配额

1、给namespace设置Pod配额

# 编写 quota-pod.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: pod-quato
spec:
  hard:
    pods: "2"

#给andriy-dang设置pod配额
kubectl create -f quota-pod.yaml --namespace=andriy-dang

#查看配额信息
kubectl get resourcequota pod-quato --namespace=andriy-dang --output=yaml
	apiVersion: v1
	kind: ResourceQuota
	metadata:
	  creationTimestamp: 2018-03-14T05:34:26Z
	  name: pod-quato
	  namespace: andriy-dang
	  resourceVersion: "209063"
	  selfLink: /api/v1/namespaces/andriy-dang/resourcequotas/pod-quato
	  uid: 5be0e7f4-2749-11e8-ad43-d00d8f137bac
	spec:
	  hard:
	    pods: "2"
	status:
	  hard:
	    pods: "2"
	  used:
	    pods: "1"

#创建deployment验证pod配额
编写quota-deploy.yaml
	apiVersion: apps/v1beta1
	kind: Deployment
	metadata:
	  name: deploy-quota-demo
	  namespace: andriy-dang
	spec:
	  replicas: 3
	  template:
	    metadata:
	      labels:
	        purpose: quota-demo
	    spec:
	      containers:
	      - name: pod-quota-demo
	        image: nginx

#创建deployment
kubectl create -f quota-deploy.yaml

#查看deployment详细信息(可以看出只创建了一个pod)

kubectl get deployment -n andriy-dang deploy-quota-demo -o yaml
	status:
 	 availableReplicas: 1

kubectl describe deployment deploy-quota-demo -n andriy-dang
	Name:                   deploy-quota-demo
	Namespace:              andriy-dang
	CreationTimestamp:      Wed, 14 Mar 2018 13:45:08 +0800
	Labels:                 purpose=quota-demo
	Annotations:            deployment.kubernetes.io/revision=1
	Selector:               purpose=quota-demo
	Replicas:               3 desired | 1 updated | 1 total | 1 available | 2 unavailable
	StrategyType:           RollingUpdate
	MinReadySeconds:        0
	RollingUpdateStrategy:  25% max unavailable, 25% max surge
	Pod Template:
	  Labels:  purpose=quota-demo
	  Containers:
	   pod-quota-demo:
	    Image:        nginx
	    Port:         <none>
	    Environment:  <none>
	    Mounts:       <none>
	  Volumes:        <none>
	Conditions:
	  Type             Status  Reason
	  ----             ------  ------
	  Available        False   MinimumReplicasUnavailable
	  ReplicaFailure   True    FailedCreate
	  Progressing      True    ReplicaSetUpdated
	OldReplicaSets:    <none>
	NewReplicaSet:     deploy-quota-demo-6fc6b469cb (1/3 replicas created)
	Events:
	  Type    Reason             Age   From                   Message
	  ----    ------             ----  ----                   -------
	  Normal  ScalingReplicaSet  24s   deployment-controller  Scaled up replica set deploy-			quota-demo-6fc6b469cb to 3

2、为namespace设置CPU配额

#设置cpu资源配额(请求为0.5,最大为1)
编写 quota-cpu.yaml
	apiVersion: v1
	kind: LimitRange
	metadata:
	  name: cpu-limit-range
	spec:
	  limits:
	  - default:
	      cpu: 1
	    defaultRequest:
	      cpu: 0.5
    	type: Container

#为andriy-dang设置配额
kubectl create -f quota-cpu.yaml --namespace=andriy-dang

#创建Pod(不指定CPU值,该容器会被赋予一个默认的CPU请求值0.5和一个默认的CPU限额值1)
编写 cpu-test.yaml
	apiVersion: v1
	kind: Pod
	metadata:
	  name: cpu-test
	  namespace: andriy-dang
	spec:
	  containers:
	  - name: cpu-test
	    image: nginx

#查看Pod配置
kubectl get pod -n andriy-dang cpu-test -o yaml
	spec:
 	 containers:
 	 - image: nginx
 	   imagePullPolicy: Always
 	   name: cpu-test
 	   resources:
 	     limits:
 	       cpu: "1"
 	     requests:
 	       cpu: 500m

#如果指定了最大值,为指定请求值,Pod的请求值会等于最大值
	apiVersion: v1
	kind: Pod
	metadata:
	  name: cpu-test-2
	spec:
	  containers:
	  - name: cpu-test-2
	    image: nginx
	    resources:
	      limits:
	        cpu: "1"

输出:
resources:
  limits:
    cpu: "1"
  requests:
    cpu: "1"

#如果指定了请求值,为指定最大值,Pod的CPU最大值会默认为1
	apiVersion: v1
	kind: Pod
	metadata:
	  name: cpu-test-3
	spec:
	  containers:
	  - name: cpu-test-3
	    image: nginx
	    resources:
	      requests:
	        cpu: "0.75"

