K8s资源限制-Day 06
【代码】K8s资源限制-Day 06。
1. 资源限制概括
(1)如果运行的容器没有定义资源(memory、CPU)等限制,但是在namespace定义了LimitRange限制,那么该容器会继承LimitRange中的默认限制。
(2)如果namespace没有定义LimitRange限制,那么该容器会占用主机尽可能多的资源,直到无资源可用而触发宿主机(OOM Killer)。
2. 资源限制单位
2.1 cpu资源限制单位
官网:https://kubernetes.io/zh-cn/docs/tasks/configure-pod-container/assign-cpu-resource/
CPU 以核心为单位进行限制,单位可以是整核、浮点核心数或毫核(m/milli):
2=2核心=200% 0.5=500m=50% 1.2=1200m=120%
整核:cpu: 2 表示2核,但是它不是说pod直接占用固定的2个核心,而是由系统从多个cpu核心间分配总数在200%左右的时间片(cpu通过时间片做上下文切换)给pod使用。
浮点核心:cpu: 0.5 1.1 1.x
毫核:1000m = 1 100m = 0.1
2.2 内存资源限制单位
官网:https://kubernetes.io/zh-cn/docs/tasks/configure-pod-container/assign-memory-resource/
内存资源的基本单位是字节(byte)。k8s中可以使用这些后缀之一,将内存表示为 纯整数或定点整数:E、P、T、G、M、K、Ei、Pi、Ti、Gi、Mi、Ki。
1536Mi=1.5Gi
在k8s中,"Mi"和"M"都是表示计算资源的单位。
"Mi"表示的是Mebibyte,是一种二进制单位,等于1024 * 1024字节,也就是1,048,576字节。Mi通常用于表示内存大小。
"M"表示的是Megabyte,是一种十进制单位,等于1,000,000字节。M通常用于表示存储大小。
简单来说:Mi表示(1Mi=1024x1024),M表示(1M=1000x1000)(其它单位类推, 如Ki/K Gi/G)
3. k8s是如何分配资源的
3.1 大概分配的逻辑
比如我node节点有4C8G资源,我创建了一个pod,分配了2C2G资源,那么宿主机就还剩2C6G资源。
但是并不是立即扣掉宿主机的2C2G资源,而是在k8s资源池里面记录,我这个node节点分出去了2C2G资源,就算我pod实际上只使用了0.5C 500m资源,
这就是通过kubectl describe no 看到Requests经常比Limits高的原因,避免资源超分造成oom。
3.2 requests(请求)和limits(限制)
(1)requests(请求)为kubernetes scheduler执行pod调度时node节点至少需要拥有的资源(就是node节点必须满足我请求的这些资源才行)。
(2)limits(限制)为pod运行成功后最多可以使用的资源上限(pod启动后用的不是requests,而是limits)。
所以正常来说,requests的值和limits的值设置为相同的是最为合理的。
但是由于工作用,类似java语言开发的应用,有时候会要很多内存,比如8Gi、10Gi,这种情况下,node节点的requests很快就满了,但是limits其实没用多少,所以还要根据实际情况来设置(可以通过监控观察,服务在一段时间内的平均资源使用,根据这个来配置requests)。
并且当node节点内存不足出现oom的时候,k8s会优先驱逐(终止pod运行)该node上requests和limits配置的不一样的pod,所以有条件的话,还是把requests和limits配置成相同的比较好。
4. Pod资源限制演示
4.1 不限制pod使用的资源
4.1.1 编辑yaml
[root@k8s-harbor01 cpu_mem]# cat case1-pod-memory-limit.yml
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
metadata:
name: limit-test-deployment
namespace: myserver
spec:
replicas: 1
selector:
matchLabels: #rs or deployment
app: limit-test-pod
# matchExpressions:
# - {key: app, operator: In, values: [ng-deploy-80,ng-rs-81]}
template:
metadata:
labels:
app: limit-test-pod
spec:
containers:
- name: limit-test-container
image: lorel/docker-stress-ng
#resources:
# limits:
# cpu: 1
# memory: "256Mi"
# requests:
# cpu: 1
# memory: "256Mi"
args: ["--vm", "2", "--vm-bytes", "256M"]
4.1.2 创建pod
[root@k8s-harbor01 cpu_mem]# kubectl apply -f case1-pod-memory-limit.yml
deployment.apps/limit-test-deployment created
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver -o wide |grep test
limit-test-deployment-65c9cd7676-d5khs 1/1 Running 0 56s 10.200.58.223 k8s-node02 <none> <none>
4.1.3 查看资源使用
[root@k8s-harbor01 cpu_mem]# kubectl top po -n myserver limit-test-deployment-65c9cd7676-d5khs # 可以看到pod使用了差不多快2核cpu
NAME CPU(cores) MEMORY(bytes)
limit-test-deployment-65c9cd7676-d5khs 1954m 525Mi
[root@k8s-harbor01 cpu_mem]# kubectl top no k8s-node02 # 可以看到node节点cpu已经打满了
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-node02 2000m 100% 1420Mi 39%
4.2 限制pod使用的资源(requests和limits相同)
推荐requests和limits相同的配置
4.2.1 编辑yaml
[root@k8s-harbor01 cpu_mem]# cat case1-pod-memory-limit.yml
#apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
