From 5e427559a0cc74731b786230c4df04b5bdee29c2 Mon Sep 17 00:00:00 2001 From: "huanqing.shao" Date: Sat, 19 Oct 2019 09:59:06 +0800 Subject: [PATCH] LimitRange --- .vuepress/components/HomePage.vue | 2 +- .vuepress/config.js | 3 + .../learning/policy/lr-pod-limit-range.yaml | 10 +++ .../statics/learning/policy/lr-pod-pod.yaml | 37 +++++++++ .../learning/policy/lr-ratio-limit-range.yaml | 9 +++ .../statics/learning/policy/lr-ratio-pod.yaml | 13 ++++ .../learning/policy/lr-storage-limit.yaml | 11 +++ .../policy/lr-storage-pvc-greater.yaml | 10 +++ .../learning/policy/lr-storage-pvc-lower.yaml | 10 +++ learning/k8s-advanced/policy/lr.md | 9 ++- learning/k8s-advanced/policy/lr_pod.md | 77 +++++++++++++++++++ learning/k8s-advanced/policy/lr_ratio.md | 53 +++++++++++++ learning/k8s-advanced/policy/lr_storage.md | 66 ++++++++++++++++ 13 files changed, 305 insertions(+), 5 deletions(-) create mode 100644 .vuepress/public/statics/learning/policy/lr-pod-limit-range.yaml create mode 100644 .vuepress/public/statics/learning/policy/lr-pod-pod.yaml create mode 100644 .vuepress/public/statics/learning/policy/lr-ratio-limit-range.yaml create mode 100644 .vuepress/public/statics/learning/policy/lr-ratio-pod.yaml create mode 100644 .vuepress/public/statics/learning/policy/lr-storage-limit.yaml create mode 100644 .vuepress/public/statics/learning/policy/lr-storage-pvc-greater.yaml create mode 100644 .vuepress/public/statics/learning/policy/lr-storage-pvc-lower.yaml create mode 100644 learning/k8s-advanced/policy/lr_pod.md create mode 100644 learning/k8s-advanced/policy/lr_ratio.md create mode 100644 learning/k8s-advanced/policy/lr_storage.md diff --git a/.vuepress/components/HomePage.vue b/.vuepress/components/HomePage.vue index 76cbd9d..2930788 100644 --- a/.vuepress/components/HomePage.vue +++ b/.vuepress/components/HomePage.vue @@ -132,7 +132,7 @@ export default { features:[ { title: 'Kubernetes安装文档', - details: '快速安装Kubernetes,每天有超过200个用户参考此文档完成Kubernetes安装,碰到问题可QQ在线答疑', + details: '快速安装Kubernetes,每天有超过300名用户参考此文档完成Kubernetes安装,碰到问题可QQ在线答疑', link: '/install/install-k8s.html' }, { diff --git a/.vuepress/config.js b/.vuepress/config.js index b5613b7..037fdc6 100644 --- a/.vuepress/config.js +++ b/.vuepress/config.js @@ -480,6 +480,9 @@ module.exports = { children: [ 'k8s-advanced/policy/lr', 'k8s-advanced/policy/lr_container', + 'k8s-advanced/policy/lr_pod', + 'k8s-advanced/policy/lr_storage', + 'k8s-advanced/policy/lr_ratio', ] }, ] diff --git a/.vuepress/public/statics/learning/policy/lr-pod-limit-range.yaml b/.vuepress/public/statics/learning/policy/lr-pod-limit-range.yaml new file mode 100644 index 0000000..0ce0f69 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-pod-limit-range.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-mem-cpu-per-pod +spec: + limits: + - max: + cpu: "2" + memory: "2Gi" + type: Pod diff --git a/.vuepress/public/statics/learning/policy/lr-pod-pod.yaml b/.vuepress/public/statics/learning/policy/lr-pod-pod.yaml new file mode 100644 index 0000000..efac440 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-pod-pod.