内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档
风哥提示:
介绍Kubernetes资源配额管理的方法。
Part01-资源配额概述
1.1 配额类型
[root@k8s-master ~]# cat > /root/k8s-quota.txt << 'EOF' Kubernetes资源配额管理 ===================== 1. ResourceQuota - 限制命名空间资源总量 - 控制资源创建数量 - 限制存储使用量 2. LimitRange - 限制单个资源大小 - 设置默认资源值 - 控制资源范围 3. 配额资源类型 - CPU/内存: requests/limits - 存储: PVC数量/容量 - 对象: Pod/Service/ConfigMap等 4. 使用场景 - 多租户环境 - 资源隔离 - 成本控制 EOF
Part02-ResourceQuota配置
2.1 创建资源配额
[root@k8s-master ~]# kubectl create namespace fgedu-dev
namespace/fgedu-dev created
# 创建ResourceQuota
[root@k8s-master ~]# cat > fgedu-resourcequota.yaml << 'EOF'
apiVersion: v1
kind: ResourceQuota
metadata:
name: fgedu-compute-quota
namespace: fgedu-dev
spec:from PG视频:www.itpux.com
hard:
requests.cpu: "10"
requests.memory: 20Gi
limits.cpu: "20"
limits.memory: 40Gi
pods: "50"
services: "20"
secrets: "50"
configmaps: "50"
persistentvolumeclaims: "20"
requests.storage: "100Gi"
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: fgedu-object-quota
namespace: fgedu-dev
spec:
hard:
count/deployments.apps: "10"
count/statefulsets.apps: "5"
count/daemonsets.apps: "5"
count/jobs.batch: "2学习交流加群风哥微信: itpux-com0"
coun学习交流加群风哥QQ113257174t/cronjobs.batch: "10"
count/ingresses.networking.k8s.io: "10"
EOF
[root@k8s-master ~]# kubectl apply -f fgedu-resourcequota.yaml
resourcequota/fgedu-compute-quota created
resourcequota/fgedu-object-quota created
# 查看资源配额
[root@k8s-master ~]# kubectl get resourcequota -n fgedu-dev
NAME AGE REQUEST LIMIT
fgedu-compute-quota 10s pods: 0/50, r更多学习教程公众号风哥教程itpux_comequests.cpu: 0/10, requests.memory: 0/20Gi limits.cpu: 0/20, limits.memory: 0/40Gi
fgedu-object-quota 10s count/deployments.apps: 0/10, count/statefulsets.apps: 0/5
# 查看配额详情
[root@k8s-master ~]# kubectl describe resourcequota fgedu-compute-quota -n fgedu-dev
Name: fgedu-compute-quota
Namespace: fgedu-dev
Resource Used Hard
-------- ---- ----
limits.cpu 0 20
limits.memory 0 40Gi
pods 0 50
requests.cpu 0 10
requests.memory 0 20Gi
Part03-LimitRange配置
3.1 创建资源限制范围
[root@k8s-master ~]# cat > fgedu-limitrange.yaml << 'EOF' apiVersion: v1 kind: LimitRange metadata: name: fgedu-limit-range namespace: fgedu-dev spec: limits: - type: Container max: cpu: "4" memory: 8Gi min: cpu: 50m memory: 64Mi default: cpu: 200m memory: 512Mi defaultRequest: cpu: 100m memory: 256Mi maxLimitRequestRatio: cpu: "10" memory: "4" - type: Pod max: cpu: "8" memory: 16Gi - type: PersistentVolumeClaim max: storage: 50Gi min: storage: 1Gi EOF [root@k8s-master ~]# kubectl apply -f fgedu-limitrange.yaml limitrange/fgedu-limit-range created # 查看LimitRange [root@k8s-master ~]# kubectl describe limitrange fgedu-limit-range -n fgedu-dev Name: fgedu-limit-range Namespace: fgedu-dev Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Container cpu 50m 4 100m 200m 10 Container memory 64Mi 8Gi 256Mi 512Mi 4 Pod cpu - 8 - - - Pod memory - 16Gi - - - PVC storage 1Gi 50Gi - - - # 测试资源限制 [root@k8s-master ~]# cat > test-pod.yaml << 'EOF' apiVersion: v1 kind: Pod metadata: name: fgedu-test-pod namespace: fgedu-dev spec: containers: - name: nginx image: nginx:1.25 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 1Gi EOF [root@k8s-master ~]# kubectl apply -f test-pod.yaml pod/fgedu-test-pod created # 查看资源使用 [root@k8s-master ~]# kubectl get resourcequota -n fgedu-dev NAME AGE REQUEST LIMIT fgedu-compute-quota 5m pods: 1/50, requests.cpu: 100m/10, requests.memory: 256Mi/20Gi limits.cpu: 500m/20, limits.memory: 1Gi/40Gi
