By default, we all know that the container can run unlimited use of computing resources on Kubernetes cluster. For a greater emphasis on reliability, availability, technology platform is concerned, this is clearly not acceptable.
In kubernetes to implement restrictions on the use of resources, mainly through two technologies:
- Resource Quotas resource usage quota management
- Limit the number of resource use restrictions Ranges
When multiple users or groups to share with a fixed number of nodes of the cluster, a resource may be worried that the team might use more than their fair share of resources. Resource Quotas
Aims to provide a restriction on the use of computing resources, storage resources, as well as various other k8s resource object, the main function is to limit the maximum number of use.
Use resource quota, cluster administrators can limit the consumption of resources and create the basis of the namespace. If necessary, you can create for each of the technical team and a use namespace
, and then configure a namespace based on Resource Quotas
maximum resource usage quota can be. This feature configuration is relatively simple, we need to learn more about the students look here .
This article is to discuss a Limit Ranges
number of resources to use to limit the use of functions. This feature is mainly concerned with the entry into force of the particle size using an absolute limit on the number of resource constraints but also finer cpu, memory and storage resources within a namespace number. It is a strategy to limit the scope of the use of resources in a namespace bound by Pod or Container.
Check whether the next cluster API function plug-ins enable the LimitRanger
Execution systemctl status kube-apiserver
to ensure that you see in the output --enable-admission-plugins=
parameter values are included in the LimitRanger
plug-in.
Create a default policy that specified limit global namespace into force
Suppose we have a named development
namespace.
The default resource limits rule yaml definition:
apiVersion: v1
kind: LimitRange
metadata:
name: development-limit-range
namespace: development
spec:
limits:
- max:
cpu: "8"
memory: "24Gi"
min:
cpu: "500m"
memory: "1Gi"
default:
cpu: "2"
memory: "8Gi"
defaultRequest:
cpu: "1"
memory: "2Gi"
type: Container
- Provides for container development namespace, you can create, the maximum allowed, the minimum and the default resource constraints.
- When you create a Pod, limit the number of computing resources can not be specified, it will automatically take effect by default value development space.
- In the above rule specifies the minimum, within the range of the maximum number of resources, allowing the user to customize the amount of computing resources required to use the container.
Complete the creation of the default resource restriction rules
$ kubectl create -f development-limit-range.yaml
limitrange/development-limit-range created
The default resource limits Rules View development namespace
$ kubectl describe limitrange development-limit-range
Name: development-limit-range
Namespace: development
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 500m 8 1 2 -
Container memory 1Gi 24Gi 2Gi 8Gi -
Create a container and limit container resource needs
Creating a common container
In this test container, we do not set any restrictions relating to the use of the resource content.
apiVersion: v1
kind: Pod
metadata:
name: test-server1
namespace: development
spec:
containers:
- name: test-server1
image: centos:6
ports:
- containerPort: 8080
Creating a specified resource individualized needs of container
As shown, for applying a 4-core CPU + 12GB memory computing resources.
apiVersion: v1
kind: Pod
metadata:
name: test-server2
namespace: development
spec:
containers:
- name: test-server2
image: centos:6
ports:
- containerPort: 8080
resources:
limits:
cpu: "4"
memory: 12Gi
requests:
cpu: "1"
memory: 2Gi
See Comparative lower container both the resources of the running property values
$ kubectl get pod test-server1 -o json|jq ".spec.containers[0].resources"
{
"limits": {
"cpu": "2",
"memory": "8Gi"
},
"requests": {
"cpu": "1",
"memory": "2Gi"
}
}
$ kubectl get pod test-server2 -o json|jq ".spec.containers[0].resources"
{
"limits": {
"cpu": "4",
"memory": "12Gi"
},
"requests": {
"cpu": "1",
"memory": "2Gi"
}
}
- You can see when any resource limit is not specified, the namespace is taken directly from the development of the rules of the default settings. Effect container
test-server1
shown in FIG. - When providing custom resource requirements, set by resource usage restrictions apply. Effect container
test-server2
shown in FIG. - Since the definition of a limit on the number of containers globally valid minimum resources and maximum available resources in the command space, so when you apply for more than 8-core CPU or memory 24Gi, it will directly return information creation failed.
For example, to create such a big eaters:
apiVersion: v1
kind: Pod
metadata:
name: test-server3
namespace: development
spec:
containers:
- name: test-server3
image: centos:6
ports:
- containerPort: 8080
resources:
limits:
cpu: "4"
memory: 32Gi
When creating a command execution will return directly following error message:
$ kubectl create -f test-server3-pod.yaml
Error from server (Forbidden): error when creating "test-server3-pod.yaml": pods "test-server3" is forbidden: maximum memory usage per Container is 24Gi, but limit is 32Gi.
This article only restrictions on resource function to achieve a simple introduction and examples of the ideas, the students need to know more details, please venue's official website https://kubernetes.io/docs/concepts/policy/limit-range/ this page.