Kubernetes-ResourceQuota配额限制
Kubernetes通过ResourceQuota来限制一个namespace下面的资源,简单的使用:创建一个namespace:cat <<EOF > create-ns-test.yamlapiVersion: v1kind: Namespacemetadata:name: testEOFkubectl create -f create-ns-t...
Kubernetes通过ResourceQuota来限制一个namespace下面的资源,简单的使用:
创建一个namespace:
cat <<EOF > create-ns-test.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
EOF
kubectl create -f create-ns-test.yaml
创建一个ResourceQuota,限制创建的pod数量为1
cat <<EOF > create-quota-test.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: quota-ns
spec:
hard:
pods: "1"
EOF
kubectl create -f create-quota-test.yaml --namespace=test
查看该配额的信息
kubectl --namespace=test get quota quota-ns -ojson
{
"apiVersion": "v1",
"kind": "ResourceQuota",
"metadata": {
"creationTimestamp": "2018-01-05T09:02:36Z",
"name": "quota-ns",
"namespace": "test",
"resourceVersion": "840722",
"selfLink": "/api/v1/namespaces/test/resourcequotas/quota-ns",
"uid": "2c8f062f-f1f7-11e7-a73c-fa163ea226e1"
},
"spec": {
"hard": {
"pods": "1"
}
},
"status": {
"hard": {
"pods": "1"
},
"used": {
"pods": "0"
}
}
}
先创建一个pod
cat <<EOF > create-pod-test.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-test1
spec:
containers:
- name: nginx
image: 10.10.10.7:8090/library/nginx:1.11.13
ports:
- containerPort: 80
EOF
kubectl --namespace=test create -f create-pod-test.yaml
查看该配额的信息
kubectl --namespace=test get quota quota-ns -ojson
{
"apiVersion": "v1",
"kind": "ResourceQuota",
"metadata": {
"creationTimestamp": "2018-01-05T09:02:36Z",
"name": "quota-ns",
"namespace": "test",
"resourceVersion": "841655",
"selfLink": "/api/v1/namespaces/test/resourcequotas/quota-ns",
"uid": "2c8f062f-f1f7-11e7-a73c-fa163ea226e1"
},
"spec": {
"hard": {
"pods": "1"
}
},
"status": {
"hard": {
"pods": "1"
},
"used": {
"pods": "1"
}
}
}
再创建一个pod
# 先修改下yaml文件中的name
kubectl --namespace=test create -f create-pod-test.yaml
Error from server (Forbidden): error when creating "create-pod-test.yaml": pods "nginx-test2" is forbidden: exceeded quota: quota-ns, requested: pods=1, used: pods=1, limited: pods=1
可以看到已经创建失败,配额限制
ResourceQuota可以限制的配额包括,pod的cpu/内存、pod数量、service数量、rc数量、pvc数量等
目前发现:
1. 一个namespace下面可以创建多个ResourceQuota(ResourceQuota本身也可以限制ResourceQuota的数量),常规的使用是把计算资源quota(cpu、mem等),存储资源quota(storage、pvc等),对象数量quota(pod、service等)分别创建在不同的ResourceQuota下面,但是各个ResourceQuota中的限制项是可以重复的,这时会取最小的值,如下
# 分别创建2个ResourceQuota, 其中
# quota-test1限制pod数量为1,service数量为2
# quota-test2限制pod数量为2,service数量为1
# 在当前namespace下面已经存在1个pod和1个service的情况下:
kubectl create -f create-pod.yaml --namespace=test
Error from server (Forbidden): error when creating "create-pod.yaml": pods "nginx-test1" is forbidden: exceeded quota: quota-test1, requested: pods=1, used: pods=1, limited: pods=1
# 创建pod时,超过quota-test1的配额限制
kubectl create -f create-service.yaml --namespace=test
Error from server (Forbidden): error when creating "create-service.yaml": services "my-nginx-svc1" is forbidden: exceeded quota: quota-test2, requested: services=1, used: services=1, limited: services=1
# 创建service时,超过quota-test2的配额限制
2. ResourceQuota是需要手动创建的,每个namespace没有默认配额,如果当前已经存在资源的情况下(比如存在6个pod)
这时创建一个ResourceQuota限制pod数量为5,可以创建成功,并且已有的pod不会自动删除
3. 如果ResourceQuota中限制了cpu/mem,则创建pod时就必须指定cpu和mem,否则创建失败
kubectl --namespace=test create -f create-pod-test.yaml
Error from server (Forbidden): error when creating "create-pod-test.yaml": pods "nginx-test" is forbidden: failed quota: quota-ns: must specify limits.cpu,limits.memory,requests.cpu,requests.memory
更多推荐
所有评论(0)