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Pod +metadata: + name: busybox2 +spec: + containers: + - name: busybox-cnt01 + image: busybox + command: ["/bin/sh"] + args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"] + resources: + requests: + memory: "100Mi" + cpu: "100m" + limits: + memory: "200Mi" + cpu: "500m" + - name: busybox-cnt02 + image: busybox + command: ["/bin/sh"] + args: ["-c", "while true; do echo hello from cnt02; sleep 10;done"] + resources: + requests: + memory: "100Mi" + cpu: "100m" + - name: busybox-cnt03 + image: busybox + command: ["/bin/sh"] + args: ["-c", "while true; do echo hello from cnt03; sleep 10;done"] + resources: + limits: + memory: "200Mi" + cpu: "500m" + - name: busybox-cnt04 + image: busybox + command: ["/bin/sh"] + args: ["-c", "while true; do echo hello from cnt04; sleep 10;done"] diff --git a/.vuepress/public/statics/learning/policy/lr-ratio-limit-range.yaml b/.vuepress/public/statics/learning/policy/lr-ratio-limit-range.yaml new file mode 100644 index 0000000..859fc20 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-ratio-limit-range.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-memory-ratio-pod +spec: + limits: + - maxLimitRequestRatio: + memory: 2 + type: Pod diff --git a/.vuepress/public/statics/learning/policy/lr-ratio-pod.yaml b/.vuepress/public/statics/learning/policy/lr-ratio-pod.yaml new file mode 100644 index 0000000..8afdb63 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-ratio-pod.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: busybox3 +spec: + containers: + - name: busybox-cnt01 + image: busybox + resources: + limits: + memory: "300Mi" + requests: + memory: "100Mi" diff --git a/.vuepress/public/statics/learning/policy/lr-storage-limit.yaml b/.vuepress/public/statics/learning/policy/lr-storage-limit.yaml new file mode 100644 index 0000000..7f597e4 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-storage-limit.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: storagelimits +spec: + limits: + - type: PersistentVolumeClaim + max: + storage: 2Gi + min: + storage: 1Gi diff --git a/.vuepress/public/statics/learning/policy/lr-storage-pvc-greater.yaml b/.vuepress/public/statics/learning/policy/lr-storage-pvc-greater.yaml new file mode 100644 index 0000000..2d92bf9 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-storage-pvc-greater.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc-limit-greater +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi diff --git a/.vuepress/public/statics/learning/policy/lr-storage-pvc-lower.yaml b/.vuepress/public/statics/learning/policy/lr-storage-pvc-lower.yaml new file mode 100644 index 0000000..ef819b6 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/lr-storage-pvc-lower.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pvc-limit-lower +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi diff --git a/learning/k8s-advanced/policy/lr.md b/learning/k8s-advanced/policy/lr.md index 7a2035f..b817897 100644 --- a/learning/k8s-advanced/policy/lr.md +++ b/learning/k8s-advanced/policy/lr.md @@ -71,7 +71,8 @@ podtemplates tr 更多内容请参考: * [限定容器的计算资源](./lr_container.html) -* [限定Pod的计算资源] -* [限定存储资源] -* [Limit/Request 比例] -* [例子] +* [限定Pod的计算资源](./lr_pod.html) +* [限定存储资源](./lr_storage.html) +* [限定 Limit/Request 比例](./lr_ratio.html) + + diff --git a/learning/k8s-advanced/policy/lr_pod.md b/learning/k8s-advanced/policy/lr_pod.md new file mode 100644 index 0000000..6bc3089 --- /dev/null +++ b/learning/k8s-advanced/policy/lr_pod.md @@ -0,0 +1,77 @@ +--- +vssueId: 143 +layout: LearningLayout +description: Kubernetes教程_本文讨论了如何使用LimitRange_在Pod级别限定资源的使用_下面是一个用于限定Pod资源使用的LimitRange对象。 +meta: + - name: keywords + content: Kubernetes +--- + +# 限定Pod的计算资源 + + + + +> 参考文档:[Limit Ranges](https://kubernetes.io/docs/concepts/policy/limit-range/) + +本文讨论了如何使用 LimitRange 在 Pod 级别限定资源的使用。下面是一个用于限定 Pod 资源使用的 LimitRange 对象。 + + + +<<< @/.vuepress/public/statics/learning/policy/lr-pod-limit-range.yaml + +::: tip +在您开始本教程之前,请您先完成 [限定容器的计算资源](./lr_container.html),并确保该教程中的 LimitRange `limit-mem-cpu-per-container` 和 Pod `busybox1` 都已经创建。 +::: + +* 执行如下命令,创建 `limit-mem-cpu-pod` 上面 yaml 中的 LimitRange,该 LimitRange 限定了每一个 Pod 的CPU使用不超过 2 核,内存不超过 2Gi。 + + ``` sh + kubectl apply -f https://kuboard.cn/statics/learning/policy/lr-pod-limit-range.yaml -n limitrange-demo + ``` + + 执行命令查看 `limit-mem-cpu-per-pod` 的创建结果: + + ``` sh + kubectl describe limitrange/limit-mem-cpu-per-pod -n limitrange-demo + ``` + + 输出结果如下所示 + + ``` + Name: limit-mem-cpu-per-pod + Namespace: limitrange-demo + Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio + ---- -------- --- --- --------------- ------------- ----------------------- + Pod cpu - 2 - - - + Pod memory - 2Gi - - - + ``` + +* 创建第二个 Pod,yaml 文件如下: + + <<< @/.vuepress/public/statics/learning/policy/lr-pod-pod.yaml + + 执行如下命令可创建该 Pod + ``` sh + kubectl apply -f https://kuboard.cn/statics/learning/policy/lr-pod-pod.yaml -n limitrange-demo + ``` + + Pod `busybox2` 的定义与 `busybox1` 的定义玩去哪相同,但是执行该创建命令时将碰到如下错误,因为Pod可使用的资源现在受到了限制: + + ``` + Error from server (Forbidden): error when creating "limit-range-pod-2.yaml": pods "busybox2" is forbidden: [maximum cpu usage per Pod is 2, but limit is 2400m., maximum memory usage per Pod is 2Gi, but limit is 2306867200.] + ``` + 执行命令查看 `busybox1` 的资源使用 + ``` sh + kubectl get po/busybox1 -n limitrange-demo -o json | jq ".spec.containers[].resources.limits.memory" + ``` + 输出结果如下所示: + ``` + "200Mi" + "900Mi" + "200Mi" + "900Mi" + ``` + Pod `busybox2` 将不能在集群中创建,因为其中所有容器的内存限制的总和超过了 LimitRange `limit-mem-cpu-per-pod` 中的限定。 `busybox1` 将不会被驱逐,因为该 Pod 在创建 LimitRange `limit-mem-cpu-per-pod` 就已经创建好了。 + +:tada: :tada: :tada: diff --git a/learning/k8s-advanced/policy/lr_ratio.md b/learning/k8s-advanced/policy/lr_ratio.md new file mode 100644 index 0000000..3d399e0 --- /dev/null +++ b/learning/k8s-advanced/policy/lr_ratio.md @@ -0,0 +1,53 @@ +--- +vssueId: 143 +layout: LearningLayout +description: Kubernetes教程_本文讨论了如何使用LimitRange在名称空间中限制Limits/Requests的比例_如果指定了LimitRange对象的spec.limits.maxLimitRequestRatio字段_名称空间中的Pod/容器的request和limit都不能为0_且limit除以request的结果必须小于或等于LimitRange的spec.limits.maxLimitRequestRatio +meta: + - name: keywords + content: Kubernetes +--- + +# 限定 Limit/Request 比例 + + + + +> 参考文档:[Limit Ranges](https://kubernetes.io/docs/concepts/policy/limit-range/) + +本文讨论了如何使用 LimitRange 在名称空间中限制 Limits/Requests 的比例。