Part04-配额管理实践
4.1 多租户配额
[root@k8s-master ~]# cat > fgedu-tenant-quotas.yaml << 'EOF' apiVersion: v1 kind: Namespace metadata: name: fgedu-tenant-a --- apiVersion: v1 kind: ResourceQuota metadata: name: tenant-a-quota namespace: fgedu-tenant-a spec: hard: requests.cpu: "5" requests.memory: 10Gi limits.cpu: "10" limits.memory: 20Gi pods: "20" --- apiVersion: v1 kind: LimitRange metadata: name: tenant-a-limits namespace: fgedu-tenant-a spec: limits: - type: Container max: cpu: "2" memory: 4Gi min: cpu: 50m memory: 64Mi default: cpu: 200m memory: 512Mi --- apiVersion: v1 kind: Namespace metadata: name: fgedu-tenant-b --- apiVersion: v1 kind: ResourceQuota metadata: name: tenant-b-quota namespace: fgedu-tenant-b spec: hard: requests.cpu: "3" requests.memory: 6Gi limits.cpu: "6" limits.memory: 12Gi pods: "15" --- apiVersion: v1 kind: LimitRange metadata: name: tenant-b-limits namespace: fgedu-tenant-b spec: limits: - type: Container max: cpu: "1" memory: 2Gi min: cpu: 50m memory: 64Mi default: cpu: 100m memory: 256Mi EOF [root@k8s-master ~]# kubectl apply -f fgedu-tenant-quotas.yaml namespace/fgedu-tenant-a created resourcequota/tenant-a-quota created limitrange/tenant-a-limits created namespace/fgedu-tenant-b created resourcequota/tenant-b-quota created limitrange/tenant-b-limits created # 查看所有命名空间配额 [root@k8s-master ~]# kubectl get resourcequota -A NAMESPACE NAME AGE REQUEST LIMIT fgedu-dev fgedu-compute-quota 10m pods: 1/50, requests.cpu: 100m/10 limits.cpu: 500m/20 fgedu-tenant-a tenant-a-quota 10s pods: 0/20, requests.cpu: 0/5 limits.cpu: 0/10 fgedu-tenant-b tenant-b-quota 10s pods: 0/15, requests.cpu: 0/3 limits.cpu: 0/6 # 测试超配额创建 [root@k8s-master ~]# cat > test-over-quota.yaml << 'EOF' apiVersion: apps/v1 kind: Deployment metadata: name: fgedu-large-app namespace: fgedu-tenant-b spec: replicas: 20 selector: matchLabels: app: fgedu-large-app template: metadata: labels: app: fgedu-large-app spec: containers: - name: nginx image: nginx:1.25 resources: requests: cpu: 100m memory: 256Mi EOF [root@k8s-master ~]# kubectl apply -f test-over-quota.yaml deployment.apps/fgedu-large-app created # 查看部署状态(部分Pod无法创建) [root@k8s-master ~]# kubectl get deployment -n fgedu-tenant-b NAME READY UP-TO-DATE AVAILABLE AGE fgedu-large-app 15/20 15 15 1m [root@k8s-master ~]# kubectl describe deployment fgedu-large-app -n fgedu-tenant-b | tail -5 Warning FailedCreate 1m (x10 over 1m) replicaset-controller Error creating: pods "fgedu-large-app-abc12" is forbidden: exceeded quota: tenant-b-quota, requested: pods=1, used: pods=15, limited: pods=15
- 为每个命名空间设置配额
- 配置合理的默认资源值
- 监控资源使用情况
- 定期调整配额大小
- 使用LimitRange防止资源浪费
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
