From afd41acbb09ced90a3e056ee601af2e2bee3c385 Mon Sep 17 00:00:00 2001 From: "huanqing.shao" Date: Tue, 22 Oct 2019 21:37:01 +0800 Subject: [PATCH] ResourceQuota Example --- .vuepress/config.js | 2 + .../learning/policy/rq-mem-cpu-pod-2.yaml | 15 +++ .../learning/policy/rq-mem-cpu-pod.yaml | 15 +++ .../learning/policy/rq-mem-cpu-quota.yaml | 10 ++ .../learning/policy/rq-pod-deployment.yaml | 17 +++ .../statics/learning/policy/rq-pod-quota.yaml | 7 ++ learning/k8s-advanced/policy/rq_example.md | 16 --- .../k8s-advanced/policy/rq_example_cpu_mem.md | 118 ++++++++++++++++++ .../k8s-advanced/policy/rq_example_obj.md | 93 ++++++++++++++ learning/k8s-advanced/policy/rq_types.md | 10 +- support/change-log/change-log-on-the-way.md | 3 +- 11 files changed, 285 insertions(+), 21 deletions(-) create mode 100644 .vuepress/public/statics/learning/policy/rq-mem-cpu-pod-2.yaml create mode 100644 .vuepress/public/statics/learning/policy/rq-mem-cpu-pod.yaml create mode 100644 .vuepress/public/statics/learning/policy/rq-mem-cpu-quota.yaml create mode 100644 .vuepress/public/statics/learning/policy/rq-pod-deployment.yaml create mode 100644 .vuepress/public/statics/learning/policy/rq-pod-quota.yaml delete mode 100644 learning/k8s-advanced/policy/rq_example.md create mode 100644 learning/k8s-advanced/policy/rq_example_cpu_mem.md create mode 100644 learning/k8s-advanced/policy/rq_example_obj.md diff --git a/.vuepress/config.js b/.vuepress/config.js index bdd5ddc..6b81684 100644 --- a/.vuepress/config.js +++ b/.vuepress/config.js @@ -494,6 +494,8 @@ module.exports = { 'k8s-advanced/policy/rq_types', 'k8s-advanced/policy/rq_scope', 'k8s-advanced/policy/rq_more', + 'k8s-advanced/policy/rq_example_cpu_mem', + 'k8s-advanced/policy/rq_example_obj', ] }, ] diff --git a/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod-2.yaml b/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod-2.yaml new file mode 100644 index 0000000..66c60ea --- /dev/null +++ b/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod-2.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: quota-mem-cpu-demo-2 +spec: + containers: + - name: quota-mem-cpu-demo-2-ctr + image: redis + resources: + limits: + memory: "1Gi" + cpu: "800m" + requests: + memory: "700Mi" + cpu: "400m" diff --git a/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod.yaml b/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod.yaml new file mode 100644 index 0000000..030d3f3 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: quota-mem-cpu-demo +spec: + containers: + - name: quota-mem-cpu-demo-ctr + image: nginx + resources: + limits: + memory: "800Mi" + cpu: "800m" + requests: + memory: "600Mi" + cpu: "400m" diff --git a/.vuepress/public/statics/learning/policy/rq-mem-cpu-quota.yaml b/.vuepress/public/statics/learning/policy/rq-mem-cpu-quota.yaml new file mode 100644 index 0000000..5c4bcd8 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/rq-mem-cpu-quota.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: mem-cpu-demo +spec: + hard: + requests.cpu: "1" + requests.memory: 1Gi + limits.cpu: "2" + limits.memory: 2Gi diff --git a/.vuepress/public/statics/learning/policy/rq-pod-deployment.yaml b/.vuepress/public/statics/learning/policy/rq-pod-deployment.yaml new file mode 100644 index 0000000..86e85aa --- /dev/null +++ b/.vuepress/public/statics/learning/policy/rq-pod-deployment.