输出:
resources:
  limits:
    cpu: "1"
  requests:
    cpu: 750m

3、为 Namespace 配置默认的内存请求与限额

#创建 quota-mem.yaml
	apiVersion: v1
	kind: LimitRange
	metadata:
	  name: mem-quota
	spec:
	  limits:
	  - default:
	      memory: 512Mi
	    defaultRequest:
	      memory: 256Mi
	    type: Container

#为andriy-dang设置配额
kubectl create -f quota-mem.yaml --namespace=andriy-dang

#创建Pod(不指定memory值时,容器会配置默认namespace的配额)
编写 mem-test.yaml
	apiVersion: v1
	kind: Pod
	metadata:
	  name: mem-test
	  namespace: andriy-dang
	spec:
	  containers:
	  - name: mem-test
	    image: nginx

#查看Pod信息
kubectl get pod -n andriy-dang mem-test -o yaml
	spec:
	  containers:
	  - image: nginx
	    imagePullPolicy: Always
	    name: mem-test
	    resources:
	      limits:
	        memory: 512Mi
	      requests:
	        memory: 256Mi

#如果指定了最大值,为指定请求值,容器的最大值及请求值均为最大值
apiVersion: v1
kind: Pod
metadata:
  name: mem-test-2
spec:
  containers:
  - name: mem-test-2
    image: nginx
    resources:
      limits:
        memory: "1Gi"

 输出:
 resources:
  limits:
    memory: 1Gi
  requests:
    memory: 1Gi

#如果指定了请求值,为指定最大值,容器的最大值为namespace的最大值
apiVersion: v1
kind: Pod
metadata:
  name: mem-test-3
spec:
  containers:
  - name: mem-test-3
    image: nginx
    resources:
      requests:
        memory: "128Mi"

输出:
resources:
  limits:
    memory: 512Mi
  requests:
    memory: 128Mi

4、为 Namespace 设置最小和最大内存限制

#创建 quota-mem-max-min.yaml
	apiVersion: v1
	kind: LimitRange
	metadata:
	  name: mem-min-max
	spec:
	  limits:
	  - max:
	      memory: 1Gi
	    min:
	      memory: 500Mi
	    type: Container

#为andriy-dang设置限制
kubectl create -f quota-mem-max-min.yaml --namespace=andriy-dang

#查看限制信息
kubectl get limitrange mem-min-max --namespace=andriy-dang -o yaml
	apiVersion: v1
	kind: LimitRange
	metadata:
	  creationTimestamp: 2018-03-14T08:06:58Z
	  name: mem-min-max
	  namespace: andriy-dang
	  resourceVersion: "220491"
	  selfLink: /api/v1/namespaces/andriy-dang/limitranges/mem-min-max
	  uid: aad20856-275e-11e8-ad43-d00d8f137bac
	spec:
	  limits:
	  - default:
	      memory: 1Gi
	    defaultRequest:
	      memory: 1Gi
	    max:
	      memory: 1Gi
	    min:
	      memory: 500Mi
	    type: Container

现在,每当在 andriy-dang namespace 中创建一个容器时,Kubernetes 都会执行下列步骤:

  • 如果容器没有指定自己的内存请求(request)和限制(limit),系统将会为其分配默认值。
  • 验证容器的内存请求大于等于 500 MiB。
  • 验证容器的内存限制小于等于 1 GiB。

使用以下不同限制的yaml创建pod

1、配置符合 LimitRange 施加的最小和最大内存限制

# mem-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: men-test
  namespace: andriy-dang
spec:
  containers:
  - name: mem-test
    image: nginx
    resources:
      limits:
        memory: "800Mi"
      requests:
        memory: "600Mi"

#输出结果:创建成功
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: mem-test
    resources:
      limits:
        memory: 800Mi
      requests:
        memory: 600Mi

2、创建一个超过最大内存限制的 Pod

# mem-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: men-test
  namespace: andriy-dang
spec:
  containers:
  - name: mem-test
    image: nginx
    resources:
      limits:
        memory: "1.5Gi"
      requests:
        memory: "600Mi"

#输出结果:kubectl create -f mem-max-min-test.yaml
Error from server (Forbidden): error when creating "mem-max-min-test.yaml": pods "men-test" is forbidden: maximum memory usage per Container is 1Gi, but limit is 1536Mi.

3、创建一个不符合最小内存请求的 Pod

# mem-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: men-test
  namespace: andriy-dang
spec:
  containers:
  - name: mem-test
    image: nginx
    resources:
      limits:
        memory: "800Mi"
      requests:
        memory: "100Mi"

输出结果:kubectl create -f mem-max-min-test.yaml
Error from server (Forbidden): error when creating "mem-max-min-test.yaml": pods "men-test" is forbidden: minimum memory usage per Container is 500Mi, but request is 100Mi.

4、创建一个没有指定任何内存请求和限制的 Pod

# mem-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: men-test
  namespace: andriy-dang
spec:
  containers:
  - name: mem-test
    image: nginx

#输出结果:创建成功
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: mem-test
    resources:
      limits:
        memory: 1Gi
      requests:
        memory: 1Gi

5、为 Namespace 配置CPU和内存配额

#创建ResourceQuota对象 quota-mem-cpu.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: mem-cpu-test
spec:
  hard:
    requests.cpu: "1"
    requests.memory: 1Gi
    limits.cpu: "2"
    limits.memory: 2Gi

#为andriy-dang设置mem、CPU配额
kubectl create -f quota-mem-cpu.yaml -n andriy-dang

#查看配额信息
kubectl get resourcequota -n andriy-dang mem-cpu-test -o yaml
	apiVersion: v1
	kind: ResourceQuota
	metadata:
	  creationTimestamp: 2018-03-15T03:01:54Z
	  name: mem-cpu-test
	  namespace: andriy-dang
	  resourceVersion: "303347"
	  selfLink: /api/v1/namespaces/andriy-dang/resourcequotas/mem-cpu-test
	  uid: 3746b8bb-27fd-11e8-ad43-d00d8f137bac
	spec:
	  hard:
	    limits.cpu: "2"
	    limits.memory: 2Gi
	    requests.cpu: "1"
	    requests.memory: 1Gi
	status:
	  hard:
	    limits.cpu: "2"
	    limits.memory: 2Gi
	    requests.cpu: "1"
	    requests.memory: 1Gi
	  used:
	    limits.cpu: "0"
	    limits.memory: "0"
	    requests.cpu: "0"
	    requests.memory: "0"

1、创建一个Pod

# mem-cpu-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mem-cpu-test
  namespace: andriy-dang
spec:
  containers:
  - name: mem-cpu-test
    image: nginx
    resources:
      limits:
        memory: "800Mi"
        cpu: "800m"
      requests:
        memory: "600Mi"
        cpu: "400m"

#查看资源配额使用情况
kubectl get resourcequota -n andriy-dang mem-cpu-test -o yaml
	apiVersion: v1
	kind: ResourceQuota
	metadata:
	  creationTimestamp: 2018-03-15T03:01:54Z
	  name: mem-cpu-test
	  namespace: andriy-dang
	  resourceVersion: "303742"
	  selfLink: /api/v1/namespaces/andriy-dang/resourcequotas/mem-cpu-test
	  uid: 3746b8bb-27fd-11e8-ad43-d00d8f137bac
	spec:
	  hard:
	    limits.cpu: "2"
	    limits.memory: 2Gi
	    requests.cpu: "1"
	    requests.memory: 1Gi
	status:
	  hard:
	    limits.cpu: "2"
	    limits.memory: 2Gi
	    requests.cpu: "1"
	    requests.memory: 1Gi
	  used:
	    limits.cpu: 800m
	    limits.memory: 800Mi
	    requests.cpu: 400m
	    requests.memory: 600Mi

2、创建第二个Pod

# mem-cpu-test02.yaml
apiVersion: v1
kind: Pod
metadata:
  name: mem-cpu-test02
spec:
  containers:
  - name: mem-cpu-test02
    image: redis
    resources:
      limits:
        memory: "1Gi"
        cpu: "800m"
      requests:
        memory: "700Mi"
        cpu: "400m"

# 输出结果:创建失败
kubectl create -f mem-cpu-test02.yaml
	Error from server (Forbidden): error when creating "mem-cpu-test02.yaml": pods "mem-cpu-test02" is forbidden: exceeded quota: mem-cpu-test, requested: requests.memory=700Mi, used: requests.memory=600Mi, limited: requests.memory=1Gi

6、为 Namespace 配置最小和最大 CPU 限制

#创建一个 LimitRange:quota-cpu-max-min.yaml
apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-min-max-test
spec:
  limits:
  - max:
      cpu: "800m"
    min:
      cpu: "200m"
    type: Container

#为andriy-dang设置最大最小限制
kubectl create -f quota-cpu-max-min.yaml -n andriy-dang

#查看限制信息
kubectl get limitrange -n andriy-dang cpu-min-max-test -o yaml
	apiVersion: v1
	kind: LimitRange
	metadata:
	  creationTimestamp: 2018-03-15T03:18:01Z
	  name: cpu-min-max-test
	  namespace: andriy-dang
	  resourceVersion: "304549"
	  selfLink: /api/v1/namespaces/andriy-dang/limitranges/cpu-min-max-test
	  uid: 77cb378a-27ff-11e8-ad43-d00d8f137bac
	spec:
	  limits:
	  - default:
	      cpu: 800m
	    defaultRequest:
	      cpu: 800m
	    max:
	      cpu: 800m
	    min:
	      cpu: 200m
	    type: Container

现在,每当在 andriy-dang namespace 中创建一个容器时,Kubernetes 都会执行下列步骤:

  • 如果容器没有指定自己的 CPU 请求(CPU request)和限制(CPU limit),系统将会为其分配默认值。
  • 验证容器的 CPU 请求大于等于 200 millicpu。
  • 验证容器的 CPU 限制小于等于 800 millicpu。

使用以下不同限制的yaml创建pod

1、配置符合 LimitRange 施加的最小和最大内存限制

# cpu-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: cpu-test
  namespace: andriy-dang
spec:
  containers:
  - name: cpu-test
    image: nginx
    resources:
      limits:
        cpu: "800m"
      requests:
        cpu: "500m"

#输出结果:创建成功
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: cpu-test
    resources:
      limits:
        cpu: 800m
      requests:
        cpu: 500m

2、创建一个超过最大CPU限制的 Pod

# cpu-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: cpu-test
  namespace: andriy-dang
spec:
  containers:
  - name: cpu-test
    image: nginx
    resources:
      limits:
        cpu: "1.5"
      requests:
        cpu: "500m"

#输出结果:kubectl create -f cpu-max-min-test.yaml
Error from server (Forbidden): error when creating "cpu-max-min-test.yaml": pods "cpu-test" is forbidden: maximum cpu usage per Container is 800m, but limit is 1500m.

3、创建一个不符合最小CPU请求的 Pod

# cpu-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: cpu-test
  namespace: andriy-dang
spec:
  containers:
  - name: cpu-test
    image: nginx
    resources:
      limits:
        cpu: "800m"
      requests:
        cpu: "100m"

输出结果:kubectl create -f cpu-max-min-test.yaml
Error from server (Forbidden): error when creating "cpu-max-min-test.yaml": pods "cpu-test" is forbidden: minimum cpu usage per Container is 200m, but request is 100m.

4、创建一个没有指定任何内存请求和限制的 Pod

# cpu-max-min-test.yaml
apiVersion: v1
kind: Pod
metadata:
  name: cpu-test
  namespace: andriy-dang
spec:
  containers:
  - name: cpu-test
    image: nginx

#输出结果:创建成功
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: cpu-test
    resources:
      limits:
        cpu: 800m
      requests:
        cpu: 800m

7、给Pod配置服务质量等级

1、创建一个 Pod 并分配 QoS 等级为 Guaranteed

想要给 Pod 分配 QoS 等级为 Guaranteed:

  • Pod 里的每个容器都必须有内存限制和请求,而且必须是一样的。

  • Pod 里的每个容器都必须有 CPU 限制和请求,而且必须是一样的。

    qos-pod.yaml

    apiVersion: v1
    kind: Pod
    metadata:
    name: qos-test
    namespace: andriy-dang
    spec:
    containers:
    - name: qos-test
    image: nginx
    resources:
    limits:
    memory: “200Mi”
    cpu: “700m”
    requests:
    memory: “200Mi”
    cpu: “700m”

2、创建一个 Pod 并分配 QoS 等级为 Burstable

当出现下面的情况时,则是一个 Pod 被分配了 QoS 等级为 Burstable :

  • 该 Pod 不满足 QoS 等级 Guaranteed 的要求。

  • Pod 里至少有一个容器有内存或者 CPU 请求。

    qos-pod2.yaml

    apiVersion: v1
    kind: Pod
    metadata:
    name: qos-test-2
    namespace: andriy-dang
    spec:
    containers:
    - name: qos-test-2
    image: nginx
    resources:
    limits:
    memory: “200Mi”
    requests:
    memory: “100Mi”

3、创建一个 Pod 并分配 QoS 等级为 BestEffort

要给一个 Pod 配置 BestEffort 的 QoS 等级, Pod 里的容器必须没有任何内存或者 CPU 的限制或请求。

# qos-pod3.yaml
apiVersion: v1
kind: Pod
metadata:
  name: qos-test-3
  namespace: andriy-dang
spec:
  containers:
  - name: qos-test-3
    image: nginx

4、创建一个拥有两个容器的 Pod

这是一个含有两个容器的 Pod 的配置文件,其中一个容器指定了内存申请为 200MB ,另外一个没有任何申请或限制。(QoS 等级为 Burstable)

# qos-pod4.yaml
apiVersion: v1
kind: Pod
metadata:
  name: qos-test-4
spec:
  containers:

  - name: qos-test-4-1
    image: nginx
    resources:
      requests:
        memory: "200Mi"

  - name: qos-test-4-2
    image: redis

8、删除配额

 # 删除对应namespace的配额
 kubectl delete quota -n andriy-dang --all
01-20 09:32