欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Kubernetes container资源配额 LimitRange

程序员文章站 2022-03-14 20:29:08
...

资源配额 LimitRange


默认情况下,K8s集群上的容器对计算资源没有任何限制,可能会导致个别容器资源过大导致影响其他容器正常工作,这时可以使用LimitRange定义容器默认CPU和内存请求值或者最大上限。(默认是使用宿主机上面所有的资源)
在哪个命名空间下面创建,那么就是应用在哪个命名空间。
LimitRange限制维度:
• 限制容器配置requests.cpu/memory,limits.cpu/memory的最小、最大值
• 限制容器配置requests.cpu/memory,limits.cpu/memory的默认值
• 限制PVC配置requests.storage的最小、最大值
限制创建pod设置request和limit,最小得超过最小值,但是不能超过最大值,就是最小和最大的限
制。下面是针对于pod下面的每一个容器的。
[[email protected] limitrnage]# kubectl apply -f test1.yaml 
limitrange/cpu-memory-min-max created
[[email protected] limitrnage]# cat test1.yaml 
apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-memory-min-max
  namespace: dev1
spec:
  limits:
  - max: #容器能够设置limit最大值
      cpu: 1
      memory: 1Gi
    min: #容器能够设置request最小值
      cpu: 200m 
      memory: 200Mi
    type: Container
[[email protected] limitrnage]# kubectl get limits -n dev1
NAME                 CREATED AT
cpu-memory-min-max   2021-07-02T01:01:16Z
[[email protected] limitrnage]# kubectl describe limits cpu-memory-min-max  -n dev1
Name:       cpu-memory-min-max
Namespace:  dev1
Type        Resource  Min    Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---    ---  ---------------  -------------  -----------------------
Container   cpu       200m   1    1                1              -
Container   memory    200Mi  1Gi  1Gi              1Gi    

测试request,小于request

[[email protected] limitrnage]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web
  namespace: dev1
spec:
  containers:
  - image: nginx
    name: nginx
    resources:
      requests:
        cpu: 100m
        memory: 100Mi


[[email protected] limitrnage]# kubectl apply -f pod.yaml 
Error from server (Forbidden): error when creating "pod.yaml": pods "web" is forbidden: [minimum cpu usage per Container is 200m, but request is 100m, minimum memory usage per Container is 200Mi, but request is 100Mi]

request值大于limit

[[email protected] limitrnage]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web
  namespace: dev1
spec:
  containers:
  - image: nginx
    name: nginx
    resources:
      requests:
        cpu: 1500m
        memory: 400Mi

[[email protected] limitrnage]# kubectl apply -f pod.yaml 
The Pod "web" is invalid: spec.containers[0].resources.requests: Invalid value: "1500m": must be less than or equal to cpu limit

测试limit,request值正常,但是limit的值不符合要求,超过CPU限制

[[email protected] limitrnage]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web
  namespace: dev1
spec:
  containers:
  - image: nginx
    name: nginx
    resources:
      requests:
        cpu: 300m
        memory: 400Mi
      limits:
        cpu: 2
        memory: 1Gi 

[[email protected] limitrnage]# kubectl apply -f pod.yaml 
Error from server (Forbidden): error when creating "pod.yaml": pods "web" is forbidden: maximum cpu usage per Container is 1, but limit is 2

超过mem限制 

[[email protected] limitrnage]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web
  namespace: dev1
spec:
  containers:
  - image: nginx
    name: nginx
    resources:
      requests:
        cpu: 300m
        memory: 400Mi
      limits:
        cpu: 500m
        memory: 2Gi 

[[email protected] limitrnage]# kubectl apply -f pod.yaml 
Error from server (Forbidden): error when creating "pod.yaml": pods "web" is forbidden: maximum memory usage per Container is 1Gi, but limit is 2Gi

计算资源默认值限制


不指定request和limit的值的时候,会发生什么变化。

#在设置的上面的limit最大值和request最小值的的时候,如果创建容器不指定其resources字段,默认以limit最大值进行分配

[[email protected] limitrnage]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web
  namespace: dev1
spec:
  containers:
  - image: nginx
    name: nginx

[[email protected] limitrnage]# kubectl apply -f pod.yaml 
pod/web created
[[email protected] limitrnage]# kubectl describe pod web -n dev1
Name:         web
Namespace:    dev1
Priority:     0
......................................
    Limits:                       #可以看到是以最大值进行分配
      cpu:     1
      memory:  1Gi
    Requests:
      cpu:        1
      memory:     1Gi

所以还要设置一个默认值,否则默认值会比较大,因为参考的是最大值。

[[email protected] limitrnage]# cat test1.yaml 
apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-memory-min-max
  namespace: dev1
spec:
  limits:
  - max: 
      cpu: 1
      memory: 1Gi
    min: 
      cpu: 200m 
      memory: 200Mi
    defaultRequest:
      cpu: 300m
      memory: 300Mi
    type: Container 

[[email protected] limitrnage]# kubectl describe limits cpu-memory-min-max -n dev1
Name:       cpu-memory-min-max
Namespace:  dev1
Type        Resource  Min    Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---    ---  ---------------  -------------  -----------------------
Container   cpu       200m   1    300m             1              -
Container   memory    200Mi  1Gi  300Mi            1Gi            -

[[email protected] limitrnage]# cat pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web
  namespace: dev1
spec:
  containers:
  - image: nginx
    name: nginx
[[email protected] limitrnage]# kubectl apply -f pod.yaml 
pod/web created
[[email protected] limitrnage]# kubectl get pod -n dev1
NAME   READY   STATUS    RESTARTS   AGE
web    1/1     Running   0          19s
[[email protected] limitrnage]# kubectl  describe pod web -n dev1
Name:         web
Namespace:    dev1
.............................................
    Limits:
      cpu:     1
      memory:  1Gi
    Requests:
      cpu:        300m
      memory:     300Mi

存储资源最大、最小限制:pvc申请超过10G会拒绝,低于1G也会拒绝,这个范围就是1-10G
[[email protected] limitrnage]# kubectl describe limits storage-min-max  -n dev1
Name:                  storage-min-max
Namespace:             dev1
Type                   Resource  Min  Max   Default Request  Default Limit  Max Limit/Request Ratio
----                   --------  ---  ---   ---------------  -------------  -----------------------
PersistentVolumeClaim  storage   1Gi  10Gi  -                -              -
[[email protected] limitrnage]# cat test2.yaml 
apiVersion: v1
kind: LimitRange
metadata:
  name: storage-min-max
  namespace: dev1
spec:
  limits:
  - type: PersistentVolumeClaim
    max:
      storage: 10Gi
    min:
      storage: 1Gi
[[email protected] limitrnage]# cat pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs-pvc
  namespace: dev1
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 15Gi
  storageClassName: nfs


[[email protected] limitrnage]# kubectl apply -f pvc.yaml 
Error from server (Forbidden): error when creating "pvc.yaml": persistentvolumeclaims "nfs-pvc" is forbidden: maximum storage usage per PersistentVolumeClaim is 10Gi, but request is 15Gi