How to Install and Configure cAdvisor for Container Monitoring on RHEL 7

cAdvisor (Container Advisor) is an open-source agent developed by Google that collects, aggregates, processes, and exports resource usage and performance metrics for running containers. It provides a real-time web UI and a Prometheus-compatible metrics endpoint, making it the standard solution for container observability in environments where the full Kubernetes stack is not in use. This guide covers running cAdvisor on Red Hat Enterprise Linux 7 via Docker, accessing its built-in web UI, scraping its metrics with Prometheus, understanding the key container metrics it exposes, and building a Grafana dashboard to visualise container behaviour. You will also learn how to filter metrics by container name to avoid drowning in system-container noise.

Prerequisites

  • RHEL 7 server with Docker CE installed and the Docker daemon running
  • A running Prometheus instance able to reach this server on port 8080
  • A non-root user with membership in the docker group (or sudo access)
  • At least one running application container to monitor
  • Grafana installed and connected to Prometheus (for dashboard steps)

Step 1: Verify Docker Is Running

cAdvisor runs as a Docker container itself, so Docker must be installed and operational before proceeding.

# Check Docker is installed and the service is running
sudo systemctl status docker

# If not running, start and enable it
sudo systemctl enable docker
sudo systemctl start docker

# Confirm you can run containers without sudo (user in docker group)
docker info | grep -i "server version"

If Docker is not yet installed on RHEL 7:

# Add the Docker CE repository
sudo yum install -y yum-utils
sudo yum-config-manager 
    --add-repo 
    https://download.docker.com/linux/centos/docker-ce.repo

# Install Docker CE (CentOS 7 repo is compatible with RHEL 7)
sudo yum install -y docker-ce docker-ce-cli containerd.io

# Enable and start Docker
sudo systemctl enable docker
sudo systemctl start docker

Step 2: Run cAdvisor as a Docker Container

cAdvisor requires read-only access to several host directories to inspect container and system metrics. The Docker run command mounts these paths with the appropriate access modes. On RHEL 7 with SELinux enabled, the :rslave propagation flag is required to allow cAdvisor to see bind mounts made by Docker.

docker run -d 
  --name=cadvisor 
  --restart=unless-stopped 
  --privileged 
  --volume=/:/rootfs:ro,rslave 
  --volume=/var/run:/var/run:ro 
  --volume=/sys:/sys:ro 
  --volume=/var/lib/docker/:/var/lib/docker:ro 
  --volume=/dev/disk/:/dev/disk:ro 
  --publish=8080:8080 
  --device=/dev/kmsg 
  gcr.io/cadvisor/cadvisor:v0.47.2

Key flags explained:

  • --privileged — grants cAdvisor the elevated permissions required to read kernel cgroup data.
  • --volume=/:/rootfs:ro,rslave — mounts the entire host filesystem read-only with recursive slave propagation so container filesystems are visible.
  • --volume=/var/run:/var/run:ro — provides access to the Docker socket directory for container metadata.
  • --device=/dev/kmsg — needed to read OOM (out-of-memory) kernel events on RHEL 7.
  • --restart=unless-stopped — automatically restarts cAdvisor after system reboots.
# Verify cAdvisor started successfully
docker ps --filter name=cadvisor

# Check logs for any startup errors
docker logs cadvisor

Step 3: Open the Firewall and Access the Web UI

# Open port 8080 for cAdvisor web UI and metrics
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

# Verify the port is open
sudo firewall-cmd --list-ports

Navigate to http://your-server-ip:8080 in a browser. The cAdvisor web UI provides a real-time view of the host machine’s CPU, memory, filesystem, and network usage at the top of the page, followed by a list of all running containers. Click any container name to see its individual resource usage graphs updated in real time. This UI is useful for quick spot-checks but is not suitable for historical trending — that is where Prometheus and Grafana come in.

Step 4: Verify the Prometheus Metrics Endpoint

cAdvisor exposes its full metrics in Prometheus text format at the /metrics path on port 8080. You can inspect this directly with curl to confirm data is being generated before configuring Prometheus to scrape it.

# View the raw Prometheus metrics (output is very long)
curl -s http://localhost:8080/metrics | head -100

# Check that container CPU metrics exist
curl -s http://localhost:8080/metrics | grep container_cpu_usage_seconds_total | head -5

# Check container memory metrics
curl -s http://localhost:8080/metrics | grep container_memory_usage_bytes | head -5

# Count the total number of metric families
curl -s http://localhost:8080/metrics | grep "^# HELP" | wc -l

Step 5: Configure Prometheus to Scrape cAdvisor

Add a scrape job for cAdvisor to your Prometheus configuration file. If Prometheus runs on a different server, replace 127.0.0.1 with the cAdvisor host’s IP address.

sudo vi /etc/prometheus/prometheus.yml

scrape_configs:

  # Existing jobs ...

  - job_name: 'cadvisor'
    scrape_interval: 15s
    scrape_timeout:  10s
    static_configs:
      - targets:
          - '127.0.0.1:8080'
        labels:
          host: 'rhel7-docker-host'

    # Reduce cardinality by dropping high-volume, low-value metrics
    metric_relabel_configs:
      # Drop per-CPU metrics that cAdvisor emits but are rarely useful
      - source_labels: [__name__]
        regex: 'container_cpu_usage_seconds_total|container_memory_.*|container_network_.*|container_fs_.*'
        action: keep

# Validate the Prometheus configuration
promtool check config /etc/prometheus/prometheus.yml

# Reload Prometheus without restart
sudo systemctl reload prometheus

# Confirm the cadvisor target appears as UP in Prometheus
# Open http://prometheus:9090/targets and look for the cadvisor job

Step 6: Understanding Key Container Metrics

cAdvisor exports a large number of metrics. The following are the most important for day-to-day container monitoring.