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pod-quota-demo +spec: + selector: + matchLabels: + purpose: quota-demo + replicas: 3 + template: + metadata: + labels: + purpose: quota-demo + spec: + containers: + - name: pod-quota-demo + image: nginx diff --git a/.vuepress/public/statics/learning/policy/rq-pod-quota.yaml b/.vuepress/public/statics/learning/policy/rq-pod-quota.yaml new file mode 100644 index 0000000..0a07f05 --- /dev/null +++ b/.vuepress/public/statics/learning/policy/rq-pod-quota.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: pod-demo +spec: + hard: + pods: "2" diff --git a/learning/k8s-advanced/policy/rq_example.md b/learning/k8s-advanced/policy/rq_example.md deleted file mode 100644 index 6b80725..0000000 --- a/learning/k8s-advanced/policy/rq_example.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -vssueId: 144 -layout: LearningLayout -description: Kubernetes教程_当多个用户或团队共享一个节点数量有限的集群时_如何在多个用户或团队之间分配集群的资源就会变得非常重要_Resource_quota的用途便在于此 -meta: - - name: keywords - content: K8S 教程,Resource Quota,ResourceQuota ---- - -# 案例参考 - - - -> 参考文档:[Configure Quotas for API Objects](https://kubernetes.io/docs/tasks/administer-cluster/quota-api-object/) - - diff --git a/learning/k8s-advanced/policy/rq_example_cpu_mem.md b/learning/k8s-advanced/policy/rq_example_cpu_mem.md new file mode 100644 index 0000000..ab365b2 --- /dev/null +++ b/learning/k8s-advanced/policy/rq_example_cpu_mem.md @@ -0,0 +1,118 @@ +--- +vssueId: 144 +layout: LearningLayout +description: Kubernetes教程_当多个用户或团队共享一个节点数量有限的集群时_如何在多个用户或团队之间分配集群的资源就会变得非常重要_Resource_quota的用途便在于此_本文通过实例讲解了如何为名称空间配置CPU和内存的资源配额 +meta: + - name: keywords + content: K8S 教程,Resource Quota,ResourceQuota +--- + +# CPU/内存资源限额 + + + +> 参考文档:[Configure Memory and CPU Quotas for a Namespace](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/) + +本文通过实例演示了如何通过ResourceQuota为名称空间配置CPU和内存的资源限额。演示的步骤如下: + +[[TOC]] + + + +## 创建名称空间 + +执行如下命令,创建名称空间: +```sh +kubectl create namespace quota-mem-cpu-example +``` + +## 创建ResourceQuota + +下面是 ResourceQuota 的YAML文件: + +<<< @/.vuepress/public/statics/learning/policy/rq-mem-cpu-quota.yaml {7,8,9,10} + +执行命令以创建该 ResourceQuota: +``` sh +kubectl apply -f https://kuboard.cn/statics/learning/policy/rq-mem-cpu-quota.yaml --namespace=quota-mem-cpu-example +``` + +执行命令查看刚创建的 ResourceQuota: + +``` +kubectl get resourcequota mem-cpu-demo --namespace=quota-mem-cpu-example --output=yaml +``` + +ResourceQuota 为 `quota-mem-cpu-example` 名称空间设定了如下资源配额: + +* 每一个容器必须有 内存请求(request)、内存限制(limit)、CPU请求(request)、CPU限制(limit) +* 所有容器的内存请求总和不超过 1 GiB +* 所有容器的内存限定总和不超过 2 GiB +* 所有容器的CPU请求总和不超过 1 cpu +* 所有容器的CPU限定总和不超过 2 cpu + + +## 创建Pod + +下面是一个 Pod 的配置文件: + +<<< @/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod.yaml {11,12,14,15} + +执行命令以创建该 Pod +``` sh +kubectl apply -f https://kuboard.cn/statics/learning/policy/rq-mem-cpu-pod.yaml --namespace=quota-mem-cpu-example +``` +执行命令验证 Pod 已运行: +``` sh +kubectl get pod quota-mem-cpu-demo --namespace=quota-mem-cpu-example +``` +此时执行命令再次查看名称空间的资源配额消耗情况: +``` sh +kubectl get resourcequota mem-cpu-demo --namespace=quota-mem-cpu-example --output=yaml +``` +输出结果中除了显示名称空间的资源配额之外,同时还显示了该配额的使用情况。