metadata:
name: limit-test-deployment
namespace: myserver
spec:
replicas: 1
selector:
matchLabels: #rs or deployment
app: limit-test-pod
# matchExpressions:
# - {key: app, operator: In, values: [ng-deploy-80,ng-rs-81]}
template:
metadata:
labels:
app: limit-test-pod
spec:
containers:
- name: limit-test-container
image: lorel/docker-stress-ng
resources:
limits:
cpu: 1
memory: "512Mi"
requests:
cpu: 1
memory: "512Mi"
args: ["--vm", "2", "--vm-bytes", "256M"]
4.2.2 创建pod
[root@k8s-harbor01 cpu_mem]# kubectl apply -f case1-pod-memory-limit.yml
deployment.apps/limit-test-deployment created
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver -owide |grep test
limit-test-deployment-66c8fbf68-8g5xq 1/1 Running 0 28s 10.200.135.139 k8s-node03 <none> <none>
4.2.3 查看资源使用
[root@k8s-harbor01 cpu_mem]# kubectl top no k8s-node03
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-node03 1075m 53% 1415Mi 39%
[root@k8s-harbor01 cpu_mem]# kubectl top po -n myserver limit-test-deployment-66c8fbf68-8g5xq # 这里可以看到,cpu使用最多不会超过1核,说明限制生效了
NAME CPU(cores) MEMORY(bytes)
limit-test-deployment-66c8fbf68-8g5xq 1001m 474Mi
5. LimitRange
官方文档:https://kubernetes.io/zh-cn/docs/concepts/policy/limit-range/
imitRange 是限制命名空间内可为每个适用的对象类别 (例如 Pod 或 PersistentVolumeClaim) 指定的资源分配量(限制和请求)的策略对象。
一个 LimitRange(限制范围) 对象提供的限制能够做到:
(1)在一个命名空间中实施对每个 Pod 或 Container 最小和最大的资源使用量的限制。
(2)在一个命名空间中实施对每个 PersistentVolumeClaim 能申请的最小和最大的存储空间大小的限制。
(3)在一个命名空间中实施对一种资源的申请值和限制值的比值的控制。
(4)设置一个命名空间中对计算资源的默认申请/限制值,并且自动的在运行时注入到多个 Container 中。
(5)当某命名空间中有一个 LimitRange 对象时,将在该命名空间中实施 LimitRange 限制。
5.1 LimitRange yaml讲解
apiVersion: v1
kind: LimitRange
metadata:
name: limitrange
namespace: myserver # 在myserver下创建的LimitRange,只对myserver生效
spec:
limits:
- type: Container #限制的资源类型(容器)
max: # 在myserver ns下创建的容器,最多只能使用2核cpu、2G内存
cpu: "2" #限制单个容器的最大CPU
memory: "2Gi" #限制单个容器的最大内存
min: # 在myserver ns下创建的容器,最低使用的cpu不能低于500m,使用的内存不能低于512M
cpu: "500m" #限制单个容器的最小CPU
memory: "512Mi" #限制单个容器的最小内存
default: # 如果没有配置上面的max,则以这里的配置为准
cpu: "500m" #默认单个容器的CPU限制
memory: "512Mi" #默认单个容器的内存限制
defaultRequest: # 如果没有配置上面的mmin,则以这里的配置为准
cpu: "500m" #默认单个容器的CPU创建请求
memory: "512Mi" #默认单个容器的内存创建请求
maxLimitRequestRatio: # 最大限制请求比例
cpu: 2 #限制CPU比例,limit是request的2倍,超过倍数禁止创建(也就是说我容器cpu request是1,limits就是2,limits除以requests)
memory: 2 #限制内存比例,limit是request的2倍,超过倍数禁止创建
- type: Pod #限制的资源类型(pod)
max:
cpu: "4" #限制单个Pod的最大CPU(不管pod中有多少个容器,使用的cpu加起来不能超过4核)
memory: "4Gi" #限制单个Pod最大内存(不管pod中有多少个容器,使用的内存加起来不能超过4Gi)
- type: PersistentVolumeClaim #限制的资源类型(pvc)
max:
storage: 50Gi #限制PVC最大的requests.storage(分配给pvc的存储不能超过50Gi)
min:
storage: 30Gi #限制PVC最小的requests.storage(分配给pvc的存储不能低于30Gi)
5.2 创建LimitRange
[root@k8s-harbor01 limit_range]# cat case3-LimitRange.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: limit-range
namespace: myserver
spec:
limits:
- type: Container
max:
cpu: "2"
memory: "2Gi"
min:
cpu: "500m"
memory: "512Mi"
default:
cpu: "500m"
memory: "512Mi"
defaultRequest:
cpu: "500m"
memory: "512Mi"
maxLimitRequestRatio:
cpu: 2
memory: 2
- type: Pod
max:
cpu: "4"
memory: "4Gi"
- type: PersistentVolumeClaim
max:
