Kubernetes——资源配额
文章目录
- Pod资源配额
- 最小资源配额
- 最大资源配额
- 全局资源配额
- 默认配额策略
- 资源配额范围
- 基于 Pod 的资源配额
- 全局 quota 配额
- 基于总数量配额
Pod资源配额
-
为什么要资源配额?
- 当多个应用共享固定节点数目的集群时,人们会担心某些应用过度使用资源,从而影响到其他的服务,我们需要设定一些规则,用来保证应用能获得其运行所需的合理资源
-
CPU资源类型
- CPU资源的约束和请求以毫核(m)为单位。在k8s中1m是最小的调度单位,CPU的一个核心可以看作1000m
- 假如你有2颗CPU,且每个CPU为4核心,那么你的CPU资源总量就是8000m
-
内存资源类型
-
memory的约束个请求以字节为单位
-
可以使用以下单位表示内存:E、P、T、G、M、k
-
也可以使用对应的2的幂数:Ei、Pi、Ti、Gi、Mi、Ki
1k == 1000
1Ki == 1024
-
最小资源配额
内存需求配额
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: minpod
spec:terminationGracePeriodSeconds: 0restartPolicy: AlwaysnodeSelector:kubernetes.io/hostname: node-0003containers:- name: linuximage: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources: # 设置配额requests: # 最小配额memory: "1200Mi" # 内存配额[root@master ~]# sed 's,minpod,app1,' minpod.yaml |kubectl apply -f -
pod/app1 created
[root@master ~]# sed 's,minpod,app2,' minpod.yaml |kubectl apply -f -
pod/app2 created
[root@master ~]# sed 's,minpod,app3,' minpod.yaml |kubectl apply -f -
pod/app3 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 16s
app2 1/1 Running 0 7s
app3 1/1 Running 0 1s
[root@master ~]# sed 's,minpod,app4,' minpod.yaml |kubectl apply -f -
pod/app4 created
# 超出服务器资源限制了,云主机2CPU,4G内存
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 24s
app2 1/1 Running 0 15s
app3 1/1 Running 0 9s
app4 0/1 Pending 0 2s
[root@master ~]# kubectl delete pod app{1..4}
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
pod "app4" deleted
计算资源需求配额
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: minpod
spec:terminationGracePeriodSeconds: 0restartPolicy: AlwaysnodeSelector:kubernetes.io/hostname: node-0003containers:- name: linuximage: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources:requests:cpu: "800m" # 计算资源需求memory: "1200Mi"[root@master ~]# sed 's,minpod,app1,' minpod.yaml |kubectl apply -f -
pod/app1 created
[root@master ~]# sed 's,minpod,app2,' minpod.yaml |kubectl apply -f -
pod/app2 created
[root@master ~]# sed 's,minpod,app3,' minpod.yaml |kubectl apply -f -
pod/app3 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 9s
app2 1/1 Running 0 6s
app3 0/1 Pending 0 3s
[root@master ~]# kubectl delete pod app{1..3}
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
最大资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: maxpod
spec:terminationGracePeriodSeconds: 0restartPolicy: Alwayscontainers:- name: linuximage: myos:v2009command: ["awk", "BEGIN{while(1){}}"]# 不设置配额内存与计算资源都没有限制
[root@master ~]# kubectl apply -f maxpod.yaml
[root@master ~]# kubectl cp memtest.py maxpod:/usr/bin/
[root@master ~]# kubectl exec -it maxpod -- /bin/bash
[root@maxpod /]# memtest.py 2500
use memory success
press any key to exit :
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 99.9 0.0 9924 128 ? Rs 07:45 3:52 awk BEGIN{while(1){}}
添加资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: maxpod
spec:terminationGracePeriodSeconds: 0restartPolicy: Alwayscontainers:- name: linuximage: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources:limits:cpu: "800m"memory: "2000Mi"[root@master ~]# kubectl delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl cp memtest.py maxpod:/usr/bin/
[root@master ~]# kubectl exec -it maxpod -- /bin/bash
[root@maxpod /]# memtest.py 2500
Killed
[root@maxpod /]# memtest.py 1500
use memory success
press any key to exit :
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 79.8 0.0 9924 484 ? Rs 07:52 1:10 awk BEGIN{while(1){}}[root@master ~]# kubectl delete -f maxpod.yaml
pod "maxpod" deleted
全局资源配额
-
为每个Pod设置资源配额策略不方便且不好管理。管理员可以以名称空间为单位(namespace),限制其资源的使用与创建,在该名称空间创建的容器都会受到规则的限制
-
k8s支持的全局资源配额方式有:
- 对内存、CPU、存储资源进行配额:LimitRange
- 对Pod的进行配额:ResourceQuota
# 样例
---
apiVersion: v1
kind: LimitRange
metadata:name: mylimit # 规则名称namespace: myns # 规则生效的名称空间
spec:limits: # 全局限制规则- type: Container # 资源类型default: # 如果没有配置资源配额,以下配置生效cpu: 300m # CPU限额memory: 500Mi # 内存限额defaultRequest:cpu: 8m # 最小保留资源,CPUmemory: 8Mi # 最小保留资源,内存
默认配额策略
# 创建名称空间
[root@master ~]# kubectl create namespace myns
namespace/myns created
# 设置默认配额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:name: mylimit namespace: myns
spec:limits: - type: Container default: cpu: 300m memory: 500Mi defaultRequest:cpu: 8m memory: 8Mi [root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit created
验证默认资源配额
# 删除配额策略,创建容器
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: maxpod
spec:terminationGracePeriodSeconds: 0restartPolicy: Alwayscontainers:- name: linuximage: myos:v2009command: ["awk", "BEGIN{while(1){}}"][root@master ~]# kubectl -n myns apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n myns cp memtest.py maxpod:/usr/bin/
[root@master ~]# kubectl -n myns exec -it maxpod -- /bin/bash
[root@maxpod /]# memtest.py 500
Killed
[root@maxpod /]# memtest.py 300
use memory success
press any key to exit :
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 28.9 0.0 9924 720 ? Rs 08:09 0:09 awk BEGIN{while(1){}}[root@master ~]# kubectl -n myns describe pod maxpod
... ...Limits:cpu: 300mmemory: 500MiRequests:cpu: 10mmemory: 8Mi
... ...
用户自定义资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: maxpod
spec:terminationGracePeriodSeconds: 0restartPolicy: Alwayscontainers:- name: linuximage: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources:limits:cpu: "1000m"memory: "2000Mi"[root@master ~]# kubectl -n myns delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
pod/maxpod created[root@master ~]# kubectl -n myns exec -it maxpod -- /bin/bash
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 99.9 0.0 9924 720 ? Rs 08:09 0:09 awk BEGIN{while(1){}}[root@master ~]# kubectl -n myns describe pod maxpod
... ...Limits:cpu: 1000mmemory: 2000MiRequests:cpu: 10mmemory: 8Mi
... ...
资源配额范围
# 样例
... ...
spec: # LimitRange.spec配置limits: # 全局限制规则- type: Container # 资源类型... ... # 在默认资源配额下添加max: # 最大限制cpu: "800m" # CPU限额memory: "1000Mi" # 内存限额min: # 最小限额cpu: "2m" # CPU限额memory: "8Mi" # 内存限额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:name: mylimitnamespace: myns
spec:limits: - type: Container default: cpu: 300m memory: 500Mi defaultRequest:cpu: 8m memory: 8Mi max:cpu: "800m"memory: "1000Mi"min:cpu: "2m"memory: "8Mi"[root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit configured[root@master ~]# kubectl -n myns delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
Error from server (Forbidden): error when creating "maxpod.yaml": pods "maxpod" is forbidden: [maximum cpu usage per Container is 800m, but limit is 1, maximum memory usage per Container is 1000Mi, but limit is 2000Mi]
多容器资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: maxpod
spec:terminationGracePeriodSeconds: 0restartPolicy: Alwayscontainers:- name: c1image: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources:limits:cpu: "800m"memory: "1000Mi"- name: c2image: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources:limits:cpu: "800m"memory: "1000Mi"[root@master ~]# kubectl -n myns apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n myns get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
maxpod 2/2 Running 0 107s 10.244.2.65 node-0002
#----------------------------------------------------------------------
# 在节点上查看资源占用情况
[root@node-0002 ~]# ps aux |grep awk
root 20369 80.1 0.0 9924 720 ? Rs 16:23 2:38 awk BEGIN{while(1){}}
root 20405 79.9 0.0 9924 720 ? Rs 16:23 2:38 awk BEGIN{while(1){}}
... ...
