Beta

Docker Certified Associate Exam Course

Docker Engine Security

Resource Limits Memory

In this guide, you’ll learn how to apply memory constraints to Docker containers and understand how Linux handles memory under the hood. Properly limiting container memory prevents individual workloads from exhausting host resources, improving stability and predictability.

Table of Contents

  1. Linux Memory Allocation
  2. Docker’s Default Memory Behavior
  3. Setting a Hard RAM Limit with --memory
  4. Controlling Swap with --memory-swap
  5. Memory Flags Comparison
  6. Best Practices
  7. References

Linux Memory Allocation

A typical Linux host provides:

  • Physical RAM (e.g., 2 GB, 4 GB, 8 GB)
  • Swap space: disk-backed extension of RAM

By default, processes may consume all available RAM. Once RAM is exhausted, the kernel resorts to swap. If both RAM and swap fill up, an Out-Of-Memory (OOM) event is triggered, and the kernel terminates processes to free memory.

Docker’s Default Memory Behavior

Without explicit flags, Docker containers can use all host memory (RAM + swap). This can lead to a single container consuming all resources and destabilizing the host.

Note

Always set memory limits in production to avoid unexpected OOM kills on the host.

Setting a Hard RAM Limit with --memory

Use --memory (or -m) to cap a container’s physical RAM usage. Specify a value with a suffix:

  • B (bytes)
  • K (kilobytes)
  • M (megabytes)
  • G (gigabytes)

Example: Limit RAM to 512 MB

docker run --memory=512m my-webapp

If the container exceeds this limit, Docker immediately kills the process with an OOM error. Unlike CPU, memory is not throttled—it’s enforced as a hard cap.

Warning

Exceeding the --memory limit results in an immediate container termination. Monitor your application’s memory usage with tools like docker stats.

Controlling Swap with --memory-swap

By default, setting only --memory allows unlimited swap usage (up to the host’s swap). To enforce a combined RAM+swap limit, use --memory-swap. The value you provide is the total memory budget:

  • Total limit = --memory + (--memory-swap--memory)

Common Swap Configurations

  1. Disable swap entirely
    Set both flags to the same value:

    docker run \
  --memory=512m \
  --memory-swap=512m \
  my-webapp

    Here, swap available = 512 MB − 512 MB = 0 MB.

  2. Allocate specific swap
    Allow 256 MB swap on top of 512 MB RAM:

    docker run \
  --memory=512m \
  --memory-swap=768m \
  my-webapp

    Here, swap available = 768 MB − 512 MB = 256 MB.

Memory Flags Comparison

FlagPurposeExample
--memoryHard cap on container’s physical RAM--memory=512m
--memory-swapTotal RAM + swap limit (must be ≥ --memory)--memory=512m --memory-swap=768m
--memory-swappinessKernel swap tendency (0–100)--memory-swappiness=10

Best Practices

  • Always set both --memory and --memory-swap in production.
  • Use monitoring (e.g., cAdvisor, Prometheus) to track container memory.
  • Tune --memory-swappiness to control how aggressively a container uses swap.
  • Test under load to identify realistic memory requirements.

References

Watch Video

Watch video content

Previous
Resource Limits CPU
Next
Demo Resource Limits