storage: 50Gi
min:
storage: 30Gi
[root@k8s-harbor01 limit_range]# kubectl apply -f case3-LimitRange.yaml
limitrange/limit-range created
[root@k8s-harbor01 limit_range]# kubectl get limitrange -n myserver # limitrange可以简写为limits
NAME CREATED AT
limit-range 2023-07-19T07:18:19Z
[root@k8s-harbor01 limit_range]# kubectl describe limits -n myserver limit-range
Name: limit-range
Namespace: myserver
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 500m 2 500m 500m 2
Container memory 512Mi 2Gi 512Mi 512Mi 2
Pod memory - 4Gi - - -
Pod cpu - 4 - - -
PersistentVolumeClaim storage 30Gi 50Gi - - -
5.3 验证
5.3.1 验证单个容器cpu资源上限配置
5.3.1.1 编辑yaml
[root@k8s-harbor01 cpu_mem]# cat case4-pod-RequestRatio-limit.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: wordpress
name: wordpress
namespace: myserver
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: wordpress
image: nginx:1.16.1
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 2.2 # 调整这里
memory: 1Gi # 调整这里
requests:
cpu: 2.2 # 调整这里(我limitrange配置的容器最大可用cpu为2,这里是2.2,所以肯定创建不了)
memory: 1Gi # 调整这里
5.3.1.2 创建pod
[root@k8s-harbor01 cpu_mem]# kubectl apply -f case4-pod-RequestRatio-limit.yaml
deployment.apps/wordpress created
service/wordpress created
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver |grep wordpress
wordpress 0/1 0 0 28s
5.3.1.3 检查
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver |grep wordpress # 通过命令发现pod没有被创建出来 describe也看不到报错
wordpress 0/1 0 0 28s
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver wordpress -o json
……省略部分内容
"status": {
"conditions": [
……省略部分内容
{
"lastTransitionTime": "2023-07-19T08:00:14Z",
"lastUpdateTime": "2023-07-19T08:00:14Z",
"message": "pods \"wordpress-5ddf7f5b44-tt6rz\" is forbidden: maximum cpu usage per Container is 2, but limit is 2200m", # 看这里:意思是我允许每个容器使用的cpu是2核,但是实际申请了2.2核,超过了我们定义的值,所以pod创建被拒绝了
"reason": "FailedCreate", # 这里可以看到pod创建失败了
"status": "True",
"type": "ReplicaFailure"
}
],
"observedGeneration": 1,
"unavailableReplicas": 1
}
}
5.3.1.4 为什么pod创建失败
# 报错信息
"message": "pods \"wordpress-5ddf7f5b44-tt6rz\" is forbidden: maximum cpu usage per Container is 2, but limit is 2200m"
# limitrange配置
- type: Container
max:
cpu: "2"
memory: "2Gi"
通过上面可以看到,我们允许的容器使用的最大cpu是2核,但是pod中容器申请了2.2核,所以创建失败。
5.3.1.5 修改pod cpu
[root@k8s-harbor01 cpu_mem]# kubectl set resources -n myserver deployment wordpress -c=wordpress --limits=cpu=0.5 --requests=cpu=0.5
5.3.1.6 检查
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver|grep wor # 可以看到pod已经被创建了
wordpress-7d9986c944-q7snl 1/1 Running 0 118s
5.3.1.7 修改pod cpu低于limit range requests
[root@k8s-harbor01 cpu_mem]# kubectl set resources -n myserver deployment wordpress --limits=cpu=0.4 --requests=cpu=0.4 # 最低必须是500m,这里调整的是400
deployment.apps/wordpress resource requirements updated
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver|grep wor # 查看发现并没有新pod创建
wordpress-7f6b844dbf-56zdz 1/1 Running 0 68s
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver wordpress -o json
……省略部分内容
"message": "pods \"wordpress-7986bf4f7-vcbdf\" is forbidden: minimum cpu usage per Container is 500m, but request is 400m", # 从这里可以看到,我们申请的cpu低于了limit range的最低限制,所以无法创建pod
