k8s--Pod调度策略、Pod标签管理、Pod资源配额与限额、全局资源配额与限额策略
Pod 调度策略基于节点的调度标签管理查询标签使用标签过滤添加标签删除标签资源文件标签基于标签的调度容器调度(案例2)Pod 资源配额requests:保证程序能运行资源对象文件内存资源配额计算资源配额Pod 资源限额limits限额内存 CPU限额内存 CPU验证内存限额验证 CPU 限额全局资源管理LimitRange默认配额策略自定义资源资源配额范围多容器资源配额Pod 资源配额Resour
·
熟悉掌握pod部署管理
掌握Pod调度策略
掌握Pod标签管理
Pod资源配额与限额
Pod 调度策略
基于节点的调度
在创建Pod的过程中,我们可以配置相关的调度规则,从而让Pod运行在制定的节点上
[root@master ~]# vim myhttp.yaml --- kind: Pod apiVersion: v1 metadata: name: myhttp spec: nodeName: node-0001 # 基于节点名称进行调度 containers: - name: apache image: myos:httpd #测试验证,如果标签指定节点无法运行Pod,它不会迁移到其他节点,将一直等待下去 [root@master ~]# kubectl apply -f myhttp.yaml pod/myhttp created [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE myhttp 1/1 Running 0 3s 10.244.1.6 node-0001
标签管理
kubectlnets.io属于系统功能标签不可更改
查询标签
[root@master ~]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS myhttp 1/1 Running 0 2m34s <none> [root@master ~]# kubectl get namespaces --show-labels NAME STATUS AGE LABELS default Active 3h44m kubernetes.io/metadata.name=default kube-node-lease Active 3h44m kubernetes.io/metadata.name=kube-node-lease kube-public Active 3h44m kubernetes.io/metadata.name=kube-public kube-system Active 3h44m kubernetes.io/metadata.name=kube-system [root@master ~]# kubectl get nodes --show-labels NAME STATUS ROLES VERSION LABELS master Ready control-plane v1.26.0 kubernetes.io/hostname=master node-0001 Ready <none> v1.26.0 kubernetes.io/hostname=node-0001 node-0002 Ready <none> v1.26.0 kubernetes.io/hostname=node-0002 node-0003 Ready <none> v1.26.0 kubernetes.io/hostname=node-0003 node-0004 Ready <none> v1.26.0 kubernetes.io/hostname=node-0004 node-0005 Ready <none> v1.26.0 kubernetes.io/hostname=node-0005
使用标签过滤
# 使用标签过滤资源对象 [root@master ~]# kubectl get nodes -l kubernetes.io/hostname=master NAME STATUS ROLES AGE VERSION master Ready control-plane 3h38m v1.26.0
添加标签
[root@master ~]# kubectl label pod myhttp app=apache pod/myhttp labeled [root@master ~]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS myhttp 1/1 Running 0 14m app=apache
删除标签
[root@master ~]# kubectl label pod myhttp app- pod/myhttp labeled [root@master ~]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS myhttp 1/1 Running 0 14m <none>
资源文件标签
[root@master ~]# vim myhttp.yaml --- kind: Pod apiVersion: v1 metadata: name: myhttp labels: # 声明标签 app: apache # 标签键值对 spec: containers: - name: apache image: myos:httpd [root@master ~]# kubectl delete pods myhttp pod "myhttp" deleted [root@master ~]# kubectl apply -f myhttp.yaml pod/myhttp created [root@master ~]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS myhttp 1/1 Running 0 14m app=apache
基于标签的调度
[root@master ~]# kubectl get nodes node-0002 --show-labels NAME STATUS ROLES VERSION LABELS node-0002 Ready <none> v1.26.0 kubernetes.io/hostname=node-0002 ... [root@master ~]# vim myhttp.yaml --- kind: Pod apiVersion: v1 metadata: name: myhttp labels: app: apache spec: nodeSelector: # 基于节点标签进行调度 kubernetes.io/hostname: node-0002 # 标签 containers: - name: apache image: myos:httpd [root@master ~]# kubectl delete pods myhttp pod "myhttp" deleted [root@master ~]# kubectl apply -f myhttp.yaml pod/myhttp created [root@master ~]# kubectl get pods -l app=apache -o wide NAME READY STATUS RESTARTS AGE IP NODE myhttp 1/1 Running 0 9s 10.244.2.11 node-0002
容器调度(案例2)
[root@master ~]# kubectl label nodes node-0002 node-0003 disktype=ssd node/node-0002 labeled node/node-0003 labeled [root@master ~]# vim myhttp.yaml --- kind: Pod apiVersion: v1 metadata: name: myhttp labels: app: apache spec: nodeSelector: disktype: ssd containers: - name: apache image: myos:httpd [root@master ~]# sed "s,myhttp,web1," myhttp.yaml |kubectl apply -f - [root@master ~]# sed "s,myhttp,web2," myhttp.yaml |kubectl apply -f - [root@master ~]# sed "s,myhttp,web3," myhttp.yaml |kubectl apply -f - [root@master ~]# sed "s,myhttp,web4," myhttp.yaml |kubectl apply -f - [root@master ~]# sed "s,myhttp,web5," myhttp.yaml |kubectl apply -f - [root@master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE myhttp 1/1 Running 0 29m 10.244.2.30 node-0002 web1 1/1 Running 0 10s 10.244.2.31 node-0002 web2 1/1 Running 0 10s 10.244.2.32 node-0002 web3 1/1 Running 0 10s 10.244.3.45 node-0003 web4 1/1 Running 0 10s 10.244.3.46 node-0003 web5 1/1 Running 0 10s 10.244.3.47 node-0003
