kubernetes进阶 -- 资源限制
k8s容器资源限制Kubernetes采用request和limit两种限制类型来对资源进行分配。request(资源需求):资源的下限.即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod。limit(资源限额):即运行Pod期间,可能内存使用量会增加,那最多能使用多少内存,这就是资源限额。资源类型:CPU 的单位是核心数,内存的单位是字节。一个容器申请0.5个CPU,就相当于申请1个
·
k8s容器资源限制
- Kubernetes采用request和limit两种限制类型来对资源进行分配。
- request(资源需求):资源的下限.即运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod。
- limit(资源限额):即运行Pod期间,可能内存使用量会增加,那最多能使用多少内存,这就是资源限额。
- 资源类型:
- CPU 的单位是核心数,内存的单位是字节。
- 一个容器申请0.5个CPU,就相当于申请1个CPU的一半,你也可以加个后缀m 表示千分之一的概念。比如说100m的CPU,100毫的CPU和0.1个CPU都是一样的。
- 内存单位:
- K、M、G、T、P、E
#通常是以1000为换算标准的。 - Ki、Mi、Gi、Ti、Pi、Ei
#通常是以1024为换算标准的。
- K、M、G、T、P、E
内存限制
示例:
[root@server2 ~]# vim demo.yml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: stress
args:
- --vm
- "1" /启动一个worker
- --vm-bytes
- 200M /占用3200M内存
resources:
requests:
memory: 50Mi /最少50Mi
limits:
memory: 100Mi /最多100Mi
这个pod显然是起不来的,因为它要消耗200M内存,而我们最大值设置为100M
[root@server2 ~]# kubectl apply -f demo.yml
kubec getpod/memory-demo created
[root@server2 ~]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
memory-demo 0/1 OOMKilled 1 5s
memory-demo 0/1 CrashLoopBackOff 1 5s
memory-demo 0/1 OOMKilled 2 19s
memory-demo 0/1 CrashLoopBackOff 2 20s
启动失败了.
[root@server2 ~]# kubectl delete pod memory-demo
pod "memory-demo" deleted
[root@server2 ~]# vim demo.yml
resources:
requests:
memory: 50Mi /最少50Mi
limits:
memory: 300Mi /最多改为300Mi
[root@server2 ~]# kubectl apply -f demo.yml
pod/memory-demo created
[root@server2 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
memory-demo 1/1 Running 0 6s
就运行起来了
cpu限制
[root@server2 ~]# vim demo.yml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: stress
args:
- -c
- "2"
resources:
requests:
memory: 50Mi
cpu: 5
limits:
memory: 100Mi
cpu: 10
[root@server2 ~]# kubectl apply -f demo.yml
kpod/memory-demo created
[root@server2 ~]# kubectl get pod -w
NAME READY STATUS RESTARTS AGE
memory-demo 0/1 Pending 0 3s
[root@server2 ~]# kubectl describe pod memory-demo
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling <unknown> default-scheduler 0/3 nodes are available: 3 Insufficient cpu.
调度失败是因为申请的CPU资源超出集群节点所能提供的资源,但CPU 使用率过高,不会被杀死.
为namespace设置资源限制:
如果我们在每次编写清单的时候都要去做一个限制,就是很麻烦的,我们就可以在命名空间做一个限制,方便我们的使用.
[root@server2 ~]# vim limit.yml
apiVersion: v1
kind: LimitRange
metadata:
name: limitrange-memory
spec:
limits:
- default: /默认时最大
cpu: 0.5
memory: 512Mi
defaultRequest: /默认时最小需求
cpu: 0.1
memory: 256Mi
max: /最大
cpu: 1
memory: 1Gi
min: /最小
cpu: 0.1
memory: 100Mi
type: Container
[root@server2 ~]# kubectl apply -f limit.yml
limitrange/limitrange-memory created
[root@server2 ~]# kubectl describe limitranges limitrange-memory
Name: limitrange-memory
Namespace: default
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 100m 1 100m 500m -
Container memory 100Mi 1Gi 256Mi 512Mi -
[root@server2 ~]# vim demo.yml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: myapp:v1
resources:
requests:
memory: 50Mi /小于min的内存大小
cpu: 1
limits:
memory: 300Mi
cpu: 10 /超出了max
[root@server2 ~]# kubectl apply -f demo.yml
Error from server (Forbidden): error when creating "demo.yml": pods "memory-demo" is forbidden: [minimum memory usage per Container is 100Mi, but request is 50Mi, maximum cpu usage per Container is 1, but limit is 10]
不能运行.
