k8s初级实战13--资源限制
1 介绍
k8s 中常见的资源限制包括 内存、cpu、pv容量、pod数量等资源限制。本文主要对上述资源限制加以介绍,并通过案例对其进行相应测试。
2 资源限制用法
常见cpu和内存资源限制可以通过pod.spec.containers.resources 来配置。
cpu 单位一般使用 {数值m} 的形式来标识低于1核心的cpu,如200m为0.2核的cpu,直接定义不带单位的整数表示具体的核数;
内存一般是用 {数值Ki | Mi | Gi | Ti | Pi | Ei} 的形式表示,1024=1Ki,1 Gi = 1024Mi;
# kubectl explain pod.spec.containers.resources
2.1 内存限制
本案例限制最少内存为512M,最大内存为1G
vim mem.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: stress0131
name: stress0131
spec:
containers:
- image: polinux/stress:1.0.4
name: stress0131
command: [sh, -c, 'sleep 1000']
resources:
limits:
memory: 1Gi
requests:
memory: 512Mi
2.2 cpu限制
本案例限制最少0.2核心cpu,最大1核心cpu;
cpu.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: stress0131-cpu
name: stress0131-cpu
spec:
containers:
- image: polinux/stress:1.0.4
name: stress0131
command: [sh, -c, 'sleep 1000']
resources:
limits:
cpu: 1
requests:
memory: 200m
接入容器后,执行 stress -c 2 过一段时间通过kubectl top pod 发现pod的cpu达到1核心了,但是无法变得更高了;
再次将 limits: cpu: 2更改为2后,发现stress -c 2后, pod cpu缓慢上升到2核心了;
2.3 命名空间配额
本案例将default命名空间容器最大cpu设置为1核心,最大内存为1GB;
vim cat ns-cpu-mem.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-min-max-demo-lr
spec:
limits:
- max:
cpu: "1000m"
memory: "1024Mi"
type: Container
# kubectl apply -f ns-cpu-mem.yaml -n default
测试:新建一个大于max cpu 1000m的pod,结果会创建失败
vim cpu-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: constraints-cpu-demo
spec:
containers:
- name: constraints-cpu-demo-ctr
image: nginx:1.19.6
resources:
requests:
cpu: "1500m"
# kubectl apply -f cpu-demo.yaml
输出:
The Pod "constraints-cpu-demo" is invalid: spec.containers[0].resources.requests: Invalid value: "1500m": must be less than or equal to cpu limit
本案例限制 cpu-memory 命名空间最大cpu使用量为2核心,最大内存为2G;
vim quota-mem-cpu.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
# kubectl apply -f quota-mem-cpu.yaml -n cpu-memory
# kubectl get resourcequota mem-cpu-demo -n cpu-memory -o yaml
......
spec:
hard:
limits.cpu: "2"
limits.memory: 2Gi
requests.cpu: "1"
requests.memory: 1Gi
status:
hard:
limits.cpu: "2"
limits.memory: 2Gi
requests.cpu: "1"
requests.memory: 1Gi
used:
limits.cpu: "0"
limits.memory: "0"
requests.cpu: "0"
requests.memory: "0"
新建pod
vim quota-mem-cpu-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: quota-mem-cpu-demo
spec:
containers:
- name: quota-mem-cpu-demo-ctr
image: nginx
resources:
limits:
memory: "1000Mi"
cpu: "1000m"
requests:
memory: "600Mi"
cpu: "400m"
# kubectl apply -f quota-mem-cpu-pod.yaml -n cpu-memory
可以正常新建pod;
若此时新建 quota-mem-cpu-pod2.yaml , requests cpu 和 内存分别为 1600m 和 1500Mi, 则会因为资源超出上限而报错,如下:
# kubectl apply -f quota-mem-cpu-pod2.yaml -n cpu-memory
Error from server (Forbidden): error when creating "quota-mem-cpu-pod2.yaml": pods "quota-mem-cpu-demo2" is forbidden: exceeded quota: mem-cpu-demo, requested: limits.cpu=2,limits.memory=2000Mi,requests.cpu=1600m,requests.memory=1500Mi, used: limits.cpu=1,limits.memory=1000Mi,requests.cpu=400m,requests.memory=600Mi, limited: limits.cpu=2,limits.memory=2Gi,requests.cpu=1,requests.memory=1Gi
2.4 pv容量限制
待添加
3 注意事项
- 实际项目中,可以通过设置每个命名空间的cpu、内存、pod数量来限制各个项目总资源使用量。