The popularity of Docker has activated PaaS, which has been tepid. With the emergence of various Micro-PaaS, Kubernetes is the most representative one. It is an open source version of Google's large-scale container management technology for many years. . This series of articles will analyze Kubernetes one by one. This article mainly introduces the resource management mechanism (Limit Range and Resource Quota) of Kubernetes through an example.
Kubernetes resource management
As a container management platform, it is inevitable to deploy multiple sets of applications. If there is no reasonable resource management mechanism, the application's demand for resources is not limited, then all resources will be exhausted quickly and other applications will be affected. Therefore, it is necessary to allocate resources reasonably, which is a subject that needs to be accumulated.
Resource isolation and restriction are the basic capabilities of PaaS. Kubernetes also has a preliminary design for this. There are three levels of resource restriction, which are at the Container, Pod, and Namespace levels. The Container layer mainly uses the support of the container itself, such as Docker's support for CPU, memory, etc.; Pod can limit the scope of resources for creating Pods in the system, such as the maximum or minimum CPU and memory requirements; Namespace level is the resource limit for the user level Now, including CPU, memory, you can also limit the number of Pod, rc, and service.
There are two elements in Kubernetes, Limit Range and Resource Quota, which are used for resource management. The following will introduce an example.
Note: kube-apiserver startup parameters need to be set "--admission_control=LimitRanger,ResourceQuota..."
Example
First create a namespace,
namespace.yaml:
apiVersion: v1 kind: Namespace metadata: name: quota-example
$ kubectl create -f docs/user-guide/resourcequota/namespace.yaml $ kubectl get namespaces NAME LABELS STATUS default <none> Active quota-example <none> Active
By default, namespace has no resource quota. Now set quota for namespace,
quota.yaml:
apiVersion: v1 kind: ResourceQuota metadata: name: quota spec: hard: cpu: "20" memory: 1Gi persistentvolumeclaims: "10" pods: "10" replicationcontrollers: "20" resourcequotas: "1" secrets: "10" services: "5"
$ kubectl create -f docs/user-guide/resourcequota/quota.yaml --namespace=quota-example $ kubectl describe quota quota --namespace=quota-example Name: quota Namespace: quota-example Resource Used Hard -------- ---- ---- cpu 100m 20 memory 536870912 1Gi persistentvolumeclaims 0 10 pods 1 10 replicationcontrollers 1 20 resourcequotas 1 1 secrets 1 10 services 0 5
It can be seen that the resource quota includes two aspects:
- Computing resource quota
cpu Total cpu limits of containers
memory Total memory limits of containers - Kubernetes元素数量限制
pods Total number of pods
services Total number of services
replicationcontrollers Total number of replication controllers
resourcequotas Total number of resource quotas
secrets Total number of secrets
persistentvolumeclaims Total number of persistent volume claims
现在在namespace下创建Pod,
nginx-rc.yaml:
apiVersion: v1 kind: ReplicationController metadata: name: nginx namespace: quota-example labels: name: nginx spec: replicas: 1 selector: name: nginx template: metadata: labels: name: nginx spec: containers: - name: nginx image: nginx
$ kubectl create -f ./niginx-rc.yaml $ kubectl describe rc nginx --namespace=quota-example ... Error creating: Pod "nginx-" is forbidden: Limited to 1Gi memory, but pod has no specified memory limit
因为Pod没有设置资源限制,Kubeneters会拒绝创建Pod。有2种方法可以解决,一是给Pod配置资源限制,
nginx-rc.yaml:
apiVersion: v1 kind: ReplicationController metadata: name: nginx namespace: quota-example labels: name: nginx spec: replicas: 1 selector: name: nginx template: metadata: labels: name: nginx spec: containers: - name: nginx image: nginx resources: limits: cpu: 100m memory: 100Mi
另一种方法是可以设置Pod的默认资源限制:
limits.yaml:
apiVersion: v1 kind: LimitRange metadata: name: limits spec: limits: - default: cpu: 100m memory: 100Mi type: Container
$ kubectl create -f docs/user-guide/resourcequota/limits.yaml --namespace=quota-example $ kubectl describe limits limits --namespace=quota-example Name: limits Namespace: quota-example Type Resource Min Max Default ---- -------- --- --- --- Container cpu - - 100m Container memory - - 100Mi
那么Pod就能创建成功了,那么相应的资源也消耗了:
$ kubectl describe quota quota --namespace=quota-example Name: quota Namespace: quota-example Resource Used Hard -------- ---- ---- cpu 100m 20 memory 104857600 1Gi persistentvolumeclaims 0 10 pods 1 10 replicationcontrollers 1 20 resourcequotas 1 1 secrets 1 10 services 0 5
Limit Range除了可设置Container之外,也可以设置Pod,
limits.yaml: apiVersion: v1 kind: LimitRange metadata: name: mylimits spec: limits: - max: cpu: "2" memory: 1Gi min: cpu: 250m memory: 6Mi type: Pod - default: cpu: 250m memory: 100Mi max: cpu: "2" memory: 1Gi min: cpu: 250m memory: 6Mi type: Container
$ kubectl create -f limits.yaml --namespace=quota-example $ kubectl describe limits mylimits --namespace=quota-example Name: mylimits Type Resource Min Max Default ---- -------- --- --- --- Pod memory 6Mi 1Gi - Pod cpu 250m 2 - Container memory 6Mi 1Gi 100Mi Container cpu 250m 2 250m
这个设置为:
1.一个Pod的所有容器内存使用必须在6Mi ~ 1Gi
2. 一个Pod的所有容器的CPU使用必须在250m ~ 2 cores
3. 一个容器的内存使用必须在6Mi ~ 1Gi, 默认是100Mi
4. 一个容器的CPU使用必须在250m ~ 2 cores, 默认是250m
参考
- https://github.com/GoogleCloud ... ng.md
- https://github.com/google/cadvisor
- https://github.com/GoogleCloudPlatform/heapster
==========================================================
作者简介
吴龙辉,现任网宿科技高级运营工程师,致力于云计算PaaS的研究和实践,活跃于CloudFoundry,Docker,Kubernetes等开源社区,贡献代码和撰写技术文档。 邮箱:[email protected]/[email protected]
来自:http://dockone.io/article/581
http://www.open-open.com/lib/view/open1439386169661.html