K8s全局资源配额 资源监控工具
创建一个名称空间,以名称为单位,在这个名称空间中创建的容器都会受到规则的限制k8s支持的全局资源配额方式有:LimitRange对内存CPU存储进行配额ResouceQuota对Pod的进行配额验证,创建一个pod不给配额策略查看是否有配额用户自定义资源配额资源配额范围(max min)多容器资源配额基于 Pod 的资源配额全局 quota 配额创建太多Pod,资源也会耗尽[root@master
·
全局资源配额
创建一个名称空间,以名称为单位,在这个名称空间中创建的容器都会受到规则的限制
k8s支持的全局资源配额方式有:
LimitRange对内存CPU存储进行配额
ResouceQuota对Pod的进行配额
默认配额策略
# 创建名称空间
[root@master ~]# kubectl create namespace myns
namespace/myns created
# 设置默认配额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: myns
spec:
limits:
- type: Container
default:
cpu: 300m
memory: 500Mi
defaultRequest:
cpu: 8m
memory: 8Mi
[root@master ~]# kubectl -n myns apply -f mynslimit.yaml
limitrange/mylimit created 验证,创建一个pod不给配额策略
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]查看是否有配额
[root@master ~]# kubectl -n myns describe pod maxpod
... ...
Limits:
cpu: 300m
memory: 500Mi
Requests:
cpu: 10m
memory: 8Mi
... ...用户自定义资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: linux
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "1000m"
memory: "2000Mi"资源配额范围(max min)
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: myns
spec:
limits:
- type: Container
default:
cpu: 300m
memory: 500Mi
defaultRequest:
cpu: 8m
memory: 8Mi
max:
cpu: "800m"
memory: "1000Mi"
min:
cpu: "2m"
memory: "8Mi"多容器资源配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: c1
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "800m"
memory: "1000Mi"
- name: c2
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
limits:
cpu: "800m"
memory: "1000Mi"基于 Pod 的资源配额
[root@master ~]# vim mynslimit.yaml
---
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: myns
spec:
limits:
- type: Container
default:
cpu: 300m
memory: 500Mi
defaultRequest:
cpu: 8m
memory: 8Mi
max:
cpu: "800m"
memory: "1000Mi"
min:
cpu: "2m"
memory: "8Mi"
- type: Pod
max:
cpu: "1200m"
memory: "1200Mi"
min:
cpu: "2m"
memory: "8Mi"全局 quota 配额
[root@master ~]# vim maxpod.yaml
---
kind: Pod
apiVersion: v1
metadata:
name: maxpod
spec:
terminationGracePeriodSeconds: 0
restartPolicy: Always
containers:
- name: c1
image: myos:v2009
command: ["awk", "BEGIN{while(1){}}"]
resources:
requests:
cpu: "8m"
memory: "8Mi"
limits:
cpu: "600m"
memory: "1000Mi"创建太多Pod,资源也会耗尽
[root@master ~]# for i in app{1..9};do sed "s,maxpod,${i}," maxpod.yaml ;done |kubectl -n myns apply -f -
基于总数量配额
[root@master ~]# vim mynsquota.yaml
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: myquota
namespace: myns
spec:
hard:
requests.cpu: "1000m"
requests.memory: "2000Mi"
limits.cpu: "5000m"
limits.memory: "8Gi"
pods: "3"资源监控组件
利用Metrics-server插件统计pod资源使用情况(kubectl top pod)
集群核心监控数据的聚合器,各节点的pod监控数据
通过kubelet获取node和pod的cpu 内存 等 为调度器 弹性控制器 dashboard提供数据来源
配置授权令牌
[root@master ~]# echo 'serverTLSBootstrap: true' >>/var/lib/kubelet/config.yaml
[root@master ~]# systemctl restart kubelet
[root@master ~]# kubectl get certificatesigningrequests.certificates.k8s.io
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-6zhbx 14s kubernetes.io/kubelet-serving system:node:master <none> Pending
[root@master ~]# kubectl certificate approve csr-6zhbx
certificatesigningrequest.certificates.k8s.io/csr-6zhbx approved
[root@master ~]# kubectl get certificatesigningrequests.certificates.k8s.io
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-6zhbx 28s kubernetes.io/kubelet-serving system:node:master <none> Approved,Issued资源监控插件(metrics)
先有这个插件的包
[root@master metrics]# docker load -i metrics-server.tar.xz
[root@master metrics]# docker tag k8s.gcr.io/metrics-server/metrics-server:v0.5.2 registry:5000/plugins/metrics-server:v0.5.2
[root@master metrics]# docker push registry:5000/plugins/metrics-server:v0.5.2
[root@master metrics]# docker rmi k8s.gcr.io/metrics-server/metrics-server:v0.5.2 registry:5000/plugins/metrics-server:v0.5.2
[root@master metrics]# sed -ri 's,^(\s+image: ).+/(.+),\1registry:5000/plugins/\2,' components.yaml
138: image: registry:5000/plugins/metrics-server:v0.5.2
[root@master metrics]# kubectl apply -f components.yaml
[root@master metrics]# kubectl -n kube-system get pods -l k8s-app=metrics-server
NAME READY STATUS RESTARTS AGE
metrics-server-ddb449849-c6lkc 1/1 Running 0 64s
[root@master metrics]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 99m 4% 1005Mi 27%
node-0001 <unknown> <unknown> <unknown> <unknown>为计算节点签发证书
#--------------- 签发 node-0001 证书 -----------------
[root@node-0001 ~]# echo 'serverTLSBootstrap: true' >>/var/lib/kubelet/config.yaml
[root@node-0001 ~]# systemctl restart kubelet
# 在 master 上签发证书
[root@master ~]# kubectl get certificatesigningrequests.certificates.k8s.io
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-6zhbx 14m kubernetes.io/kubelet-serving master <none> Approved,Issued
csr-p97jk 28s kubernetes.io/kubelet-serving node-0001 <none> Pending
[root@master ~]# kubectl certificate approve csr-p97jk
certificatesigningrequest.certificates.k8s.io/csr-p97jk approved
[root@master ~]# kubectl get certificatesigningrequests.certificates.k8s.io
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-6zhbx 14m kubernetes.io/kubelet-serving master <none> Approved,Issued
csr-p97jk 28s kubernetes.io/kubelet-serving node-0001 <none> Approved,Issued
验证 metrics 插件
[root@master ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 92m 4% 995Mi 26%
node-0001 28m 1% 327Mi 8%
node-0002 28m 1% 365Mi 9%
node-0003 32m 1% 338Mi 9% 
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献11条内容
所有评论(0)