So Docker also adds additional layers of security to prevent programs escaping from the container to the host. One plausible theory suggested by Aras Abbasi is that it’s Docker’s security features.ĭocker originated in the world of platform-as-a-service, where applications from different users are running exposed to the world. So where’s the performance hit coming from? Now, containers don’t inherently have performance overhead: the whole point is that other than having different namespaces for things like networking or user IDs, a process in a container is just another process like any other. Inconsistent slowdowns mean Docker is distorting our results. If the slowdown was always consistent, running everything in Docker would at least let us reliably measure relative performance, for example between two versions of some code. In this case Python performance is about 16% slower when using Docker.Įven worse, we can see the performance hit is inconsistent: our tiny little Rust benchmark was unaffected by Docker, but the Python benchmark was slower. This machine benchmarks at 167968 pystones/second $ docker run -v $PWD:/code fedora:33 python3.9 /code/pystone.py This machine benchmarks at 200984 pystones/second I’m going to compare running some code on my machine to code inside a container, and so for maximum realism I’m going to use the fedora:33 image.įirst, let’s test a tiny Rust program that just does some floating point calculations: The computer I’m testing on is running Fedora 33, and has Docker 20.10.6 I’ve disabled some operating system and CPU features that can make benchmarks less consistent (ASLR and turboboost). On macOS and Windows, for example, standard Linux-based Docker containers aren’t actually running directly on the OS, since the OS isn’t Linux.Īnd the image filesystem from the container itself is typically mounted with some sort of overlay filesystem, which can slow things down, so for anything I/O bound you want to use a bind-mounted volume.īut even on Linux, with seemingly CPU-only workloads, Docker can distort runtime performance. Sometimes, running under Docker can actually slow down your code and distort your performance measurements. One of the benefits of containers over virtual machines is that you get some measure of isolation without the performance overhead or distortion of virtualization.ĭocker images therefore seem like a good way to get a reproducible environment for measuring CPU performance of your code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |