每天一点基础K8S--K8S集群中的namespace和资源配额
命名空间 namespace
一个k8s集群由多个物理node组成,可以在k8s集群上创建多个虚拟的k8s集群,以达到资源隔离的目的。
这一点有点类似于网络中的VPN instance,也类似于云环境中常说的VPC。
创建一个namespace
[root@master-worker-node-1 ~]# kubectl create namespace test-20221126
namespace/test-20221126 created
[root@master-worker-node-1 ~]# kubectl get namespaces
NAME STATUS AGE
default Active 33h
kube-node-lease Active 33h
kube-public Active 33h
kube-system Active 33h
test-20221126 Active 8s
namespace资源配合
当多个用户或团队共享具有固定节点数目的集群时,人们会担心有人使用超过其基于公平原则所分配到的资源量。
那么就可以怼namespace进行资源配额配置,该步骤类似于与vpc的资源配额管理。
[root@master-worker-node-1 yaml]# cat namespace-quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: test
namespace: test-20221126
labels:
func: test
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
[root@master-worker-node-1 yaml]# kubectl apply -f namespace-quota.yaml
resourcequota/test created
[root@master-worker-node-1 yaml]# kubectl get resourcequotas -n test-20221126
NAME AGE REQUEST LIMIT
test 72s requests.cpu: 0/1, requests.memory: 0/1Gi limits.cpu: 0/2, limits.memory: 0/2Gi
[root@master-worker-node-1 yaml]# kubectl describe resourcequota -n test-20221126
Name: test
Namespace: test-20221126
Resource Used Hard
-------- ---- ----
limits.cpu 0 2
limits.memory 0 2Gi
requests.cpu 0 1
requests.memory 0 1Gi
test-20221126这个namespace关联了一个test的resourcequota,要求在该命名空间下创建pod时,所有非运行pod的请求总量不能超过requests,并且该namespace下,所有非运行状态的pod的资源总额不能超过limits。
在namespace下创建符合要求的pod
[root@master-worker-node-1 namespace-quota]# cat normal-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: normal
namespace: test-20221126
spec:
containers:
- name: normal
image: busybox:latest
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "2Gi"
cpu: "500m"
command: ['/bin/sh','-c','sleep 12345']
[root@master-worker-node-1 namespace-quota]# kubectl apply -f normal-pod.yaml
pod/normal created
[root@master-worker-node-1 namespace-quota]# kubectl get pods -n test-20221126 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
normal 1/1 Running 0 11s 10.244.31.5 only-worker-node-3 <none> <none>
演示在namespace下创建未指定resources参数的pod
[root@master-worker-node-1 namespace-quota]# cat no-resources.yaml
apiVersion: v1
kind: Pod
metadata:
name: no-resources
namespace: test-20221126
spec:
containers:
- name: no-resources
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ['/bin/sh','-c','sleep 12345']
创建失败,必须指定相应的resources参数
[root@master-worker-node-1 namespace-quota]# kubectl apply -f no-resources.yaml
Error from server (Forbidden): error when creating "no-resources.yaml": pods "no-resources" is forbidden: failed quota: test: must specify limits.cpu for: no-resources; limits.memory for: no-resources; requests.cpu for: no-resources; requests.memory for: no-resources
演示在namespace下创建requests超限的pod
[root@master-worker-node-1 namespace-quota]# cat bigger-than-requests.yaml
apiVersion: v1
kind: Pod
metadata:
name: big-than-requests
namespace: test-20221126
spec:
containers:
- name: big-than-requests
image: busybox:latest
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "3Gi" # 超过requests限制
cpu: "500m"
limits:
memory: "2Gi"
cpu: "500m"
command: ['/bin/sh','-c','sleep 12345']
创建失败,提示超过requests值
[root@master-worker-node-1 namespace-quota]# kubectl apply -f bigger-than-requests.yaml
The Pod "big-than-requests" is invalid: spec.containers[0].resources.requests: Invalid value: "3Gi": must be less than or equal to memory limit
演示在namespace下创建linits超限的pod
[root@master-worker-node-1 namespace-quota]# cat bigger-than-limits.yaml
apiVersion: v1
kind: Pod
metadata:
name: big-than-requests
namespace: test-20221126
spec:
containers:
- name: big-than-requests
image: busybox:latest
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "3Gi" # limit值超过限制
cpu: "500m"
command: ['/bin/sh','-c','sleep 12345']
创建失败。
[root@master-worker-node-1 namespace-quota]# kubectl apply -f bigger-than-limits.yaml
Error from server (Forbidden): error when creating "bigger-than-limits.yaml": pods "big-than-requests" is forbidden: exceeded quota: test, requested: limits.memory=3Gi, used: limits.memory=0, limited: limits.memory=2Gi
补充
上面的实例只写了one-pod-one-container,其实这些资源限制是针对于pod中的所有容器,换言之,下面这种也是超限的,同样会创建失败
[root@master-worker-node-1 namespace-quota]# cat bigger-than-limits-2.yaml
apiVersion: v1
kind: Pod
metadata:
name: big-than-requests
namespace: test-20221126
spec:
containers:
- name: big-than-requests-1
image: busybox:latest
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1Gi" # 单个container的limit满足需求
cpu: "500m"
command: ['/bin/sh','-c','sleep 12345']
- name: big-than-requests-2
image: busybox:latest
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "512Mi"
cpu: "500m"
limits:
memory: "1396Mi" # 单个container的limit满足需求,但是pod中所有的容器加一起,超过了namespace中的limits.cpu限制
cpu: "500m"
command: ['/bin/sh','-c','sleep 12345']
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 无需6万激活码!GitHub神秘组织3小时极速复刻Manus,手把手教你使用OpenManus搭建本
· C#/.NET/.NET Core优秀项目和框架2025年2月简报
· Manus爆火,是硬核还是营销?
· 终于写完轮子一部分:tcp代理 了,记录一下
· Qt个人项目总结 —— MySQL数据库查询与断言