🏆 k8s容器资源限制
⭐️ kubern有两种限制类型来进行资源分配
1.request(资源需求):运行Pod的节点必须满足运行Pod的最基本需求才能运行Pod
2,limit:运行Pod期间,可能内存使用量会增加,最多能使用多少内存,这就是资源限额。(2)资源类型:
CPU 的单位是核心数,内存的单位是字节
一个容器申请0.5个CPU,就相当于申请1个CPU的一半,你也可以加个后缀m 表示千分之一的概念。100m的CPU=0.1个CPU
内存单位:
K、M、G、T、P、E #通常是以1000为换算标准的。
Ki、Mi、Gi、Ti、Pi、Ei #通常是以1024为换算标准的
⭐️ 容器资源限制的类型
🍪 内存
1️⃣ stress是压力测试的镜像
[root@master resources]# cat pod-ram.yaml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: joedval/stress:latest
args:
- --vm ##1vm默认=250mb
- "1"
- --vm-bytes ##修改vm的内存为256mb
- 200M
resources:
requests:
memory: 50Mi ##最小内存
limits:
memory: 100Mi ##最大内存
-n, --dry-run show what would have been done // 指定运行多少秒
-t, --timeout N timeout after N seconds // 等待xx微秒后才开始运行
--backoff N wait factor of N microseconds before work starts // 产生多个处理sqrt()函数的CPU进程-c, --cpu N spawn N workers spinning on sqrt() // 产生多个处理sync()函数的磁盘I/O进程
-i, --io N spawn N workers spinning on sync()
-m, --vm N spawn N workers spinning on malloc()/free()
--vm-bytes B malloc B bytes per vm worker (default is 256MB)--vm-stride B touch a byte every B bytes (default is 4096)--vm-hang N sleep N secs before free (default none, 0 is inf)--vm-keep redirty memory instead of freeing and reallocating-d, --hdd N spawn N workers spinning on write()/unlink() --hdd-bytes B write B bytes per hdd worker (default is 1GB)
2️⃣ 查看 pod
[root@master resources]# kubectl get pod
memory-demo 0/1 CrashLoopBackOff 8 6m26s
[root@master resources]# kubectl describe pod memory-demo
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: OOMKilled ##内存溢出
2️⃣ 修改内存限制
[root@master resources]# kubectl delete pod memory-demo ##删除旧pod
[root@master resources]# cat pod-ram.yaml
apiVersion: v1
kind: Pod
metadata:
name: memory-demo
spec:
containers:
- name: memory-demo
image: joedval/stress:latest
args:
- --vm
- "1"
- --vm-bytes
- 90M
resources:
requests:
memory: 50Mi
limits:
memory: 100Mi
[root@master resources]# kubectl apply -f pod-ram.yaml
pod/memory-demo created
##启动成功
[root@master resources]# kubectl get pod
memory-demo 1/1 Running 0 57s
🍪 Cpu
1️⃣ 编写 yaml文件
[root@master resources]# cat pod-cpu.yaml
apiVersion: v1
kind: Pod
metadata:
name: cpu-pod
spec:
containers:
- image: joedval/stress:latest
name: cpu-pod
args:
- c
- "1"
resources:
requests:
cpu: "1"
limits:
cpu: "1"
2️⃣ 执行
[root@master resources]# kubectl apply -f pod-cpu.yaml
pod/cpu-pod created
##资源够可以启动
[root@master resources]# kubectl get pod
cpu-pod 1/1 Running 0 8m16s
3️⃣ 修改资源配置
[root@master resources]# cat pod-cpu.yaml
apiVersion: v1
kind: Pod
metadata:
name: cpu-pod
spec:
containers:
- image: joedval/stress
name: cpu-pod
args:
- -c
- "1"
resources:
requests:
cpu: "500M"
limits:
cpu: "900M"
4️⃣ 启动查看,他就会一直调度,产生调度失败是因为申请的CPU资源超出集群节点所能提供的资源,但CPU 使用率过高,不会被杀死
[root@master resources]# kubectl get pod
cpu-pod 0/1 Pending 0 7s
⭐️ 为namespace设置资源限制
LimitRange 在 namespace 中施加的最小和最大内存限制只有在创建和更新 Pod 时才会被应用。改变 LimitRange 不会对之前创建的 Pod 造成影响
[root@master resources]# cat pod-limitrange.yml
apiVersion: v1
kind: LimitRange
metadata:
name: limit-namespece
spec:
limits:
- default: ##默认的最大配额,就是如果你创建pod没有指定pod那就是这个pod
cpu: 1
memory: 300Mi
defaultRequest: ##同上,最小,这个值不能超过min
cpu: 0.5
memory: 100Mi
max: ##假如你在创建pod的时候使用配额最大就只能是这个配额
memory: 300Mi
cpu: 2
min: ##同上最小
memory: 100Mi
cpu: 0.5
type: Container ##适合配额的类型
1️⃣ 创建
[root@master resources]# kubectl apply -f pod-limitrange.yml
limitrange/limit-namespece created
##查看limitrange
[root@master resources]# kubectl get limits
NAME CREATED AT
limit-namespece 2021-09-16T12:18:35Z
2️⃣ 创建配置 pod
[root@master resources]# cat pod-cpu.yaml
apiVersion: v1
kind: Pod
metadata:
name: cpu-pod
spec:
containers:
- image: joedval/stress
name: cpu-pod
args:
- -c
- "2"
resources:
requests:
cpu: "2" #最小
limits:
cpu: "3"
##可以看到失败了,即使他在yml配置的配额内
[root@master resources]# kubectl apply -f pod-cpu.yaml
Error from server (Forbidden): error when creating "pod-cpu.yaml": pods "cpu-pod" is forbidden: maximum cpu usage per Container is 2, but limit is 3
3️⃣ 为 namspace设置 reuquset限制
[root@master resources]# cat pod-resourcequot.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: pod-resourcequota
spec:
hard:
requests.cpu: "1" ##至少有一个CPU
requests.memory: "500Mi" ##至少有500M内存
limits.cpu: "2" ##最多2个cpu
etadata:
name: pod-resourcequota
spec:
hard:
requests.cpu: "1" ##至少有一个CPU
requests.memory: "500Mi" ##至少有500M内存
limits.cpu: "2" ##最多2个cpu
limits.memory: "1Gi" ##最多1g内存
[root@master resources]# kubectl delete -f pod-limitrange.yml
limitrange "limit-namespece" deleted
##运行一个容器
[root@master resources]# kubectl run myapp --image=kmckenzie/myapp:v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/myapp created
[root@master resources]# kubectl get pod
myapp-769ffcfc6c-wq8p5 1/1 Running 0 4s
### 可以正常运行
[root@master resources]# kubectl apply -f pod-resourcequot.yaml
resourcequota/pod-resourcequota created
##查看
[root@master resources]# kubectl describe resourcequota
Name: pod-resourcequota
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 1 2
limits.memory 300Mi 1Gi
requests.cpu 500m 1
requests.memory 100Mi 500Mi ##可以看见使用了多少我们在多创建几个
4️⃣ 多创建几个
[root@master resources]# kubectl run myapp2 --image=kmckenzie/myapp:v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/myapp2 created
[root@master resources]# kubectl run myapp3 --image=kmckenzie/myapp:v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/myapp3 created
[root@master resources]# kubectl run myapp4 --image=kmckenzie/myapp:v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/myapp4 created
###会发现myapp3,4容器并没有起来
[root@master resources]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-769ffcfc6c-lktz9 1/1 Running 0 87s
myapp2-6c4b4d6df9-4plkm 1/1 Running 0 17s
5️⃣ 再来查看一个 urcequota,发现只要达到其中一个限额他就不会继续创建成功
[root@master resources]# kubectl describe resourcequota
Name: pod-resourcequota
Namespace: default
Resource Used Hard
-------- ---- ----
limits.cpu 2 2 ##可以看见cpu已经达到限额了
limits.memory 600Mi 1Gi
requests.cpu 1 1
requests.memory 200Mi 500Mi
⭐️ 为 namespace创建 Pod限额
1️⃣ 先把之前的限额删掉
[root@master resources]# kubectl delete -f pod-limitrange.yml
limitrange "limit-namespece" deleted
[root@master resources]# kubectl delete -f pod-resourcequot.yaml
resourcequota "pod-resourcequota" deleted
2️⃣ 编写配置
[root@master resources]# cat namespec-pod.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: resourcequota-pod
spec:
hard:
pods: "3"
3️⃣ 运行3个pod运行成功
[root@master resources]# kubectl run myapp3 --image=kmckenzie/myapp:v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/myapp3 created
[root@master resources]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-769ffcfc6c-lktz9 1/1 Running 0 11m
myapp2-6c4b4d6df9-4plkm 1/1 Running 0 10m
myapp3-664b99bb45-9fxsk 1/1 Running 0 3s
4️⃣ 运行4个 pod,发现无法运行启动
[root@master resources]# kubectl run myapp4 --image=kmckenzie/myapp:v1
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/myapp4 create
[root@master resources]# kubectl get pod
NAME READY STATUS RESTARTS AGE
myapp-769ffcfc6c-lktz9 1/1 Running 0 11m
myapp2-6c4b4d6df9-4plkm 1/1 Running 0 10m
myapp3-664b99bb45-9fxsk 1/1 Running 0 35s
