• Pod限额(LimitRange)
    • 1. 为namespace配置CPU和内存的默认值
      • 1.1. namespace的内存默认值
      • 1.2. namespace的CPU默认值
      • 1.3 说明
    • 2. 为namespace配置CPU和内存的最大最小值
      • 2.1. 内存的最大最小值
      • 2.2. CPU的最大最小值
      • 2.3. 说明

    Pod限额(LimitRange)

    ResourceQuota对象是限制某个namespace下所有Pod(容器)的资源限额

    LimitRange对象是限制某个namespace单个Pod(容器)的资源限额

    LimitRange对象用来定义某个命名空间下某种资源对象的使用限额,其中资源对象包括:PodContainerPersistentVolumeClaim

    1. 为namespace配置CPU和内存的默认值

    如果在一个拥有默认内存或CPU限额的命名空间中创建一个容器,并且这个容器未指定它自己的内存或CPU的limit, 它会被分配这个默认的内存或CPU的limit。既没有设置pod的limitrequest才会分配默认的内存或CPU的request

    1.1. namespace的内存默认值

    1. # 创建namespace
    2. $ kubectl create namespace default-mem-example
    3. # 创建LimitRange
    4. $ cat memory-defaults.yaml
    5. apiVersion: v1
    6. kind: LimitRange
    7. metadata:
    8. name: mem-limit-range
    9. spec:
    10. limits:
    11. - default:
    12. memory: 512Mi
    13. defaultRequest:
    14. memory: 256Mi
    15. type: Container
    16. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-defaults.yaml --namespace=default-mem-example
    17. # 创建Pod,未指定内存的limit和request
    18. $ cat memory-defaults-pod.yaml
    19. apiVersion: v1
    20. kind: Pod
    21. metadata:
    22. name: default-mem-demo
    23. spec:
    24. containers:
    25. - name: default-mem-demo-ctr
    26. image: nginx
    27. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-defaults-pod.yaml --namespace=default-mem-example
    28. # 查看Pod
    29. $ kubectl get pod default-mem-demo --output=yaml --namespace=default-mem-example
    30. containers:
    31. - image: nginx
    32. imagePullPolicy: Always
    33. name: default-mem-demo-ctr
    34. resources:
    35. limits:
    36. memory: 512Mi
    37. requests:
    38. memory: 256Mi

    1.2. namespace的CPU默认值

    1. # 创建namespace
    2. $ kubectl create namespace default-cpu-example
    3. # 创建LimitRange
    4. $ cat cpu-defaults.yaml
    5. apiVersion: v1
    6. kind: LimitRange
    7. metadata:
    8. name: cpu-limit-range
    9. spec:
    10. limits:
    11. - default:
    12. cpu: 1
    13. defaultRequest:
    14. cpu: 0.5
    15. type: Container
    16. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-defaults.yaml --namespace=default-cpu-example
    17. # 创建Pod,未指定CPU的limit和request
    18. $ cat cpu-defaults-pod.yaml
    19. apiVersion: v1
    20. kind: Pod
    21. metadata:
    22. name: default-cpu-demo
    23. spec:
    24. containers:
    25. - name: default-cpu-demo-ctr
    26. image: nginx
    27. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-defaults-pod.yaml --namespace=default-cpu-example
    28. # 查看Pod
    29. $ kubectl get pod default-cpu-demo --output=yaml --namespace=default-cpu-example
    30. containers:
    31. - image: nginx
    32. imagePullPolicy: Always
    33. name: default-cpu-demo-ctr
    34. resources:
    35. limits:
    36. cpu: "1"
    37. requests:
    38. cpu: 500m

    1.3 说明

    1. 如果没有指定pod的requestlimit,则创建的pod会使用LimitRange对象定义的默认值(request和limit)
    2. 如果指定pod的limit但未指定request,则创建的pod的request值会取limit的值,而不会取LimitRange对象定义的request默认值。
    3. 如果指定pod的request但未指定limit,则创建的pod的limit值会取LimitRange对象定义的limit默认值。

    默认Limit和request的动机

    如果命名空间具有资源配额(ResourceQuota), 它为内存限额(CPU限额)设置默认值是有意义的。 以下是资源配额对命名空间施加的两个限制:

