k8s(十)— 资源限制(cpu、memory)
1. k8s容器资源限制
·
1. k8s容器资源限制简介
2. k8s容器资源限制实施
2.1 内存限制示例
[root@server1 ~]# docker search stress 搜索测试镜像stress
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
progrium/stress 42 [OK]
[root@server1 ~]# docker pull progrium/stress 拉取镜像
[root@server1 ~]# docker tag progrium/stress:latest reg.westos.org/library/stress:latest 改标签
[root@server1 ~]# docker push reg.westos.org/library/stress:latest 上传镜像到仓库
[root@server2 ~]# mkdir limit
[root@server2 ~]# cd limit/
[root@server2 limit]# vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: stress ##这个镜像可以直接模拟资源的使用
args:
- --vm
- "1" 开启1个worker
- --vm-bytes
- 200M ##使用200M
resources:
requests:
memory: 50Mi
limits:
memory: 100Mi ##限制100M
[root@server2 limit]# kubectl apply -f pod.yaml 创建
pod/memory-demo created
[root@server2 limit]# kubectl get pod 创建pod失败,限制100mi,需要200mi,如果容器超过其内存限制,则会被终止。
NAME READY STATUS RESTARTS AGE
memory-demo 0/1 OOMKilled 0 4s
2.2 cpu限制示例
apiVersion: v1
kind: Pod
metadata:
name: cpu-demo
spec:
containers:
- name: cpu-demo
image: stress
resources:
limits:
cpu: "10"
requests:
cpu: "5" 要求cpu最低5个,但是最低不可能达到5个只有2个cpu
args:
- -c
- "2"
[root@server2 limit]# kubectl apply -f cpu.yaml 创建
pod/cpu-demo created
[root@server2 limit]# kubectl get pod 查看pod,pod一直处于等待状态
NAME READY STATUS RESTARTS AGE
cpu-demo 0/1 Pending 0 113s
[root@server2 limit]# kubectl delete -f cpu.yaml 回收
pod "cpu-demo" deleted
[root@server2 limit]# vim cpu.yaml
apiVersion: v1
kind: Pod
metadata:
name: cpu-demo
spec:
containers:
- name: cpu-demo
image: stress
resources:
limits:
cpu: "2" 设置最大2个
requests:
cpu: "1" 最小1个
args:
- -c
- "2"
[root@server2 limit]# kubectl apply -f cpu.yaml
pod/cpu-demo created
[root@server2 limit]# kubectl get pod 查看pod,符合要求,运行成功
NAME READY STATUS RESTARTS AGE
cpu-demo 1/1 Running 0 12s
2.3为namespace设置资源限制
apiVersion: v1
kind: LimitRange 限制namespace的内存使用
metadata:
name: limitrange-demo
spec:
limits:
- default: namespace为default
cpu: 0.5 defaulet的最大cpu为0.5个
memory: 512Mi
defaultRequest:
cpu: 0.1 defaulet的最小cpu为0.1个
memory: 256Mi
max: 表示在创建pod时最多不能超过1个cpu
cpu: 1
memory: 1Gi 内存不超过1G
min:
cpu: 0.1 表示在创建pod时最多不能超过0.1个cpu
memory: 100Mi
type: Container
[root@server2 limit]# kubectl apply -f ns.yaml 创建
limitrange/limitrange-demo created
[root@server2 limit]# kubectl describe limitranges 查看namespace资源限制详细信息
Name: limitrange-demo
Namespace: default
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 100m 1 100m 500m -
Container memory 100Mi 1Gi 256Mi 512Mi
[root@server2 limit]# vim pod.yaml 重新编辑pod文件 -
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: nginx 用nginx镜像
# resources: 去掉pod资源限制
# requests:
# memory: 50Mi
# limits:
# memory: 100Mi
[root@server2 limit]# kubectl apply -f pod.yaml 创建
pod/memory-demo created
[root@server2 limit]# kubectl describe pod memory-demo 查看memory-demo pod详细信息
测试:
[root@server2 limit]# kubectl describe limitranges 查看namespace资源限制详细信息
Name: limitrange-demo
Namespace: default
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 100m 1 100m 500m -
Container memory 100Mi 1Gi 256Mi 512Mi
[root@server2 limit]# vim pod.yaml 自定义设置pod资源限制
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: nginx
resources: 设置资源限制
requests:
memory: 50Mi 内存要求最小是100Mi,这里只有50Mi,不符合默认default里设置的pod资源限制要求
limits:
memory: 100Mi
[root@server2 limit]# kubectl apply -f pod.yaml 创建失败,不符合资源限制要求