CPU

# CPU usage rate per container (cores consumed per second)
rate(container_cpu_usage_seconds_total{name!=""}[5m])

# CPU throttling — proportion of time a container was throttled
rate(container_cpu_throttled_seconds_total{name!=""}[5m]) /
rate(container_cpu_usage_seconds_total{name!=""}[5m])

Memory

# Current memory usage in bytes (includes cache)
container_memory_usage_bytes{name!=""}

# Working set memory — memory not reclaimable (RSS + recent file cache)
container_memory_working_set_bytes{name!=""}

# Memory limit set on the container (0 = no limit)
container_spec_memory_limit_bytes{name!=""}

# Memory utilisation percentage (if limit is set)
container_memory_working_set_bytes{name!=""} /
container_spec_memory_limit_bytes{name!="", container_spec_memory_limit_bytes != 0} * 100

Network

# Network receive bytes per second
rate(container_network_receive_bytes_total{name!=""}[5m])

# Network transmit bytes per second
rate(container_network_transmit_bytes_total{name!=""}[5m])

# Network receive errors per second
rate(container_network_receive_errors_total{name!=""}[5m])

Filesystem

# Filesystem usage per container
container_fs_usage_bytes{name!="", device!=""}

# Filesystem read rate
rate(container_fs_reads_bytes_total{name!=""}[5m])

# Filesystem write rate
rate(container_fs_writes_bytes_total{name!=""}[5m])

Step 7: Filter Metrics by Container Name

cAdvisor emits metrics for every cgroup on the host, including system slices and Docker infrastructure containers. Use the name label to filter for your application containers. The name label corresponds to the value passed to docker run --name.

# Only show metrics for a specific container (e.g., "webapp")
container_memory_working_set_bytes{name="webapp"}

# Exclude system cgroups (containers have a non-empty name label)
container_cpu_usage_seconds_total{name!="", name!~"k8s_.*"}

# Match multiple application containers by pattern
container_memory_usage_bytes{name=~"webapp|api-server|worker-.*"}

# Top 5 containers by memory usage
topk(5, container_memory_working_set_bytes{name!=""})

Step 8: Import the Grafana Dashboard (ID 14282)

Grafana dashboard ID 14282 (“Cadvisor exporter”) is a community dashboard specifically designed for cAdvisor metrics with Prometheus. It includes panels for container CPU usage, memory working set, network I/O, and filesystem usage, with a name variable dropdown to filter by container.

# In the Grafana UI:
# 1. Click + → Import
# 2. Enter dashboard ID: 14282
# 3. Click "Load"
# 4. Select your Prometheus data source from the dropdown
# 5. Click "Import"

After import, the dashboard will have a container variable dropdown at the top populated from the name label in your cAdvisor metrics. Select your application container from the dropdown to scope all panels to that container.

If you prefer to customise the dashboard, useful panel queries for the ID 14282 layout include:

# CPU usage for selected container — suitable for a Time Series panel
sum(rate(container_cpu_usage_seconds_total{name=~"$container"}[5m])) by (name)

# Memory working set — suitable for a Stat or Gauge panel
sum(container_memory_working_set_bytes{name=~"$container"}) by (name)

# Network receive + transmit combined
sum(rate(container_network_receive_bytes_total{name=~"$container"}[5m])) by (name) +
sum(rate(container_network_transmit_bytes_total{name=~"$container"}[5m])) by (name)

Step 9: Reduce cAdvisor Metric Cardinality (Optional Tuning)

cAdvisor can emit thousands of metric series in environments with many containers. If this causes performance issues in Prometheus, reduce the metrics collected by passing flags to the cAdvisor Docker run command.

docker run -d 
  --name=cadvisor 
  --restart=unless-stopped 
  --privileged 
  --volume=/:/rootfs:ro,rslave 
  --volume=/var/run:/var/run:ro 
  --volume=/sys:/sys:ro 
  --volume=/var/lib/docker/:/var/lib/docker:ro 
  --volume=/dev/disk/:/dev/disk:ro 
  --publish=8080:8080 
  --device=/dev/kmsg 
  gcr.io/cadvisor/cadvisor:v0.47.2 
  --disable_metrics=tcp,udp,percpu,sched,process 
  --docker_only=true 
  --store_container_labels=false

The --docker_only=true flag restricts cAdvisor to Docker containers only and skips system cgroup hierarchies. The --disable_metrics flag suppresses specific metric groups that are not needed in most environments.

Conclusion

You have deployed cAdvisor on RHEL 7 using Docker with proper SELinux-compatible volume mounts, confirmed the real-time web UI and Prometheus metrics endpoint are working, and configured Prometheus to scrape container metrics on a 15-second interval. You now understand the key container metrics — CPU usage and throttling, memory working set, network I/O, and filesystem activity — and how to filter them by container name to build focused dashboards. Grafana dashboard ID 14282 provides an immediate visual overview, and the cardinality-reduction flags ensure cAdvisor remains lightweight even on busy hosts with many containers. Combined with Prometheus alerting rules on container_memory_working_set_bytes and container_cpu_usage_seconds_total, this setup gives you complete observability over your containerised workloads on RHEL 7.