全局资源管理概述
· 全局资源配额
- 如果有大量的容器需要设置资源配额,为每个Pod设置资源配额策略不方便且不好管理。管理员可以以名称空间为单位(namespace),限制其资源的使用与创建。在该名称空间中创建的容器都会受到规则的限制。
· k8s支持的全局资源配额方式有:
- 对单个Pod内存、CPU进行配额:LimitRange
- 对资源总量进行配额:ResourceQuota
ResourceQuota
· 限制没有资源配额 Pod 数量
apiVersion: v1
kind: ResourceQuota # 全局资源限额对象
metadata:
name: myquota1 # 规则名称
namespace: work # 规则作用的名称空间
spec:
hard:
pods: 3 # 限制创建资源对象总量
scopes:
- BestEffort # Pod QoS 类型
· 查看限制策略
-myquota1 限制策略
[root@master ~]# kubectl describe namespaces work
Resource Quotas
Name: myquota1
Scopes: BestEffort
* Matches all pods that do not have resource requirements set. These pods have a best effort quality of service.
Resource Used Hard
------ ---- ----
pods 0 3
· 验证配额策略
[root@master ~]# sed 's,app1,app11,' appl.yaml |kubectl -n work apply -f -
[root@master ~]# sed 's,app1,app12,' appl.yaml |kubectl -n work apply -f -
[root@master ~]# sed 's,app1,app13,' appl.yaml |kubectl -n work apply -f -
[root@master ~]# sed 's,app1,app14,' appl.yaml |kubectl -n work apply -f -
Error from server (Forbidden): error when creating "STDIN": pods "app14" is forbidden: exceeded quota: myquota1, requested: pods=1, used: pods=3, limited: pods=3
· 对有配额 Pod 的资源总量限制
apiVersion: v1
kind: ResourceQuota # 全局资源限额对象
metadata:
name: myquota2 # 规则名称
namespace: work # 规则作用的名称空间
spec: # ResourceQuota.spec 定义
hard: # 创建强制规则
pods: 10 # 限制创建资源对象总量
cpu: 2300m # 计算资源配额
memory: 3Gi # 内存资源配额
scopes: # 配置服务质量类型
- NotBestEffort # Pod QoS 类型
· 查看限制策略
- myquota2 限制策略
[root@master ~]# kubectl describe namespaces work
Resource Quotas
Name: myquota2
Scopes: NotBestEffort
* Matches all pods that have at least one resource requirement set. These pods have a burstable or guaranteed quality of service.
Resource Used Hard
-------- ---- ----
cpu 400 2300m
memory 400 3Gi
pods 2 10
· 验证配额策略
[root@master ~]# sed 's,app2,app21,' app2.yaml | kubectl -n work apply -f -
[root@master ~]# sed 's,app2,app22,' app2.yaml | kubectl -n work apply -f -
[root@master ~]# sed 's,app2,app23,' app2.yaml | kubectl -n work apply -f -
[root@master ~]# sed 's,app2,app24,' app2.yaml | kubectl -n work apply -f -
[root@master ~]# sed 's,app2,app25,' app2.yaml | kubectl -n work apply -f -
Error from server (Forbidden): error when creating "STDIN": pods "app25" is forbidden: exceeded quota: myquota2, requested: cpu=400m, used: cpu=2, limited: cpu=2300m