5.3.2 验证多个容器 资源上限配置
5.3.2.1 编辑yaml
[root@k8s-harbor01 cpu_mem]# cat case4-pod-RequestRatio-limit.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: wordpress
name: wordpress
namespace: myserver
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: wordpress
image: nginx:1.16.1
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 2
memory: 1Gi
requests:
cpu: 2
memory: 1Gi
- name: wordpress-php
image: php:5.6-fpm-alpine
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 0.5
memory: 0.5Gi
requests:
cpu: 0.5
memory: 0.5Gi
- name: wordpress-redis
image: redis:4.0.14-alpine
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 1.5
memory: 1Gi
requests:
cpu: 1.5
memory: 1Gi
##### 注意这上面的cpu和内存都是没有超过容器和pod限制的
---
kind: Service
apiVersion: v1
metadata:
labels:
app: wordpress
name: wordpress
namespace: myserver
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
selector:
app: wordpress
5.3.2.2 创建pod
[root@k8s-harbor01 cpu_mem]# kubectl apply -f case4-pod-RequestRatio-limit.yaml
deployment.apps/wordpress created
service/wordpress created
5.3.2.3 检查
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver |grep wo # 这里可以看到pod是能被创建的,只是因为我node节点资源不足,所以没办法调度
wordpress-68cf7d5d68-bz4v8 0/3 Pending 0 21s
5.3.2.4 调整pod资源超出限制
[root@k8s-harbor01 cpu_mem]# kubectl delete -f case4-pod-RequestRatio-limit.yaml
deployment.apps "wordpress" deleted
service "wordpress" deleted
[root@k8s-harbor01 cpu_mem]# cat case4-pod-RequestRatio-limit.yaml
……省略部分内容
containers:
- name: wordpress
image: nginx:1.16.1
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 2
memory: 1Gi
requests:
cpu: 2
memory: 1Gi
- name: wordpress-php
image: php:5.6-fpm-alpine
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 0.5
memory: 2Gi
requests:
cpu: 0.5
memory: 2Gi
- name: wordpress-redis
image: redis:4.0.14-alpine
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 1.5
memory: 2Gi
requests:
cpu: 1.5
memory: 2Gi
……省略部分内容
# 上面直接把pod内存总和调整到超过4Gi
5.3.2.5 创建并检查
[root@k8s-harbor01 cpu_mem]# kubectl apply -f case4-pod-RequestRatio-limit.yaml
deployment.apps/wordpress created
service/wordpress created
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver |grep wo
[root@k8s-harbor01 cpu_mem]#
# 发现并没有pod
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver wordpress -o json
……省略部分内容
"message": "pods \"wordpress-58ff85fdfb-kq69f\" is forbidden: maximum memory usage per Pod is 4Gi, but limit is 5368709120", # 可以看到我们pod请求的内存超过了limitrang的限制,所以创建失败
……省略部分内容
5.3.2.6 调整pod资源恢复正常
[root@k8s-harbor01 cpu_mem]# kubectl set resources -n myserver deployment wordpress -c=wordpress-redis --limits=memory=512Mi --requests=memory=512Mi
deployment.apps/wordpress resource requirements updated
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver|grep wo # 可以看到pod已经创建了
wordpress-8f5495c88-nt4pm 0/3 Pending 0 20s
5.3.3 验证requests和limits的比例配置
5.3.3.1 编辑yaml
[root@k8s-harbor01 cpu_mem]# cat case4-pod-RequestRatio-limit-v1.yaml
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
app: wordpress
name: wordpress
namespace: myserver
spec:
replicas: 1
selector:
matchLabels:
app: wordpress
template:
metadata:
labels:
app: wordpress
spec:
containers:
- name: wordpress
image: nginx:1.16.1
imagePullPolicy: Always
ports:
- containerPort: 80
protocol: TCP
name: http
env:
- name: "password"
value: "123456"
- name: "age"
value: "18"
resources:
limits:
cpu: 1
memory: 2Gi
requests:
cpu: 1
memory: 512Mi
5.3.3.2 创建pod
[root@k8s-harbor01 cpu_mem]# kubectl apply -f case4-pod-RequestRatio-limit-v1.yaml
5.3.3.3 检查
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver wordpress
NAME READY UP-TO-DATE AVAILABLE AGE
wordpress 0/1 0 0 112s
# 发现pod没有被创建出来
[root@k8s-harbor01 cpu_mem]# kubectl get deploy -n myserver wordpress -o yaml
message: 'pods "wordpress-5c9c45d768-rnph5" is forbidden: memory max limit to
request ratio per Container is 2, but provided ratio is 4.000000'
# 通过排查发现是我们容器限制limits和requests比例是2,但是实际上配置的比例是4,足足超了2倍,所以拒绝创建pod
resources:
limits:
cpu: 1
memory: 2Gi
requests:
cpu: 1
memory: 512Mi
# 从上面的配置就能明显的看出来,limits 除以 requests 得出的结果超过我们定义的2了
5.3.3.4 调整比例为正常
[root@k8s-harbor01 cpu_mem]# kubectl set resources -n myserver deployment wordpress --limits=memory=1Gi
deployment.apps/wordpress resource requirements updated
5.3.3.5 检查
[root@k8s-harbor01 cpu_mem]# kubectl get po -n myserver |grep wo # 可以看到pod被成功创建了
wordpress-6b87c45df-k9g4l 1/1 Running 0 21s
5.3.3.6 清理环境
清理上面的环境,别影响下面的实验。
6. namespace级别的资源限制(资源配额)
官方文档:https://kubernetes.io/zh-cn/docs/concepts/policy/resource-quotas/
(1)限定某个对象类型(如Pod、service)可创建对象的总数;
(2)限定某个对象类型可消耗的计算资源(CPU、内存)与存储资源(存储卷声明)总数;
6.1 编辑yaml
[root@k8s-harbor01 resource-quota]# cat ResourceQuota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: resourcequota
namespace: myserver
spec:
hard:
requests.cpu: "2" # 该ns下,所有非终止状态的pod,其cpu请求总量不能超过该值
limits.cpu: "2" # 该ns下,所有非终止状态的pod,其cpu限额总量不能超过该值(所有没退出的pod使用的cpu加起来不能超过8)
requests.memory: 4Gi # 该ns下,所有非终止状态的pod,其内存请求总量不能超过该值
limits.memory: 4Gi # 该ns下,所有非终止状态的pod,其内存限额总量不能超过该值
requests.nvidia.com/gpu: 4 # 请求的gpu总数不能超过4个
pods: "5" # 该ns下,创建的pod总数不能超过该值(工作中基本不会配置这个)
services: "100" # 该ns下,创建的svc总数不能超过该值(工作中基本不会配置这个)
6.2 创建ResourceQuota
[root@k8s-harbor01 resource-quota]# kubectl get quota -n myserver # ResourceQuota可以简写成quota,通过 kubectl api-resources可找到
NAME AGE REQUEST LIMIT
resourcequota 39s pods: 1/5, requests.cpu: 0/2, requests.memory: 0/4Gi, requests.nvidia.com/gpu: 0/4, services: 2/100 limits.cpu: 0/2, limits.memory: 0/4Gi
[root@k8s-harbor01 resource-quota]# kubectl describe quota -n myserver resourcequota # 可以看到我这个ns下已经创建了1个pod,2个svc
Name: resourcequota
Namespace: myserver
Resource Used Hard
-------- ---- ----
limits.cpu 0 2
limits.memory 0 4Gi
pods 1 5
requests.cpu 0 2
requests.memory 0 4Gi
requests.nvidia.com/gpu 0 4
services 2 100
6.3 验证配额
6.3.1 验证pod副本数配额
6.3.1.1 编辑yaml
[root@k8s-harbor01 deployment]# cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-deployment
namespace: myserver
spec:
replicas: 5
selector:
matchLabels:
app: test-deploy
template:
metadata:
labels:
app: test-deploy
spec:
containers:
- name: test-deploy
image: tsk8s.top/baseimages/debian:7
imagePullPolicy: Always
args: ["tail", "-f", "/etc/hosts"]
resources:
limits:
cpu: "400m"
memory: "0.5Gi"
requests:
cpu: "400m"
memory: "500Mi"
imagePullSecrets:
- name: dockerhub-image-pull-key
6.3.1.2 创建pod并检查
[root@k8s-harbor01 deployment]# kubectl apply -f deploy.yaml
deployment.apps/test-deployment created
[root@k8s-harbor01 deployment]# kubectl get deploy -n myserver |grep test # 发现只创建了4个pod,还有一个没创建出来
test-deployment 4/5 4 4 94s
6.3.1.3 排查pod为什么没有被创建
报错的意思是说超出了配额,所以创建pod被拒绝了,因为limited: pods=5,used: pods=5,所以多余的一个pod无法被创建。
6.3.2 验证内存配额
6.3.2.1 编辑yaml
[root@k8s-harbor01 deployment]# cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-deployment
namespace: myserver
spec:
replicas: 1
selector:
matchLabels:
app: test-deploy
template:
metadata:
labels:
app: test-deploy
spec:
containers:
- name: test-deploy
image: tsk8s.top/baseimages/debian:7
imagePullPolicy: Always
args: ["tail", "-f", "/etc/hosts"]
resources:
limits:
cpu: "400m"
memory: "2.5Gi"
requests:
cpu: "400m"
memory: "2.5Gi"
imagePullSecrets:
- name: dockerhub-image-pull-key
6.3.2.2 创建pod并检查
[root@k8s-harbor01 deployment]# kubectl apply -f deploy.yaml
deployment.apps/test-deployment created
[root@k8s-harbor01 deployment]# kubectl get deploy -n myserver |grep test
test-deployment 0/1 0 0 12s
6.3.2.3 排查pod为什么没有被创建
截图很明显的看到,说pod请求了2.5G内存,但是配额只有2G,所以创建被拒绝了。
6.3.2.4 调整内存到配额范围内
[root@k8s-harbor01 deployment]# kubectl set resources -n myserver deployment test-deployment --requests memory=2Gi
deployment.apps/test-deployment resource requirements updated
6.3.2.5 检查pod创建情况
[root@k8s-harbor01 deployment]# kubectl get deploy -n myserver test-deployment
NAME READY UP-TO-DATE AVAILABLE AGE
test-deployment 1/1 1 1 4m7s
[root@k8s-harbor01 deployment]# kubectl get po -n myserver|grep test
test-deployment-6d4cfc756d-2gwlv 1/1 Running 0 40s
[root@k8s-harbor01 deployment]# kubectl describe quota -n myserver resourcequota
Name: resourcequota
Namespace: myserver
Resource Used Hard
-------- ---- ----
limits.cpu 400m 2
limits.memory 2560Mi 4Gi
pods 2 5
requests.cpu 400m 2
requests.memory 2Gi 2Gi
requests.nvidia.com/gpu 0 4
services 2 100
6.3.3 验证cpu核心数配额
6.3.3.1 编辑yaml
[root@k8s-harbor01 deployment]# cat deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: test-deployment
namespace: myserver
spec:
replicas: 1
selector:
matchLabels:
app: test-deploy
template:
metadata:
labels:
app: test-deploy
spec:
containers:
- name: test-deploy
image: tsk8s.top/baseimages/debian:7
imagePullPolicy: Always
args: ["tail", "-f", "/etc/hosts"]
resources:
limits:
cpu: "3"
memory: "2Gi"
requests:
cpu: "400m"
memory: "2Gi"
imagePullSecrets:
- name: dockerhub-image-pull-key
6.3.3.2 创建pod并检查
[root@k8s-harbor01 deployment]# kubectl get deploy -n myserver|grep test # 这里发现pod没有创建出来
test-deployment 0/1 0 0 18s
# 原因:我配额2核cpu,但是我请求了3核,所以pod创建失败
"message": "pods \"test-deployment-54bdf69cdf-q4ks9\" is forbidden: exceeded quota: resourcequota, requested: limits.cpu=3, used: limits.cpu=0, limited: limits.cpu=2",
6.3.3.3 调整cpu为正常范围配额
[root@k8s-harbor01 deployment]# kubectl get po -n myserver|grep test # 可以看到pod已经能正常创建了只是因为node节点资源不足,导致无法调度
test-deployment-85c8d54bb-w2mjd 0/1 Pending 0 40m
更多推荐
所有评论(0)