    • 在命名空间运行的每一个容器必须有它自己的内存限额(CPU限额)。
    • 在命名空间中所有的容器使用的内存总量(CPU总量)不能超出指定的限额。

    如果一个容器没有指定它自己的内存限额(CPU限额),它将被赋予默认的限额值,然后它才可以在被配额限制的命名空间中运行。

    2. 为namespace配置CPU和内存的最大最小值

    2.1. 内存的最大最小值

    创建LimitRange

    1. # 创建namespace
    2. $ kubectl create namespace constraints-mem-example
    3. # 创建LimitRange
    4. $ cat memory-constraints.yaml
    5. apiVersion: v1
    6. kind: LimitRange
    7. metadata:
    8. name: mem-min-max-demo-lr
    9. spec:
    10. limits:
    11. - max:
    12. memory: 1Gi
    13. min:
    14. memory: 500Mi
    15. type: Container
    16. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-constraints.yaml --namespace=constraints-mem-example
    17. # 查看LimitRange
    18. $ kubectl get limitrange cpu-min-max-demo --namespace=constraints-mem-example --output=yaml
    19. ...
    20. limits:
    21. - default:
    22. memory: 1Gi
    23. defaultRequest:
    24. memory: 1Gi
    25. max:
    26. memory: 1Gi
    27. min:
    28. memory: 500Mi
    29. type: Container
    30. ...
    31. # LimitRange设置了最大最小值,但没有设置默认值,也会被自动设置默认值。

    创建符合要求的Pod

    1. # 创建符合要求的Pod
    2. $ cat memory-constraints-pod.yaml
    3. apiVersion: v1
    4. kind: Pod
    5. metadata:
    6. name: constraints-mem-demo
    7. spec:
    8. containers:
    9. - name: constraints-mem-demo-ctr
    10. image: nginx
    11. resources:
    12. limits:
    13. memory: "800Mi"
    14. requests:
    15. memory: "600Mi"
    16. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-constraints-pod.yaml --namespace=constraints-mem-example
    17. # 查看Pod
    18. $ kubectl get pod constraints-mem-demo --output=yaml --namespace=constraints-mem-example
    19. ...
    20. resources:
    21. limits:
    22. memory: 800Mi
    23. requests:
    24. memory: 600Mi
    25. ...

    创建超过最大内存limit的pod

    1. $ cat memory-constraints-pod-2.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-mem-demo-2
    6. spec:
    7. containers:
    8. - name: constraints-mem-demo-2-ctr
    9. image: nginx
    10. resources:
    11. limits:
    12. memory: "1.5Gi" # 超过最大值 1Gi
    13. requests:
    14. memory: "800Mi"
    15. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-constraints-pod-2.yaml --namespace=constraints-mem-example
    16. # Pod创建失败,因为容器指定的limit过大
    17. Error from server (Forbidden): error when creating "docs/tasks/administer-cluster/memory-constraints-pod-2.yaml":
    18. pods "constraints-mem-demo-2" is forbidden: maximum memory usage per Container is 1Gi, but limit is 1536Mi.

    创建小于最小内存request的Pod

    1. $ cat memory-constraints-pod-3.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-mem-demo-3
    6. spec:
    7. containers:
    8. - name: constraints-mem-demo-3-ctr
    9. image: nginx
    10. resources:
    11. limits:
    12. memory: "800Mi"
    13. requests:
    14. memory: "100Mi" # 小于最小值500Mi
    15. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-constraints-pod-3.yaml --namespace=constraints-mem-example
    16. # Pod创建失败,因为容器指定的内存request过小
    17. Error from server (Forbidden): error when creating "docs/tasks/administer-cluster/memory-constraints-pod-3.yaml":
    18. pods "constraints-mem-demo-3" is forbidden: minimum memory usage per Container is 500Mi, but request is 100Mi.

    创建没有指定任何内存limit和request的pod

    1. $ cat memory-constraints-pod-4.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-mem-demo-4
    6. spec:
    7. containers:
    8. - name: constraints-mem-demo-4-ctr
    9. image: nginx
    10. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/memory-constraints-pod-4.yaml --namespace=constraints-mem-example
    11. # 查看Pod
    12. $ kubectl get pod constraints-mem-demo-4 --namespace=constraints-mem-example --output=yaml
    13. ...
    14. resources:
    15. limits:
    16. memory: 1Gi
    17. requests:
    18. memory: 1Gi
    19. ...

    容器没有指定自己的 CPU 请求和限制,所以它将从 LimitRange 获取默认的 CPU 请求和限制值。

    2.2. CPU的最大最小值

    创建LimitRange

    1. # 创建namespace
    2. $ kubectl create namespace constraints-cpu-example
    3. # 创建LimitRange
    4. $ cat cpu-constraints.yaml
    5. apiVersion: v1
    6. kind: LimitRange
    7. metadata:
    8. name: cpu-min-max-demo-lr
    9. spec:
    10. limits:
    11. - max:
    12. cpu: "800m"
    13. min:
    14. cpu: "200m"
    15. type: Container
    16. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-constraints.yaml --namespace=constraints-cpu-example
    17. # 查看LimitRange
    18. $ kubectl get limitrange cpu-min-max-demo-lr --output=yaml --namespace=constraints-cpu-example
    19. ...
    20. limits:
    21. - default:
    22. cpu: 800m
    23. defaultRequest:
    24. cpu: 800m
    25. max:
    26. cpu: 800m
    27. min:
    28. cpu: 200m
    29. type: Container
    30. ...

    创建符合要求的Pod

    1. $ cat cpu-constraints-pod.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-cpu-demo
    6. spec:
    7. containers:
    8. - name: constraints-cpu-demo-ctr
    9. image: nginx
    10. resources:
    11. limits:
    12. cpu: "800m"
    13. requests:
    14. cpu: "500m"
    15. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-constraints-pod.yaml --namespace=constraints-cpu-example
    16. # 查看Pod
    17. $ kubectl get pod constraints-cpu-demo --output=yaml --namespace=constraints-cpu-example
    18. ...
    19. resources:
    20. limits:
    21. cpu: 800m
    22. requests:
    23. cpu: 500m
    24. ...

    创建超过最大CPU limit的Pod

    1. $ cat cpu-constraints-pod-2.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-cpu-demo-2
    6. spec:
    7. containers:
    8. - name: constraints-cpu-demo-2-ctr
    9. image: nginx
    10. resources:
    11. limits:
    12. cpu: "1.5"
    13. requests:
    14. cpu: "500m"
    15. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-constraints-pod-2.yaml --namespace=constraints-cpu-example
    16. # Pod创建失败,因为容器指定的CPU limit过大
    17. Error from server (Forbidden): error when creating "docs/tasks/administer-cluster/cpu-constraints-pod-2.yaml":
    18. pods "constraints-cpu-demo-2" is forbidden: maximum cpu usage per Container is 800m, but limit is 1500m.

    创建小于最小CPU request的Pod

    1. $ cat cpu-constraints-pod-3.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-cpu-demo-4
    6. spec:
    7. containers:
    8. - name: constraints-cpu-demo-4-ctr
    9. image: nginx
    10. resources:
    11. limits:
    12. cpu: "800m"
    13. requests:
    14. cpu: "100m"
    15. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-constraints-pod-3.yaml --namespace=constraints-cpu-example
    16. # Pod创建失败,因为容器指定的CPU request过小
    17. Error from server (Forbidden): error when creating "docs/tasks/administer-cluster/cpu-constraints-pod-3.yaml":
    18. pods "constraints-cpu-demo-4" is forbidden: minimum cpu usage per Container is 200m, but request is 100m.

    创建没有指定任何CPU limit和request的pod

    1. $ cat cpu-constraints-pod-4.yaml
    2. apiVersion: v1
    3. kind: Pod
    4. metadata:
    5. name: constraints-cpu-demo-4
    6. spec:
    7. containers:
    8. - name: constraints-cpu-demo-4-ctr
    9. image: vish/stress
    10. $ kubectl create -f https://k8s.io/docs/tasks/administer-cluster/cpu-constraints-pod-4.yaml --namespace=constraints-cpu-example
    11. # 查看Pod
    12. kubectl get pod constraints-cpu-demo-4 --namespace=constraints-cpu-example --output=yaml
    13. ...
    14. resources:
    15. limits:
    16. cpu: 800m
    17. requests:
    18. cpu: 800m
    19. ...

    容器没有指定自己的 CPU 请求和限制,所以它将从 LimitRange 获取默认的 CPU 请求和限制值。

    2.3. 说明

    LimitRange 在 namespace 中施加的最小和最大内存(CPU)限制只有在创建和更新 Pod 时才会被应用。改变 LimitRange 不会对之前创建的 Pod 造成影响。

    Kubernetes 都会执行下列步骤:

    • 如果容器没有指定自己的内存(CPU)请求(request)和限制(limit),系统将会为其分配默认值。
    • 验证容器的内存(CPU)请求大于等于最小值。
    • 验证容器的内存(CPU)限制小于等于最大值。

    参考文章:

    • https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/

    • https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/

    • https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace/

    • https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace/

    • https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/