Pod资源配额
-
为什么要资源配额?
- 当多个应用共享固定节点数目的集群时,人们会担心某些应用过度使用资源,从而影响到其他的服务,我们需要设定一些规则,用来保证应用能获得其运行所需的合理资源
-
CPU资源类型
- CPU资源的约束和请求以毫核(m)为单位。在k8s中1m是最小的调度单位,CPU的一个核心可以看作1000m
- 假如你有2颗CPU,且每个CPU为4核心,那么你的CPU资源总量就是8000m
-
内存资源类型
-
memory的约束个请求以字节为单位
-
可以使用以下单位表示内存:E、P、T、G、M、k
-
也可以使用对应的2的幂数:Ei、Pi、Ti、Gi、Mi、Ki
1k == 1000
1Ki == 1024
-
最小资源配额
内存需求配额
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: minpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
nodeSelector:
kubernetes.io/hostname: node-0003
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources: # 设置配额
requests: # 最小配额
memory: "1200Mi" # 内存配额
[root@master ~]# sed 's,minpod,app1,' minpod.yaml |kubectl apply -f -
pod/app1 created
[root@master ~]# sed 's,minpod,app2,' minpod.yaml |kubectl apply -f -
pod/app2 created
[root@master ~]# sed 's,minpod,app3,' minpod.yaml |kubectl apply -f -
pod/app3 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 16s
app2 1/1 Running 0 7s
app3 1/1 Running 0 1s
[root@master ~]# sed 's,minpod,app4,' minpod.yaml |kubectl apply -f -
pod/app4 created
# 超出服务器资源限制了,云主机2CPU,4G内存
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 24s
app2 1/1 Running 0 15s
app3 1/1 Running 0 9s
app4 0/1 Pending 0 2s
[root@master ~]# kubectl delete pod app{1..4}
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
pod "app4" deleted
计算资源需求配额
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: minpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
nodeSelector:
kubernetes.io/hostname: node-0003
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: "800m" # 计算资源需求
memory: "1200Mi"
[root@master ~]# sed 's,minpod,app1,' minpod.yaml |kubectl apply -f -
pod/app1 created
[root@master ~]# sed 's,minpod,app2,' minpod.yaml |kubectl apply -f -
pod/app2 created
[root@master ~]# sed 's,minpod,app3,' minpod.yaml |kubectl apply -f -
pod/app3 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 9s
app2 1/1 Running 0 6s
app3 0/1 Pending 0 3s
[root@master ~]# kubectl delete pod app{1..3}
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
最大资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
# 不设置配额内存与计算资源都没有限制
[root@master ~]# kubectl apply -f maxpod.yaml
[root@master ~]# kubectl cp memtest.py maxpod:/usr/bin/
[root@master ~]# kubectl exec -it maxpod -- /bin/bash
[root@maxpod /]# memtest.py 2500
use memory success
press any key to exit :
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 99.9 0.0 9924 128 ? Rs 07:45 3:52 awk BEGIN{while(1){}}
添加资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "800m"
memory: "2000Mi"
[root@master ~]# kubectl delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl cp memtest.py maxpod:/usr/bin/
[root@master ~]# kubectl exec -it maxpod -- /bin/bash
[root@maxpod /]# memtest.py 2500
Killed
[root@maxpod /]# memtest.py 1500
use memory success
press any key to exit :
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 79.8 0.0 9924 484 ? Rs 07:52 1:10 awk BEGIN{while(1){}}
[root@master ~]# kubectl delete -f maxpod.yaml
pod "maxpod" deleted
全局资源配额
-
为每个Pod设置资源配额策略不方便且不好管理。管理员可以以名称空间为单位(namespace),限制其资源的使用与创建,在该名称空间创建的容器都会受到规则的限制
-
k8s支持的全局资源配额方式有:
- 对内存、CPU、存储资源进行配额:LimitRange
- 对Pod的进行配额:ResourceQuota
# 样例
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit # 规则名称
namespace: myns # 规则生效的名称空间
spec:
limits: # 全局限制规则
- type: Container # 资源类型
default: # 如果没有配置资源配额,以下配置生效
cpu: 300m # CPU限额
memory: 500Mi # 内存限额
defaultRequest:
cpu: 8m # 最小保留资源,CPU
memory: 8Mi # 最小保留资源,内存
默认配额策略
# 创建名称空间
[root@master ~]# kubectl create namespace myns
namespace/myns created
# 设置默认配额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: myns
spec:
limits:
- type: Container
default:
cpu: 300m
memory: 500Mi
defaultRequest:
cpu: 8m
memory: 8Mi
[root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit created
验证默认资源配额
# 删除配额策略,创建容器
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n myns cp memtest.py maxpod:/usr/bin/
[root@master ~]# kubectl -n myns exec -it maxpod -- /bin/bash
[root@maxpod /]# memtest.py 500
Killed
[root@maxpod /]# memtest.py 300
use memory success
press any key to exit :
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 28.9 0.0 9924 720 ? Rs 08:09 0:09 awk BEGIN{while(1){}}
[root@master ~]# kubectl -n myns describe pod maxpod
... ...
Limits:
cpu: 300m
memory: 500Mi
Requests:
cpu: 10m
memory: 8Mi
... ...
用户自定义资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "1000m"
memory: "2000Mi"
[root@master ~]# kubectl -n myns delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n myns exec -it maxpod -- /bin/bash
[root@maxpod /]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 99.9 0.0 9924 720 ? Rs 08:09 0:09 awk BEGIN{while(1){}}
[root@master ~]# kubectl -n myns describe pod maxpod
... ...
