I recently ran into an issue where I needed to run a docker container with realtime priority but couldn’t use isolcpus or PREEMPT-RT patch. You can use cgroups to isolate a docker container to specific cores and prevent other processes from using that particular code. This is different from cpu pinning where other processes can still use the core that the process is pinned to.

#!/usr/bin/env bash

# install cset
pip install git+https://github.com/lpechacek/cpuset.git future

# delete existing cgroup
cset set -d docker

# create a new cgroup with two cores
cset shield --userset=ur_executor --cpu 0,1  -k on

# tell docker to use system cgroup
/bin/cat <<EOF > /etc/docker/daemon.json
    "cgroup-parent": "system"

service docker restart


while running the docker container, add --cgroup-parent=ur_executor to isolate container to ur_executor cgroup

I didn’t end up using this method because it had a very high jitter. There could be some other settings that could reduce jitter but haven’t done a deep dive. docker-realtime