基于 Pod 的资源配额
... ...
spec: # LimitRange.spec配置limits: # 全局限制规则- type: Pod # 资源类型max: # 最大限额cpu: "1200m" # CPU限额memory: "1200Mi" # 内存限额min: # 最小限额cpu: "2m" # CPU限额memory: "8Mi" # 内存限额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:name: mylimitnamespace: myns
spec:limits: - type: Container default: cpu: 300m memory: 500Mi defaultRequest:cpu: 8m memory: 8Mi max:cpu: "800m"memory: "1000Mi"min:cpu: "2m"memory: "8Mi"- type: Podmax:cpu: "1200m"memory: "1200Mi"min:cpu: "2m"memory: "8Mi"[root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit configured[root@master ~]# kubectl -n myns delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
Error from server (Forbidden): error when creating "maxpod.yaml": pods "maxpod" is forbidden: [maximum cpu usage per Pod is 1200m, but limit is 1600m, maximum memory usage per Pod is 1200Mi, but limit is 2097152k]
全局 quota 配额
多个 Pod 消耗资源
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:name: maxpod
spec:terminationGracePeriodSeconds: 0restartPolicy: Alwayscontainers:- name: c1image: myos:v2009command: ["awk", "BEGIN{while(1){}}"]resources:requests:cpu: "8m"memory: "8Mi"limits:cpu: "600m"memory: "1000Mi"# 创建太多Pod,资源也会耗尽
[root@master ~]# for i in app{1..9};do sed "s,maxpod,${i}," maxpod.yaml ;done |kubectl -n myns apply -f -
pod/app1 created
pod/app2 created
pod/app3 created
pod/app4 created
pod/app5 created
pod/app6 created
pod/app7 created
pod/app8 created
pod/app9 created#----------------------------------------------------------------------
# 在计算节点上查看资源占用情况
[root@node-0001 ~]# ps aux |grep awk
root 26768 60.7 0.0 9924 716 ? Rs 16:35 0:29 awk BEGIN{while(1){}}
root 26842 60.2 0.0 9924 716 ? Rs 16:35 0:29 awk BEGIN{while(1){}}
root 26870 60.1 0.0 9924 716 ? Rs 16:35 0:29 awk BEGIN{while(1){}}
基于总数量配额
[root@master ~]# vim mynsquota.yaml
---
apiVersion: v1
kind: ResourceQuota # 全局资源限额对象
metadata:name: myquota # 规则名称namespace: myns # 规则作用的名称空间
spec: # ResoureQuota.spec定义hard: # 创建强制规则requests.cpu: "1000m" # 最小CPU配额总数requests.memory: "2000Mi" # 最小内存配额总数limits.cpu: "5000m" # 最大CPU配额总数limits.memory: "8Gi" # 最大内存配额总数pods: "3" # 限制创建资源对象总量[root@master ~]# kubectl -n myns apply -f mynsquota.yaml
resourcequota/myquota created
验证 quota 配额
[root@master ~]# kubectl -n myns delete pod app{1..9}
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
pod "app4" deleted
pod "app5" deleted
pod "app6" deleted
pod "app7" deleted
pod "app8" deleted
pod "app9" deleted[root@master ~]# sed 's,maxpod,app1,' maxpod.yaml |kubectl -n myns apply -f -
pod/app1 created
[root@master ~]# sed 's,maxpod,app2,' maxpod.yaml |kubectl -n myns apply -f -
pod/app2 created
[root@master ~]# sed 's,maxpod,app3,' maxpod.yaml |kubectl -n myns apply -f -
pod/app3 created
[root@master ~]# sed 's,maxpod,app4,' maxpod.yaml |kubectl -n myns apply -f -
Error from server (Forbidden): error when creating "STDIN": pods "app4" is forbidden: exceeded quota: myquota, requested: pods=1, used: pods=3, limited: pods=3
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!