[root@server2 ~]# vim demo.yml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: myapp:v1
resources:
requests:
memory: 100Mi
cpu: 0.1
limits:
memory: 300Mi
cpu: 1
[root@server2 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
memory-demo 1/1 Running 0 14s
设置符合的大小就可以运行了.
当我们不定义时,就会使用命名空间默认的限制.
[root@server2 ~]# cat demo.yml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: myapp:v1
# resources:
# requests:
# memory: 100Mi
# cpu: 0.1
# limits:
# memory: 300Mi
# cpu: 1
[root@server2 ~]# kubectl apply -f demo.yml
pod/memory-demo created
[root@server2 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
memory-demo 1/1 Running 0 20s
[root@server2 ~]# kubectl describe pod memory-demo
Limits:
cpu: 500m
memory: 512Mi
Requests:
cpu: 100m
memory: 256Mi
这些就是从命名空间下默认的限制过来的.
LimitRange 在 namespace 中施加的最小和最大内存限制只有在创建和更新 Pod 时才会被应用。改变 LimitRange 不会对之前创建的 Pod 造成影响。
为namespace设置资源配额
资源配额不只能配额cpu 和mem,还可以对pod ,secret, rs ,pvc ,cm 等进行限制
[root@server2 ~]# cat quota.yml
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
[root@server2 ~]# kubectl apply -f quota.yml
resourcequota/mem-cpu-demo created
[root@server2 ~]# kubectl get resourcequotas
NAME AGE REQUEST LIMIT
mem-cpu-demo 7s requests.cpu: 100m/1, requests.memory: 256Mi/1Gi limits.cpu: 500m/2, limits.memory: 512Mi/2Gi
[root@server2 ~]# kubectl describe resourcequotas mem-cpu-demo
Name: mem-cpu-demo
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 500m 2
limits.memory 512Mi 2Gi
requests.cpu 100m 1
requests.memory 256Mi 1Gi
配额的作用:
- 创建的ResourceQuota对象将在default名字空间中添加以下限制:
- 每个容器必须设置内存请求(memory request),内存限额(memorylimit),cpu请求(cpu request)和cpu限额(cpu limit)。
- 所有容器的内存请求总额不得超过1 GiB。
- 所有容器的内存限额总额不得超过2 GiB。
- 所有容器的CPU请求总额不得超过1 CPU。
- 所有容器的CPU限额总额不得超过2 CPU。
kubec [root@server2 ~]# kubectl delete limitranges limitrange-memory /删除默认的限制
limitrange "limitrange-memory" deleted
[root@server2 ~]# kubectl apply -f demo.yml
Error from server (Forbidden): error when creating "demo.yml": pods "memory-demo" is forbidden: failed quota: mem-cpu-demo: must specify limits.cpu,limits.memory,requests.cpu,requests.memory
就起不来了,因为配额要求我们必须设置请求和限制,所以我么资源清单没有限制并且默认命名空间没有默认的限制时,就会运行不起来.
root@server2 ~]# vim demo.yml
[root@server2 ~]# cat demo.yml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: myapp:v1
resources:
requests:
memory: 100Mi
cpu: 0.1
limits:
memory: 300Mi
cpu: 1
[root@server2 ~]# kubectl apply -f demo.yml
pod/memory-demo created
[root@server2 ~]# kubectl describe resourcequotas
Name: mem-cpu-demo
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 1 2
limits.memory 300Mi 2Gi
requests.cpu 100m 1
requests.memory 100Mi 1Gi
为 Namespace 配置Pod配额:
[root@server2 ~]# vim quota.yml
[root@server2 ~]# cat quota.yml
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
pods: "2" /加上对pod数量的限制
[root@server2 ~]# kubectl apply -f quota.yml
resourcequota/mem-cpu-demo configured
[root@server2 ~]# kubectl describe resourcequotas
Name: mem-cpu-demo
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 1 2
limits.memory 300Mi 2Gi
pods 1 2 出现了
requests.cpu 100m 1
requests.memory 100Mi 1Gi
[root@server2 ~]# kubectl apply -f limit.yml
limitrange/limitrange-memory created
[root@server2 ~]# kubectl run demo --image=myapop:v1
pod/demo created
[root@server2 ~]# kubectl run demo-2 --image=myapop:v1
Error from server (Forbidden): pods "demo-2" is forbidden: exceeded quota: mem-cpu-demo, requested: pods=1, used: pods=2, limited: pods=2
由于限制了pod数量,所以我们在运行第三个pod时失败,被拒绝了.
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)