清理实验配置
[root@master ~]# kubectl delete pod -l app=apache pod "myhttp" deleted pod "web1" deleted pod "web2" deleted pod "web3" deleted pod "web4" deleted pod "web5" deleted [root@master ~]# kubectl label nodes node-0002 node-0003 disktype- node/node-0002 labeled node/node-0003 labeled
Pod 资源配额requests:保证程序能运行
资源对象文件
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: minpod
spec:
terminationGracePeriodSeconds: 0
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
terminationGracePeriodSeconds太长了,可以用kubectl explain Pod.spec查出来
内存资源配额
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: minpod
spec:
terminationGracePeriodSeconds: 0
nodeSelector: # 配置 Pod 调度节点
kubernetes.io/hostname: node-0003 # 在 node-0003 节点创建
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources: # 资源策略
requests: # 配额策略
memory: 1100Mi # 内存配额
# 验证配额策略
[root@master ~]# for i in app{1..5};do sed "s,minpod,${i}," minpod.yaml;done |kubectl apply -f -
pod/app1 created
pod/app2 created
pod/app3 created
pod/app4 created
pod/app5 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 4s
app2 1/1 Running 0 4s
app3 1/1 Running 0 4s
app4 0/1 Pending 0 4s
app5 0/1 Pending 0 4s
# 清理实验配置
[root@master ~]# kubectl delete pod --all
计算资源配额
[root@master ~]# vim minpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: minpod
spec:
terminationGracePeriodSeconds: 0
nodeSelector:
kubernetes.io/hostname: node-0003
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: 800m # 计算资源配额
# 验证配额策略
[root@master ~]# for i in app{1..5};do sed "s,minpod,${i}," minpod.yaml;done |kubectl apply -f -
pod/app1 created
pod/app2 created
pod/app3 created
pod/app4 created
pod/app5 created
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
app1 1/1 Running 0 8s
app2 1/1 Running 0 8s
app3 0/1 Pending 0 8s
app4 0/1 Pending 0 8s
app5 0/1 Pending 0 8s
# 清理实验配置
[root@master ~]# kubectl delete pod --all
Pod 资源限额limits
限额内存 CPU
限额内存 CPU
# 创建限额资源对象文件
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: 800m
memory: 2000Mi
[root@master ~]# kubectl apply -f maxpod.yaml
pod/maxpod created
验证内存限额
#拷贝测试文件到容器内 [root@master ~]# kubectl cp memtest.py maxpod:/usr/bin/ [root@master ~]# kubectl exec -it maxpod -- /bin/bash #大于2000Mi,获取资源失败 [root@maxpod /]# memtest.py 2500 Killed #小于2000Mi,获取资源成功 [root@maxpod /]# memtest.py 1500 use memory success press any key to exit :
验证 CPU 限额
[root@master ~]# kubectl exec -it maxpod -- ps aux
USER PID %CPU %MEM VSZ RSS STAT START TIME COMMAND
root 1 79.9 0.0 9924 720 Rs 18:25 1:19 awk BEGIN{while(1){}}
root 8 0.5 0.0 12356 2444 Ss 18:26 0:00 /bin/bash
[root@master ~]# kubectl top pods
NAME CPU(cores) MEMORY(bytes)
maxpod 834m 1Mi
# 清理实验 Pod
[root@master ~]# kubectl delete pod maxpod
pod "maxpod" deleted
全局资源管理
LimitRange
kubectl api-resources | grep -i limitrange寻找kind
默认配额策略
# 创建名称空间 [root@master ~]# kubectl create namespace work namespace/work created # 设置默认配额 [root@master ~]# vim limit.yaml --- apiVersion: v1 kind: LimitRange metadata: name: mylimit namespace: work spec: limits: - type: Container default: #设定了容器的默认资源限制(limits) cpu: 300m memory: 500Mi defaultRequest: #设定了容器的默认资源请求(requests) cpu: 8m memory: 8Mi [root@master ~]# kubectl -n work apply -f limit.yaml limitrange/mylimit created
验证配额策略
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
[root@master ~]# kubectl -n work apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n work describe pod maxpod
... ...
Limits:
cpu: 300m
memory: 500Mi
Requests:
cpu: 10m
memory: 8Mi
... ...
[root@master ~]# kubectl -n work top pods
NAME CPU(cores) MEMORY(bytes)
maxpod 300m 0Mi
自定义资源
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 1100m
memory: 2000Mi
[root@master ~]# kubectl -n work delete -f maxpod.yaml
pod "maxpod" deleted
[root@master ~]# kubectl -n work apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n work describe pod maxpod
... ...
