在默认情况下,K8S不会对Pod进行CPU和内存限制,如果某个Pod发生内存泄露那么将是一个非常糟糕的事情
所以在部署Pod的时候都会把Requests和limits加上,配置文件示例如下
apiVersion: apps/v1
kind: Deployment
metadata:
name: ng-deploy
spec:
selector:
matchLables:
app: ng-demo
replicas: 2
template:
metadata:
labels:
app: ng-demo
spec:
containers:
- name: ng-demo
image: nginx
imagePullPolicy:IfNotPresent
resources:
requests:
cpu: 100m
memory: 200Mi
limits:
cpu: 100m
memory: 200Mi
如果Pod多并只需要相同的限制,这样一个一个设置就比较麻烦了。这时可以通过LimitRange做一个全局限制。如果在部署
pod的时候指定了requests和limits,则指定的生效,反之则全局给pod设置默认的限制
LimitRange特性
- 限制namespace中每个pod或container的最小和最大资源用量
- 限制namespace中每个PVC的资源请求范围
- 限制namespace中资源请求和限制书吏的比例
- 配置资源的默认限制
配置LimitRange
1、 创建namespace
apiVersion: v1
kind: Namespace
metadata:
name: coolops
2、为namespace配置limitRange
apiVersion: v1
kind: LimitRange
metadata:
name: mylimit
namespace: coolops
spec:
limits:
- max:
cpu: "1"
memory: 1Gi
min:
cpu: 100m
memory: 10Mi
maxLimitRequestRatio:
cpu: 3
memory: 4
type: Pod
- default:
cpu: 300m
memory: 200Mi
defaultRequest:
cpu: 200m
memory: 100Mi
max:
cpu: "2"
memory: 1Gi
min:
cpu: 100m
memory: 10Mi
maxLimitRequestRatio:
cpu: 5
memory: 4
type: Container
参数说明
- max: 如果type是Pod/Container,表示整个Pod资源的最大Limit,如果Pod定义中的Limit值大于LimitRange中的值,则Pod无法成功创建
- min: 如果type是Pod/Container,表示所有容器request的资源总和不能小于min中的值,否则Pod无法成功创建
- maxLimitRequestRatio: 如果type是Pod,表示Pod中所有容器资源请求的Limit值和request值比值的上限
- defaultRequest和defaultlimit是默认值,只有type为container才有这两项配置
测试
1、创建一个允许范围之内的 requests 和 limits 的 pod
apiVersion: v1
kind: Pod
metadata:
name: pod01
namespace: coolops
spec:
containers:
- name: pod-01
image: nginx
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 200m
memory: 30Mi
limits:
cpu: 300m
memory: 50Mi
2、创建一个 cpu 超出允许访问的 Pod
apiVersion: v1
kind: Pod
metadata:
name: pod02
namespace: coolops
spec:
containers:
- name: pod-02
image: nginx
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 200m
memory: 30Mi
limits:
cpu: 2
memory: 50Mi
3、创建低于允许范围的 Pod
apiVersion: v1
kind: Pod
metadata:
name: pod03
namespace: coolops
spec:
containers:
- name: pod-03
image: nginx
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 200m
memory: 30Mi
limits:
cpu: 100m
memory: 10Mi
4、创建一个未定义 request 或 Limits 的 Pod
apiVersion: v1
kind: Pod
metadata:
name: pod04
namespace: coolops
spec:
containers:
- name: pod-04
image: nginx
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 200m
memory: 200Mi
5、LimitRange限制PVC
apiVersion: v1
kind: LimitRange
metadata:
name: storagelimits
namespace: coolops
spec:
limits:
- type: PersistentVolumeClaim
max:
storage: 2Gi
min:
storage: 1Gi
标签:限制,name,namespace,memory,Pod,K8S,cpu,metadata
From: https://www.cnblogs.com/codechange/p/17863826.html