Using LXCFS to Provide Accurate /proc Data Inside Containers

When commands like top read system information, they access files under /proc . In container environments the /proc filesystem reflects the host's resources, causing misleading data for developers and runtime issues for applications such as JVM‑based programs.

LXCFS is an open‑source FUSE filesystem that intercepts reads of memory and CPU information inside containers and redirects them to virtual data derived from the container's cgroup settings, making /proc appear as if it belongs to the container itself.

Installation can be done by installing FUSE development packages, downloading the LXCFS source, and compiling it:

yum -y fuse-devel

wget https://linuxcontainers.org/downloads/lxcfs/lxcfs-$LXCFS.tar.gz && \

mkdir /lxcfs && tar xzvf lxcfs-$LXCFS.tar.gz -C /lxcfs --strip-components=1 && \

cd /lxcfs && ./configure && make install

lxcfs -h

After installation, mount LXCFS to a directory and bind‑mount its /proc files into a container:

lxcfs /var/lib/lxcfs

docker run -it -m 256m \

-v /var/lib/lxcfs/proc/cpuinfo:/proc/cpuinfo:ro \

-v /var/lib/lxcfs/proc/meminfo:/proc/meminfo:ro \

ubuntu:latest /bin/bash

Inside the container, commands like free -h now report the memory limit (256 M) and CPU limits set via --cpus or --cpuset-cpus are reflected correctly in top .

Kubernetes integration is achieved with the lxcfs-on-kubernetes Helm chart. After installing Helm and cert‑manager, add the chart repository and install LXCFS:

helm repo add lxcfs-on-kubernetes https://cndoit18.github.io/lxcfs-on-kubernetes/

helm upgrade --install lxcfs lxcfs-on-kubernetes/lxcfs-on-kubernetes -n lxcfs --create-namespace

Label the default namespace to automatically mount LXCFS into new Pods:

kubectl label namespace default mount-lxcfs=enabled

Pods created in the default namespace will now see accurate resource metrics, solving the host‑resource visibility problem in containerized workloads.