Limits:
cpu: 1000m
memory: 2000Mi
Requests:
cpu: 10m
memory: 8Mi
... ...
资源配额范围
# 样例
... ...
spec: # LimitRange.spec配置
limits: # 全局限制规则
- type: Container # 资源类型
... ... # 在默认资源配额下添加
max: # 最大限制
cpu: "800m" # CPU限额
memory: "1000Mi" # 内存限额
min: # 最小限额
cpu: "2m" # CPU限额
memory: "8Mi" # 内存限额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: myns
spec:
limits:
- type: Container
default:
cpu: 300m
memory: 500Mi
defaultRequest:
cpu: 8m
memory: 8Mi
max:
cpu: "800m"
memory: "1000Mi"
min:
cpu: "2m"
memory: "8Mi"
[root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit configured
[root@master ~]# kubectl -n myns delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
Error from server (Forbidden): error when creating "maxpod.yaml": pods "maxpod" is forbidden: [maximum cpu usage per Container is 800m, but limit is 1, maximum memory usage per Container is 1000Mi, but limit is 2000Mi]
多容器资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: c1
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "800m"
memory: "1000Mi"
- name: c2
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "800m"
memory: "1000Mi"
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n myns get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
maxpod 2/2 Running 0 107s 10.244.2.65 node-0002
#----------------------------------------------------------------------
# 在节点上查看资源占用情况
[root@node-0002 ~]# ps aux |grep awk
root 20369 80.1 0.0 9924 720 ? Rs 16:23 2:38 awk BEGIN{while(1){}}
root 20405 79.9 0.0 9924 720 ? Rs 16:23 2:38 awk BEGIN{while(1){}}
... ...
基于 Pod 的资源配额
... ...
spec: # LimitRange.spec配置
limits: # 全局限制规则
- type: Pod # 资源类型
max: # 最大限额
cpu: "1200m" # CPU限额
memory: "1200Mi" # 内存限额
min: # 最小限额
cpu: "2m" # CPU限额
memory: "8Mi" # 内存限额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: myns
spec:
limits:
- type: Container
default:
cpu: 300m
memory: 500Mi
defaultRequest:
cpu: 8m
memory: 8Mi
max:
cpu: "800m"
memory: "1000Mi"
min:
cpu: "2m"
memory: "8Mi"
- type: Pod
max:
cpu: "1200m"
memory: "1200Mi"
min:
cpu: "2m"
memory: "8Mi"
[root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit configured
[root@master ~]# kubectl -n myns delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n myns apply -f maxpod.yaml
Error from server (Forbidden): error when creating "maxpod.yaml": pods "maxpod" is forbidden: [maximum cpu usage per Pod is 1200m, but limit is 1600m, maximum memory usage per Pod is 1200Mi, but limit is 2097152k]
全局 quota 配额
多个 Pod 消耗资源
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: c1
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: "8m"
memory: "8Mi"
limits:
cpu: "600m"
memory: "1000Mi"
# 创建太多Pod,资源也会耗尽
[root@master ~]# for i in app{1..9};do sed "s,maxpod,${i}," maxpod.yaml ;done |kubectl -n myns apply -f -
pod/app1 created
pod/app2 created
pod/app3 created
pod/app4 created
pod/app5 created
pod/app6 created
pod/app7 created
pod/app8 created
pod/app9 created
#----------------------------------------------------------------------
# 在计算节点上查看资源占用情况
[root@node-0001 ~]# ps aux |grep awk
root 26768 60.7 0.0 9924 716 ? Rs 16:35 0:29 awk BEGIN{while(1){}}
root 26842 60.2 0.0 9924 716 ? Rs 16:35 0:29 awk BEGIN{while(1){}}
root 26870 60.1 0.0 9924 716 ? Rs 16:35 0:29 awk BEGIN{while(1){}}
基于总数量配额
[root@master ~]# vim mynsquota.yaml
---
apiVersion: v1
kind: ResourceQuota # 全局资源限额对象
metadata:
name: myquota # 规则名称
namespace: myns # 规则作用的名称空间
spec: # ResoureQuota.spec定义
hard: # 创建强制规则
requests.cpu: "1000m" # 最小CPU配额总数
requests.memory: "2000Mi" # 最小内存配额总数
limits.cpu: "5000m" # 最大CPU配额总数
limits.memory: "8Gi" # 最大内存配额总数
pods: "3" # 限制创建资源对象总量
[root@master ~]# kubectl -n myns apply -f mynsquota.yaml
resourcequota/myquota created
验证 quota 配额
[root@master ~]# kubectl -n myns delete pod app{1..9}
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
pod "app4" deleted
pod "app5" deleted
pod "app6" deleted
pod "app7" deleted
pod "app8" deleted
pod "app9" deleted
[root@master ~]# sed 's,maxpod,app1,' maxpod.yaml |kubectl -n myns apply -f -
pod/app1 created
[root@master ~]# sed 's,maxpod,app2,' maxpod.yaml |kubectl -n myns apply -f -
pod/app2 created
[root@master ~]# sed 's,maxpod,app3,' maxpod.yaml |kubectl -n myns apply -f -
pod/app3 created
[root@master ~]# sed 's,maxpod,app4,' maxpod.yaml |kubectl -n myns apply -f -
Error from server (Forbidden): error when creating "STDIN": pods "app4" is forbidden: exceeded quota: myquota, requested: pods=1, used: pods=3, limited: pods=3
扫一扫
1417
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
