k8s pod网络限速

在生产环境中有时候需要对pod进行网络限速，具体的步骤如下：
本次测试网络插件为calico

一、确认k8s版本

[root@node1 ~]# kubectl get node
NAME    STATUS   ROLES    AGE   VERSION
node1   Ready    master   42h   v1.18.6
node2   Ready    master   42h   v1.18.6
node3   Ready    master   42h   v1.18.6

二、修改calico参数，添加限速设置

可参考此处

编译配置文件vim /etc/cni/net.d/10-calico.conflist 
{
  "name": "k8s-pod-network",
  "cniVersion": "0.3.1",
  "plugins": [
    {
      "type": "calico",
      "log_level": "info",
      "datastore_type": "kubernetes",
      "nodename": "node1",
      "mtu": 1440,
      "ipam": {

          "type": "calico-ipam"

      },
      "policy": {
          "type": "k8s"
      },
      "kubernetes": {
          "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
      }
    },
    {
      "type": "portmap",
      "snat": true,
      "capabilities": {"portMappings": true}
    },
    {
      "type": "bandwidth",        #####添加带宽限速参数
      "capabilities": {"bandwidth": true}
    }
  ]
}

三、启动pod测试限速效果

---
apiVersion: v1
kind: Pod
metadata:
  name: qos-dd
  annotations:
    kubernetes.io/ingress-bandwidth: 1M     ###限制进带宽为1M
    kubernetes.io/egress-bandwidth: 1M     ###限制出带宽为1M
spec:
  containers:
    - name: nginx-resource
      image: centos-test:latest     ###自己编译的镜像可使用iperf3命令
      imagePullPolicy: IfNotPresent   ###镜像的拉取策略
      command: ["init"]
      securityContext:
        privileged: true
        capabilities:
          add: ["SYS_ADMIN"]
        runAsUser: 0

启动pod

kubectl apply -f pod-qos.yaml
[root@node1 ~]# kubectl get pod -o wide | grep qos-dd
qos-dd                          1/1     Running   0          28h   172.25.135.51   node3    <none>           <none>

四、进入pod，启动iperf3，在另一端node进行打流测试

如下可知，带宽被限制在1M
[root@node1 ~]# kubectl exec -it qos-dd bash 
[root@qos-dd /]# iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 172.25.166.128, port 52622
[  5] local 172.25.135.51 port 5201 connected to 172.25.166.128 port 52624
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-1.00   sec  25.5 MBytes   213 Mbits/sec                  
[  5]   1.00-2.00   sec   172 KBytes  1.41 Mbits/sec                  
[  5]   2.00-3.00   sec   117 KBytes   955 Kbits/sec                  
[  5]   3.00-4.00   sec   117 KBytes   955 Kbits/sec                  
[  5]   4.00-5.00   sec   115 KBytes   944 Kbits/sec                  
[  5]   5.00-6.00   sec   117 KBytes   955 Kbits/sec                  
[  5]   6.00-7.00   sec   118 KBytes   966 Kbits/sec                  
[  5]   7.00-8.00   sec   117 KBytes   955 Kbits/sec                  
[  5]   8.00-9.00   sec   117 KBytes   955 Kbits/sec                  
[  5]   9.00-10.00  sec   117 KBytes   955 Kbits/sec                  
[  5]  10.00-11.00  sec   115 KBytes   944 Kbits/sec                  
[  5]  11.00-12.00  sec   117 KBytes   955 Kbits/sec                  
[  5]  12.00-13.00  sec   117 KBytes   955 Kbits/sec                  
[  5]  13.00-13.08  sec  10.8 KBytes  1.07 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  5]   0.00-13.08  sec  0.00 Bytes  0.00 bits/sec                  sender
[  5]   0.00-13.08  sec  26.9 MBytes  17.2 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------