Limits:
cpu: 1100m
memory: 2000Mi
Requests:
cpu: 10m
memory: 10Mi
... ...
[root@master ~]# kubectl -n work top pods maxpod
NAME CPU(cores) MEMORY(bytes)
maxpod 1000m 0Mi
资源配额范围
[root@master ~]# vim limit.yaml --- apiVersion: v1 kind: LimitRange metadata: name: mylimit namespace: work spec: limits: - type: Container default: # 默认资源配置 cpu: 300m memory: 500Mi defaultRequest: # 默认资源请求 cpu: 8m memory: 8Mi max: # 容器资源使用的最大限制 cpu: 800m memory: 1000Mi min: # 容器资源使用的最小限制 cpu: 2m memory: 8Mi [root@master ~]# kubectl -n work apply -f limit.yaml limitrange/mylimit configured [root@master ~]# kubectl -n work delete -f maxpod.yaml pod "maxpod" deleted [root@master ~]# kubectl -n work apply -f maxpod.yaml Error from server (Forbidden): error when creating "maxpod.yaml": pods "maxpod" is forbidden: [maximum cpu usage per Container is 800m, but limit is 1100, maximum memory usage per Container is 1000Mi, but limit is 2000Mi]
多容器资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 800m
memory: 1000Mi
- name: linux1
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 800m
memory: 1000Mi
[root@master ~]# kubectl -n work apply -f maxpod.yaml
pod/maxpod created
[root@master ~]# kubectl -n work get pods
NAME READY STATUS RESTARTS AGE
maxpod 2/2 Running 0 50s
[root@master ~]# kubectl -n work top pods maxpod
NAME CPU(cores) MEMORY(bytes)
maxpod 1610m 0Mi
Pod 资源配额
[root@master ~]# vim limit.yaml --- apiVersion: v1 kind: LimitRange metadata: name: mylimit namespace: work spec: limits: - type: Container default: cpu: 300m memory: 500Mi defaultRequest: cpu: 8m memory: 8Mi max: cpu: 800m memory: 1000Mi min: cpu: 2m memory: 8Mi - type: Pod max: cpu: 1200m memory: 1200Mi min: cpu: 2m memory: 8Mi [root@master ~]# kubectl -n work apply -f limit.yaml limitrange/mylimit configured [root@master ~]# kubectl -n work delete -f maxpod.yaml pod "maxpod" deleted [root@master ~]# kubectl -n work apply -f maxpod.yaml Error from server (Forbidden): error when creating "maxpod.yaml": pods "maxpod" is forbidden: [maximum cpu usage per Pod is 1200m, but limit is 1600m, maximum memory usage per Pod is 1200Mi, but limit is 2097152k]
多个 Pod 消耗资源
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
containers:
- name: linux
image: myos:8.5
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 800m
memory: 1000Mi
# 创建太多Pod,资源也会耗尽
[root@master ~]# for i in app{1..9};do sed "s,maxpod,${i}," maxpod.yaml ;done |kubectl -n work apply -f -
# Pod 创建成功后,查看节点资源使用情况
[root@master ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 81m 4% 1040Mi 27%
node-0001 1800m 90% 403Mi 10%
node-0002 1825m 86% 457Mi 11%
node-0003 1816m 85% 726Mi 19%
node-0004 1823m 86% 864Mi 21%
node-0005 1876m 88% 858Mi 21%
# 清理实验配置
[root@master ~]# kubectl -n work delete pods --all
ResourceQuota:限制某一个资源空间下资源总量
全局配额策略
[root@master ~]# vim quota.yaml --- apiVersion: v1 kind: ResourceQuota metadata: name: myquota namespace: work spec: hard: requests.cpu: 1000m requests.memory: 2000Mi limits.cpu: 5000m limits.memory: 8Gi pods: 3 [root@master ~]# kubectl -n work apply -f quota.yaml resourcequota/myquota created
验证 quota 配额
[root@master ~]# for i in app{1..5};do sed "s,maxpod,${i}," maxpod.yaml ;done |kubectl -n work apply -f -
pod/app1 created
pod/app2 created
pod/app3 created
Error from server (Forbidden): error when creating "STDIN": pods "app4" is forbidden: exceeded quota: myquota, requested: pods=1, used: pods=3, limited: pods=3
Error from server (Forbidden): error when creating "STDIN": pods "app5" is forbidden: exceeded quota: myquota, requested: pods=1, used: pods=3, limited: pods=3
# 删除实验 Pod 与限额规则
[root@master ~]# kubectl -n work delete pods --all
pod "app1" deleted
pod "app2" deleted
pod "app3" deleted
[root@master ~]# kubectl -n work delete -f limit.yaml -f quota.yaml
limitrange "mylimit" deleted
resourcequota "myquota" deleted
[root@master ~]# kubectl delete namespace work
namespace "work" deleted
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
35
0- 0
已为社区贡献2条内容
所有评论(0)