Kubernetes container资源配额 LimitRange
程序员文章站
2022-03-14 20:29:08
...
资源配额 LimitRange
默认情况下,K8s集群上的容器对计算资源没有任何限制,可能会导致个别容器资源过大导致影响其他容器正常工作,这时可以使用LimitRange定义容器默认CPU和内存请求值或者最大上限。(默认是使用宿主机上面所有的资源)
在哪个命名空间下面创建,那么就是应用在哪个命名空间。
LimitRange限制维度:
• 限制容器配置requests.cpu/memory,limits.cpu/memory的最小、最大值
• 限制容器配置requests.cpu/memory,limits.cpu/memory的默认值
• 限制PVC配置requests.storage的最小、最大值
限制创建pod设置request和limit,最小得超过最小值,但是不能超过最大值,就是最小和最大的限
制。下面是针对于pod下面的每一个容器的。
[[email protected] limitrnage]# kubectl apply -f test1.yaml
limitrange/cpu-memory-min-max created
[[email protected] limitrnage]# cat test1.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-memory-min-max
namespace: dev1
spec:
limits:
- max: #容器能够设置limit最大值
cpu: 1
memory: 1Gi
min: #容器能够设置request最小值
cpu: 200m
memory: 200Mi
type: Container
[[email protected] limitrnage]# kubectl get limits -n dev1
NAME CREATED AT
cpu-memory-min-max 2021-07-02T01:01:16Z
[[email protected] limitrnage]# kubectl describe limits cpu-memory-min-max -n dev1
Name: cpu-memory-min-max
Namespace: dev1
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 200m 1 1 1 -
Container memory 200Mi 1Gi 1Gi 1Gi
测试request,小于request
[[email protected] limitrnage]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: dev1
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: 100m
memory: 100Mi
[[email protected] limitrnage]# kubectl apply -f pod.yaml
Error from server (Forbidden): error when creating "pod.yaml": pods "web" is forbidden: [minimum cpu usage per Container is 200m, but request is 100m, minimum memory usage per Container is 200Mi, but request is 100Mi]
request值大于limit
[[email protected] limitrnage]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: dev1
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: 1500m
memory: 400Mi
[[email protected] limitrnage]# kubectl apply -f pod.yaml
The Pod "web" is invalid: spec.containers[0].resources.requests: Invalid value: "1500m": must be less than or equal to cpu limit
测试limit,request值正常,但是limit的值不符合要求,超过CPU限制
[[email protected] limitrnage]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: dev1
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: 300m
memory: 400Mi
limits:
cpu: 2
memory: 1Gi
[[email protected] limitrnage]# kubectl apply -f pod.yaml
Error from server (Forbidden): error when creating "pod.yaml": pods "web" is forbidden: maximum cpu usage per Container is 1, but limit is 2
超过mem限制
[[email protected] limitrnage]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: dev1
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: 300m
memory: 400Mi
limits:
cpu: 500m
memory: 2Gi
[[email protected] limitrnage]# kubectl apply -f pod.yaml
Error from server (Forbidden): error when creating "pod.yaml": pods "web" is forbidden: maximum memory usage per Container is 1Gi, but limit is 2Gi
计算资源默认值限制
不指定request和limit的值的时候,会发生什么变化。
#在设置的上面的limit最大值和request最小值的的时候,如果创建容器不指定其resources字段,默认以limit最大值进行分配
[[email protected] limitrnage]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: dev1
spec:
containers:
- image: nginx
name: nginx
[[email protected] limitrnage]# kubectl apply -f pod.yaml
pod/web created
[[email protected] limitrnage]# kubectl describe pod web -n dev1
Name: web
Namespace: dev1
Priority: 0
......................................
Limits: #可以看到是以最大值进行分配
cpu: 1
memory: 1Gi
Requests:
cpu: 1
memory: 1Gi
所以还要设置一个默认值,否则默认值会比较大,因为参考的是最大值。
[[email protected] limitrnage]# cat test1.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-memory-min-max
namespace: dev1
spec:
limits:
- max:
cpu: 1
memory: 1Gi
min:
cpu: 200m
memory: 200Mi
defaultRequest:
cpu: 300m
memory: 300Mi
type: Container
[[email protected] limitrnage]# kubectl describe limits cpu-memory-min-max -n dev1
Name: cpu-memory-min-max
Namespace: dev1
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 200m 1 300m 1 -
Container memory 200Mi 1Gi 300Mi 1Gi -
[[email protected] limitrnage]# cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
namespace: dev1
spec:
containers:
- image: nginx
name: nginx
[[email protected] limitrnage]# kubectl apply -f pod.yaml
pod/web created
[[email protected] limitrnage]# kubectl get pod -n dev1
NAME READY STATUS RESTARTS AGE
web 1/1 Running 0 19s
[[email protected] limitrnage]# kubectl describe pod web -n dev1
Name: web
Namespace: dev1
.............................................
Limits:
cpu: 1
memory: 1Gi
Requests:
cpu: 300m
memory: 300Mi
存储资源最大、最小限制:pvc申请超过10G会拒绝,低于1G也会拒绝,这个范围就是1-10G
[[email protected] limitrnage]# kubectl describe limits storage-min-max -n dev1
Name: storage-min-max
Namespace: dev1
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
PersistentVolumeClaim storage 1Gi 10Gi - - -
[[email protected] limitrnage]# cat test2.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: storage-min-max
namespace: dev1
spec:
limits:
- type: PersistentVolumeClaim
max:
storage: 10Gi
min:
storage: 1Gi
[[email protected] limitrnage]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
namespace: dev1
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 15Gi
storageClassName: nfs
[[email protected] limitrnage]# kubectl apply -f pvc.yaml
Error from server (Forbidden): error when creating "pvc.yaml": persistentvolumeclaims "nfs-pvc" is forbidden: maximum storage usage per PersistentVolumeClaim is 10Gi, but request is 15Gi