Cgroups all the way down

How to prevent decompression bomb attacks with control groups and containers.

Ramblings from Jessie
Show threadadingbatponder  👾Dec 28

A #nixos #flake #part that lets a #grafana #dashboard be auto-added to any flake. Shows #psi #pressure #cgroups & #systemd processes.

https://codeberg.org/adingbatponder/reticulum_nixos_flake/src/branch/main/features/monitoring

(Handles existing #grafana installs: adds another #dashboard. Import tested on a few machines. Feedback or issue reports welcome.)

@arianvp @mdione @EduNET_LK @bustikiller

Andreas MoorDec 11

Kubernetes-Cluster „einfach“ erklärt

Warum du Kubernetes-Cluster kennen solltest Stell dir vor, du bist mitten in deiner Sysadmin-Ausbildung und hast Linux-Grundlagen wie Befehle, Dateisysteme und Prozesse im Griff, aber Container und Orchestrierung klingen noch fremd. Kubernetes-Cluster sind der nächste Schritt: Sie helfen dir, viele Anwendungen automatisch auf mehreren Linux-Servern zu starten, zu überwachen und zu reparieren, ohne dass du alles manuell per SSH machen musst. Das spart Zeit und verhindert Ausfälle, […]

https://andreas-moor.de/kubernetes-cluster-einfach-erklaert/

HabrOct 8, 2025

Изоляция и лимитирование пользователей хостинга с ОС «МСВСфера Сервер» 9 редакция для хостинг-провайдеров

Хостинг - это десятки тысяч сайтов и пользователей находящихся под управлением одного сервера. Зачастую пользователь хостинга не погружается в детали настроек сервера, а знает только основное — на сервере есть PHP, Ruby, Python, MySQL и Apache, чтобы его сайт успешно функционировал . Ему не интересно, как и что настроено на сервере, главное, чтоб все работало и не создавало ему проблем.

https://habr.com/ru/companies/inferit/articles/954302/

#хостинг #лимиты #изоляция #многопользовательская_работа #cgroups #безопасность_вебприложений

Изоляция и лимитирование пользователей хостинга с ОС «МСВСфера Сервер» 9 редакция для хостинг-провайдеров

Начнем с хостинга Хостинг - это десятки тысяч сайтов и пользователей находящихся под управлением одного сервера. Зачастую пользователь хостинга не погружается в детали настроек сервера, а знает только...

Хабр
AtemuSep 22, 2025

#TIL #cgroups' memory.current metric includes any #pagecache entries that a process in the #cgroup caused to be inserted, even if other processes are accessing it too.

This means that anything related to #systemd unit's memory accounting also inherits this property.

If your #emacs systemd unit reports insane memory usage (usually ~10G for me), this is why.
It's actually not emacs' fault for once ;)

#linux #kernel #MemoryAccounting