Error from server (Forbidden): error when creating "pod.yaml": pods "memory-demo" is forbidden: minimum memory usage per Container is 100Mi, but request is 50Mi
[root@server2 limit]# vim pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: nginx
resources:
requests:
memory: 100Mi cpu 和memory 符合资源限制要求
cpu: 0.1
limits:
memory: 200Mi
cpu: 0.5
[root@server2 limit]# kubectl apply -f pod.yaml 创建成功
pod/memory-demo created
注:默认的namespace(default)设置了pod资源限制,自己创建的pod无论加不加资源限制都会被默认的default限制
2.4 为 Namespace 配置Pod资源配额
[root@server2 limit]# kubectl delete -f pod.yaml 回收之前的pod
pod "memory-demo" deleted
[root@server2 limit]# vim quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
[root@server2 limit]# kubectl apply -f quota.yaml 创建
resourcequota/mem-cpu-demo created
[root@server2 limit]# kubectl describe quota 查看配额详细信息
Name: mem-cpu-demo
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 0 2
limits.memory 0 2Gi
requests.cpu 0 1
requests.memory 0 1Gi
[root@server2 limit]# kubectl apply -f pod.yaml 创建pod
pod/memory-demo created
[root@server2 limit]# kubectl get pod 查看pod,运行成功
NAME READY STATUS RESTARTS AGE
memory-demo 1/1 Running 0 48s
[root@server2 limit]# kubectl describe quota 查看配额详细信息
Name: mem-cpu-demo
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 500m 2
limits.memory 200Mi 2Gi
requests.cpu 100m 1
requests.memory 100Mi 1Gi
配额表示当前namespace(default)创建的所有容器资源总和不能超过设定的配额
[root@server2 limit]# kubectl run demo --image=nginx 运行一个容器,不加任何资源限制,就是设置的默认的default中pod资源限制
pod/demo created
[root@server2 limit]# kubectl describe quota 查看配额
Name: mem-cpu-demo
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 1 2
limits.memory 712Mi 2Gi 可以发现资源是不断叠加的
requests.cpu 200m 1
requests.memory 356Mi 1Gi
一但设置配额必须启用资源限制,示例如下:
[root@server2 limit]# kubectl delete -f pod.yaml 将pod都回收
pod "memory-demo" deleted
[root@server2 limit]# kubectl delete pod demo
pod "demo" deleted
[root@server2 limit]# kubectl delete -f ns.yaml 再回收namespace默认资源限额
limitrange "limitrange-demo" deleted
[root@server2 limit]# kubectl run demo --image=nginx 运行容器不能运行,所以一但创建配额必须要设置资源限制
Error from server (Forbidden): pods "demo" is forbidden: failed quota: mem-cpu-demo: must specify limits.cpu,limits.memory,requests.cpu,requests.memory
2.5 为 Namespace 配置Pod数量配额
[root@server2 limit]# vim quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: pod-demo
spec:
hard:
pods: "2" 只能运行2个pod
[root@server2 limit]# kubectl apply -f ns.yaml 设置配额需要先加上资源限额
limitrange/limitrange-demo created
[root@server2 limit]# kubectl apply -f quota.yaml 创建配额
resourcequota/mem-cpu-demo unchanged
resourcequota/pod-demo created
[root@server2 limit]# kubectl get quota
NAME AGE REQUEST LIMIT
mem-cpu-demo 34m requests.cpu: 0/1, requests.memory: 0/1Gi limits.cpu: 0/2, limits.memory: 0/2Gi
pod-demo 3m13s pods: 0/2 配额已经添加成功
[root@server2 limit]# kubectl run demo --image=nginx 运行pod
pod/demo created
[root@server2 limit]# kubectl run demo2 --image=nginx 再开一个pod。可以运行
pod/demo2 created
[root@server2 limit]# kubectl run demo3 --image=nginx 在开第3个,不能运行
Error from server (Forbidden): pods "demo3" is forbidden: exceeded quota: pod-demo, requested: pods=1, used: pods=2, limited: pods=2
[root@server2 limit]# kubectl delete pod --all 删除所有pod
pod "demo" deleted
pod "demo2" deleted
[root@server2 limit]# kubectl delete -f quota.yaml 回收资源
resourcequota "mem-cpu-demo" deleted
resourcequota "pod-demo" deleted
[root@server2 limit]# kubectl delete -f ns.yaml 回收资源
limitrange "limitrange-demo" deleted
更多推荐
已为社区贡献2条内容
所有评论(0)