如果指定了 LimitRange 对象的 `spec.limits.maxLimitRequestRatio` 字段,名称空间中的 Pod/容器的 request 和 limit 都不能为 0,且 limit 除以 request 的结果必须小于或等于 LimitRange 的 `spec.limits.maxLimitRequestRatio` + + + +下面的例子中 `LimitRange` 限定了名称空间中任何 Pod 的最大内存限定(limit)不能超过最小内存请求(request)的两倍: + +<<< @/.vuepress/public/statics/learning/policy/lr-ratio-limit-range.yaml {8} + +* 执行命令以创建该 LimitRange: + ``` sh + kubectl create -f https://kuboard.cn/statics/learning/policy/lr-ratio-limit-range.yaml -n limitrange-demo + ``` + 执行命令以查看创建结果: + ``` sh + kubectl describe limitrange/limit-memory-ratio-pod -n limitrange-demo + ``` + 输出结果如下所示: + ``` + Name: limit-memory-ratio-pod + Namespace: limitrange-demo + Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio + ---- -------- --- --- --------------- ------------- ----------------------- + Pod memory - - - - 2 + ``` + +* 此时,如果我们创建一个 Pod 包含如下属性 `requests.memory=100Mi` 和 `limits.memory=300Mi`: + + <<< @/.vuepress/public/statics/learning/policy/lr-ratio-pod.yaml {11,13} + + 执行命令以创建该 Pod: + ``` sh + kubectl apply -f https://kuboard.cn/statics/learning/policy/lr-ratio-pod.yaml -n limitrange-demo + ``` + 由于该 Pod 的内存限制请求比例为 `3`,超过了 LimitRange 中定义的 `2`,该 Pod 将不能创建成功: + ``` + Error from server (Forbidden): error when creating "lr-ratio-pod.yaml": pods "busybox3" is forbidden: memory max limit to request ratio per Pod is 2, but provided ratio is 3.000000. + ``` diff --git a/learning/k8s-advanced/policy/lr_storage.md b/learning/k8s-advanced/policy/lr_storage.md new file mode 100644 index 0000000..63024d1 --- /dev/null +++ b/learning/k8s-advanced/policy/lr_storage.md @@ -0,0 +1,66 @@ +--- +vssueId: 143 +layout: LearningLayout +description: Kubernetes教程_本文讨论了如何使用LimitRange_名称空间中限制存储资源的使用_通过LimitRange对象_集群管理员可以限定名称空间中每个PersistentVolumeClaim存储卷声明可以使用的最小最大存储空间 +meta: + - name: keywords + content: Kubernetes +--- + +# 限定存储资源 + + + + +> 参考文档:[Limit Ranges](https://kubernetes.io/docs/concepts/policy/limit-range/) + +本文讨论了如何使用LimitRange_名称空间中限制存储资源的使用。通过 LimitRange 对象,集群管理员可以限定名称空间中每个 PersistentVolumeClaim(存储卷声明)可以使用的最小、最大存储空间。 + + + +请参考下面的例子: + +<<< @/.vuepress/public/statics/learning/policy/lr-storage-limit.yaml {9,11} + +* 执行命令可创建该 LimitRange: + + ``` sh + kubectl create -f https://kuboard.cn/statics/learning/policy/lr-storage-limit.yaml -n limitrange-demo + ``` + 执行命令查看创建结果 + ``` sh + kubectl describe limits/storagelimits -n limitrange-demo + ``` + 输出结果如下所示: + ``` + Name: storagelimits + Namespace: limitrange-demo + Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio + ---- -------- --- --- --------------- ------------- ----------------------- + PersistentVolumeClaim storage 1Gi 2Gi - - - + ``` +* 现在假设有一个 PVC(存储卷声明),定义文件如下所示: + + <<< @/.vuepress/public/statics/learning/policy/lr-storage-pvc-lower.yaml {10} + 执行命令创建该 PVC(存储卷声明) + ``` sh + kubectl create -f https://kuboard.cn/statics/learning/policy/lr-storage-pvc-lower.yaml -n limitrange-demo + ``` + 由于 PVC 中定义的字段 `requests.storage` 比 LimitRange `storagelimits` 中 `limits[0].min.storage` 的定义要小,所以创建该 PVC 时将失败: + ``` + Error from server (Forbidden): error when creating "lr-storage-pvc-lower.yaml": persistentvolumeclaims "pvc-limit-lower" is forbidden: minimum storage usage per PersistentVolumeClaim is 1Gi, but request is 500Mi. + ``` +* 如果 PVC 的 `requests.storage` 大于 LimitRange 中的 `limits[0].max.storage`,同样不能创建成功,参考下面的例子: + + <<< @/.vuepress/public/statics/learning/policy/lr-storage-pvc-greater.yaml {10} + + 执行命令创建该 PVC(存储卷声明) + ``` sh + kubectl create -f https://kuboard.cn/statics/learning/policy/lr-storage-pvc-greater.yaml + ``` + 输出结果如下所示: + ``` + Error from server (Forbidden): error when creating "lr-storage-pvc-greater.yaml": persistentvolumeclaims "pvc-limit-greater" is forbidden: maximum storage usage per PersistentVolumeClaim is 2Gi, but request is 5Gi. + ``` + +:tada: :tada: :tada: