/ˈsiː.ɡruːps/
noun — “the bouncers of your Linux system, keeping each process in line.”
cgroups, short for control groups, is a Linux kernel feature that limits, accounts for, and isolates the resource usage of process groups. It allows administrators to allocate CPU, memory, disk I/O, and network bandwidth to specific groups of processes, ensuring that no single application can monopolize system resources. This is particularly vital in multi-tenant environments, containers, and high-performance computing where predictable behavior is crucial.
cgroups integrate with Process Management and Resource Limit mechanisms. By grouping related processes together, administrators can enforce policies at a group level rather than managing each process individually. For instance, a web server cluster running multiple worker processes can have a shared CPU quota to prevent them from starving other critical services.
cgroups are foundational for containerization (Containerization) technologies like Docker and Kubernetes. They allow containers to have isolated resource constraints, guaranteeing that each container gets only the CPU, memory, and I/O it’s allowed, without interfering with other containers on the same host. This improves reliability, scalability, and fairness across workloads.
cgroups work alongside other kernel features like namespaces to provide isolation, monitoring, and control. They enable administrators to track resource consumption, enforce limits, and even dynamically adjust allocations in response to system load. Tools like systemd, Kubernetes, and Docker utilize cgroups extensively to manage services and workloads efficiently.
Conceptually, cgroups are like dividing a buffet into clearly labeled sections with portion limits: every group gets its fair share without hogging the best dishes.
cgroups are like giving each process a VIP lane — no cutting in line, no stealing snacks from your neighbor’s plate.
See Process Management, Resource Limit, Containerization, Monitoring, CPU Scheduling.