8-3 Resources---多维度集群资源管理(下)
如果设置
1 requests==limits # 意味着服务是可靠的
2 不设置(不建议) # 最不可靠 会被最先杀掉
3 limits > requests # 比较可靠的服务 会根据优先级杀掉服务
kubernetes 通过requests 和limits 来判断服务等级,以维护服务器的安全性。
创建limits-test.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: test-limits
spec:
limits:
- max:
cpu: 4000m
memory: 2Gi
min:
cpu: 100m
memory: 100Mi
maxLimitRequestRatio:
cpu: 3
memory: 2
type: Pod
- default:
cpu: 300m
memory: 200Mi
defaultRequest:
cpu: 200m
memory: 100Mi
max:
cpu: 2000m
memory: 1Gi
min:
cpu: 100m
memory: 100Mi
maxLimitRequestRatio:
cpu: 5
memory: 4
type: Container
pod不给默认值 是因为pod里面可能有多个容器。
创建namespace test
kubectl create ns test
创建limitrange limits-test.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: test-limits
spec:
limits:
- max:
cpu: 4000m
memory: 2Gi
min:
cpu: 100m
memory: 100Mi
maxLimitRequestRatio:
cpu: 3
memory: 2
type: Pod
- default:
cpu: 300m
memory: 200Mi
defaultRequest:
cpu: 200m
memory: 100Mi
max:
cpu: 2000m
memory: 1Gi
min:
cpu: 100m
memory: 100Mi
maxLimitRequestRatio:
cpu: 5
memory: 4
type: Container
kubectl create -f limits-test.yaml -n test
查看命名空间下所有的limits
kubectl describe limits -n test
创建web-test.yaml如下
#deploy
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-demo
namespace: test
spec:
selector:
matchLabels:
app: web-demo
replicas: 1
template:
metadata:
labels:
app: web-demo
spec:
containers:
- name: web-demo
image: harbor.pdabc.com/kubernetes/web:v3
ports:
- containerPort: 8080
创建
kubectl apply -f web-test.yaml
查看状态
kubectl get deploy -n test
查看它的详细信息。
kubectl get deploy -n test web-demo -o yaml
查看pod的状态信息
kubectl get pods -n test -o yaml
发现pod的resources里有配置 说明默认值是加到了pod的配置里面
创建web-test.yaml
#deploy
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-demo
namespace: test
spec:
selector:
matchLabels:
app: web-demo
replicas: 1
template:
metadata:
labels:
app: web-demo
spec:
containers:
- name: web-demo
image: harbor.pdabc.com/kubernetes/web:v3
ports:
- containerPort: 8080
resources:
requests:
memory: 100Mi
cpu: 100m
limits:
memory: 1000Mi
cpu: 2000m
kubectl apply -f web-test.yaml
kubectl describe deploy -n test web-demo
kubectl get deploy -n test -o yaml
看到报错信息
修改web-test.yaml 并启动
resources:
requests:
memory: 2000Mi
cpu: 3000m
limits:
memory: 3000Mi
cpu: 4000m
限制生效
如果没有namespace test 则创建新的namespace test
kubectl create namespace test
创建compute-resource.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resource
spec:
hard:
pods: 4
requests.cpu: 2000m
requests.memory: 4Gi
limits.cpu: 4000m
limits.memory: 8Gi
创建object-count.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: object-counts
spec:
hard:
configmaps: 10
persistentvolumeclaims: 4
replicationcontrollers: 20
secrets: 10
services: 10
创建web-test.yaml
#deploy
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-demo
namespace: test
spec:
selector:
matchLabels:
app: web-demo
replicas: 5
template:
metadata:
labels:
app: web-demo
spec:
containers:
- name: web-demo
image: harbor.pdabc.com/kubernetes/web:v3
ports:
- containerPort: 8080
resources:
requests:
memory: 100Mi
cpu: 100m
# 设置成这样 结果一个pod都起不来。明明刚刚好和resource一样大小。
#limits:
# memory: 1000Mi
# cpu: 2000m
limits:
memory: 100Mi
cpu: 100m
教学视屏中是
limits:
memory: 100Mi
cpu: 200m
启动
kubectl apply -f compute-resource.yaml -n test
kubectl apply -f object-count.yam1 -n test
kubectl apply -f web-test.yaml -n test
kubectl get deploy -n test
查看资源限制
kubectl describe quota compute-resource -n test
kubectl describe quota object-count -n test
按照限制 只允许4个pod 有一个起不来
pod驱逐 Eviction
常见驱逐策略配置
--eviction-soft=memory.available<1.5Gi
--eviction-soft-grace-period=memory.available=1m30s
--eviction-hard=memory.available<100Mi,nodefs.available<1Gi,nodefs.inodesFree<5% #满足其中一个条件就执行驱逐策略
磁盘紧缺
删除死掉的pod 容器
删除没用的镜像
按优先级 资源 占用情况驱逐pod
内存紧缺
驱逐不可靠的pod
驱逐基本可靠的pod
驱逐可靠的pod