k8s 对pod资源限制
root@slave001:~/yaml# cat case1-pod-memory-limit.yml #apiVersion: extensions/v1beta1 apiVersion: apps/v1 kind: Deployment metadata: name: limit-test-deployment namespace: chuan spec: replicas: 1 selector: matchLabels: #rs or deployment app: limit-test-pod # matchExpressions: # - {key: app, operator: In, values: [ng-deploy-80,ng-rs-81]} template: metadata: labels: app: limit-test-pod spec: containers: - name: limit-test-container image: lorel/docker-stress-ng resources: limits: memory: "110Mi" cpu: 200m requests: memory: "100Mi" #command: ["stress"] args: ["--vm", "2", "--vm-bytes", "256M"] #nodeSelector: # env: group1
注释资源限制 root@slave001:~/yaml# kubectl top po -nchuan NAME CPU(cores) MEMORY(bytes) limit-test-deployment-6c5ff566d5-8nwqc 1872m 516Mi
root@slave001:~/yaml# kubectl top po -nchuan NAME CPU(cores) MEMORY(bytes) limit-test-deployment-7545f64fcc-pwtk4 201m 198Mi
container的资源限制
root@slave001:~/yaml# cat case3-LimitRange.yaml apiVersion: v1 kind: LimitRange metadata: name: limitrange-chuannamespace: chuan spec: limits: - type: Container #限制的资源类型 max: cpu: "2" #限制单个容器的最大CPU memory: "2Gi" #限制单个容器的最大内存 min: cpu: "500m" #限制单个容器的最小CPU memory: "512Mi" #限制单个容器的最小内存 default: cpu: "500m" #默认单个容器的CPU限制 memory: "512Mi" #默认单个容器的内存限制 defaultRequest: cpu: "500m" #默认单个容器的CPU创建请求 memory: "512Mi" #默认单个容器的内存创建请求 maxLimitRequestRatio: cpu: 2 #限制CPU limit/request比值最大为2 memory: 2 #限制内存limit/request比值最大为1.5 - type: Pod max: cpu: "4" #限制单个Pod的最大CPU memory: "4Gi" #限制单个Pod最大内存 - type: PersistentVolumeClaim max: storage: 50Gi #限制PVC最大的requests.storage min: storage: 30Gi #限制PVC最小的requests.storage
root@slave001:~/yaml# kubectl describe LimitRange limitrange-chuan -nchuan Name: limitrange-chuan Namespace: chuan Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Container cpu 500m 2 500m 500m 2 Container memory 512Mi 2Gi 512Mi 512Mi 2 Pod cpu - 4 - - - Pod memory - 4Gi - - - PersistentVolumeClaim storage 30Gi 50Gi - - -
将limit/request=4 po起不来排查 root@slave001:~/yaml# cat case4-pod-RequestRatio-limit.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: chuan-wordpress-deployment-label name: chuan-wordpress-deployment namespace: chuan spec: replicas: 1 selector: matchLabels: app: chuan-wordpress-selector template: metadata: labels: app: chuan-wordpress-selector spec: containers: - name: chuan-wordpress-nginx-container image: nginx:1.16.1 imagePullPolicy: Always ports: - containerPort: 80 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" resources: limits: cpu: 2 memory: 1Gi requests: cpu: 500m memory: 512Mi - name: chuan-wordpress-php-container image: php:5.6-fpm-alpine imagePullPolicy: Always ports: - containerPort: 80 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" resources: limits: cpu: 1 #cpu: 2 memory: 1Gi requests: cpu: 500m memory: 512Mi --- kind: Service apiVersion: v1 metadata: labels: app: chuan-wordpress-service-label name: chuan-wordpress-service namespace: chuan spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 8080 nodePort: 30063 selector: app: chuan-wordpress-selector
root@slave001:~/yaml# kubectl get deploy chuan-wordpress-deployment chuan-wordpress-deployment -nchuan -o json |grep message "message": "Created new replica set \"chuan-wordpress-deployment-5df9c7569d\"", "message": "Deployment does not have minimum availability.", "message": "pods \"chuan-wordpress-deployment-5df9c7569d-cf4xt\" is forbidden: cpu max limit to request ratio per Container is 2, but provided ratio is 4.000000", "message": "Created new replica set \"chuan-wordpress-deployment-5df9c7569d\"", "message": "Deployment does not have minimum availability.", "message": "pods \"chuan-wordpress-deployment-5df9c7569d-cf4xt\" is forbidden: cpu max limit to request ratio per Container is 2, but provided ratio is 4.000000",
#针对namespace的资源限制
root@slave001:~yaml# cat case6-ResourceQuota-chuan.yaml apiVersion: v1 kind: ResourceQuota metadata: name: quota-chuannamespace: chuan spec: hard: requests.cpu: "5.5" limits.cpu: "5.5" requests.memory: 11Gi limits.memory: 11Gi # requests.nvidia.com/gpu: 4 pods: "20" services: "20"
root@slave001:~/yaml# cat case7-namespace-pod-limit-test.yaml kind: Deployment apiVersion: apps/v1 metadata: labels: app: chuan-nginx-deployment-label name: chuan-nginx-deployment namespace: chuan spec: replicas: 5 selector: matchLabels: app: chuan-nginx-selector template: metadata: labels: app: chuan-nginx-selector spec: containers: - name: chuan-nginx-container image: nginx:1.16.1 imagePullPolicy: Always ports: - containerPort: 80 protocol: TCP name: http env: - name: "password" value: "123456" - name: "age" value: "18" resources: limits: cpu: 1 memory: 1Gi requests: cpu: 500m memory: 512Mi --- kind: Service apiVersion: v1 metadata: labels: app: chuan-nginx-service-label name: chuan-nginx-service namespace: chuan spec: type: NodePort ports: - name: http port: 80 protocol: TCP targetPort: 80 #nodePort: 30033 selector: app: chuan-nginx-selector
root@slave001:~/yaml# kubectl get deploy chuan-nginx-deployment -nchuan -o json |grep message "message": "ReplicaSet \"chuan-nginx-deployment-5b965ff867\" has successfully progressed.", "message": "Deployment does not have minimum availability.", "message": "pods \"chuan-nginx-deployment-5b965ff867-ts8hc\" is forbidden: exceeded quota: quota-chuan, requested: limits.cpu=1, used: limits.cpu=5, limited: limits.cpu=5500m",