结果如下所示: +``` yaml {8,9,10,11} +status: + hard: + limits.cpu: "2" + limits.memory: 2Gi + requests.cpu: "1" + requests.memory: 1Gi + used: + limits.cpu: 800m + limits.memory: 800Mi + requests.cpu: 400m + requests.memory: 600Mi +``` + +## 尝试创建第二个Pod + +下面是另外一个 Pod 的 YAML 文件: + +<<< @/.vuepress/public/statics/learning/policy/rq-mem-cpu-pod-2.yaml {11,12,14,15} + +在此配置文件中,Pod 请求了 700MiB 的内存,如果加上第一个 Pod 所请求的内存,其结果已经超出了名称空间的资源配额中对内存请求的限制:600MiB + 600MiB > 1GiB + +执行如下命令尝试创建该 Pod: +``` sh +kubectl apply -f https://kuboard.cn/statics/learning/policy/rq-mem-cpu-pod-2.yaml --namespace=quota-mem-cpu-example +``` +第二个 Pod 将不能创建成功,该命令的输出结果将提示创建 Pod 失败的原因是内存请求之和超过了内存请求的资源配额,错误信息如下所示: +``` +Error from server (Forbidden): error when creating "examples/admin/resource/quota-mem-cpu-pod-2.yaml": +pods "quota-mem-cpu-demo-2" is forbidden: exceeded quota: mem-cpu-demo, +requested: requests.memory=700Mi,used: requests.memory=600Mi, limited: requests.memory=1Gi +``` + +## 总结 + +在本文的例子中,您可以使用 `ResourceQuota` 来限定名称空间中所有容器的内存请求(request)之和不超过指定的配额。同时也可以设置内存限定(limit)、CPU请求(request)、CPU限定(limit)的资源配额。 + +如果需要限定单个Pod、容器的资源使用情况,请参考 [LimitRange](./lr.html) + +## 清理 + +删除名称空间可清理本文所创建的所有内容: +```sh +kubectl delete namespace quota-mem-cpu-example +``` diff --git a/learning/k8s-advanced/policy/rq_example_obj.md b/learning/k8s-advanced/policy/rq_example_obj.md new file mode 100644 index 0000000..0e87d7c --- /dev/null +++ b/learning/k8s-advanced/policy/rq_example_obj.md @@ -0,0 +1,93 @@ +--- +vssueId: 144 +layout: LearningLayout +description: Kubernetes教程_当多个用户或团队共享一个节点数量有限的集群时_如何在多个用户或团队之间分配集群的资源就会变得非常重要_Resource_quota的用途便在于此_本文通过实例讲解了如何为名称空间配置CPU和内存的资源配额 +meta: + - name: keywords + content: K8S 教程,Resource Quota,ResourceQuota +--- + +# Pod数量限额 + + + +> 参考文档:[Configure a Pod Quota for a Namespace](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace/) + +本文通过实例演示了如何通过ResourceQuota为名称空间配置最多可以运行多少个Pod。演示的步骤如下: + +[[TOC]] + + + +## 创建名称空间 + +为本次演示创建名称空间: +``` sh +kubectl create namespace quota-pod-example +``` + +## 创建ResourceQuota + +为本次演示创建 ResourceQuota 对象,yaml文件如下所示: + +<<< @/.vuepress/public/statics/learning/policy/rq-pod-quota.yaml {7} + +执行命令创建该 ResourceQuota +``` sh +kubectl apply -f https://kuboard.cn/statics/learning/policy/rq-pod-quota.yaml --namespace=quota-pod-example +``` + +执行如下命令查看已创建的 ResourceQuota +``` sh +kubectl get resourcequota pod-demo --namespace=quota-pod-example --output=yaml +``` + +输出结果中显示了该名称空间的配额限定了只能创建两个 Pod,当前没有任何 Pod 被创建: +``` yaml {3,6,8} +spec: + hard: + pods: "2" +status: + hard: + pods: "2" + used: + pods: "0" +``` + +## 创建Pod + +创建如下 Deployment + +<<< @/.vuepress/public/statics/learning/policy/rq-pod-deployment.yaml + +该 Deployment 的副本数为 3 `replicas: 3`,执行命令以创建该 Deployment: +``` sh +kubectl apply -f https://kuboard.cn/statics/learning/policy/rq-pod-deployment.yaml --namespace=quota-pod-example +``` + +执行命令以查看 Deployment 的详细信息 +``` sh +kubectl get deployment pod-quota-demo --namespace=quota-pod-example --output=yaml +``` + +尽管 Deployment 期望的副本数是 3,但是由于名称空间通过 ResourceQuota 限定了最大的 Pod 数量,因此,最终只有两个 Pod 被创建成功。输出结果如下所示: + +``` yaml {3,6,9} +spec: + ... + replicas: 3 +... +status: + availableReplicas: 2 +... +lastUpdateTime: 2017-07-07T20:57:05Z + message: 'unable to create pods: pods "pod-quota-demo-1650323038-" is forbidden: + exceeded quota: pod-demo, requested: pods=1, used: pods=2, limited: pods=2' +``` + +## 清理 + +删除名称空间可清理本次演示创建的对象: +``` sh +kubectl delete namespace quota-pod-example +``` diff --git a/learning/k8s-advanced/policy/rq_types.md b/learning/k8s-advanced/policy/rq_types.md index 641831c..b2d8be9 100644 --- a/learning/k8s-advanced/policy/rq_types.md +++ b/learning/k8s-advanced/policy/rq_types.md @@ -25,10 +25,12 @@ meta: | 资源名称 | 描述 | | --------------- | ------------------------------------------------------------ | -| limits.cpu | 名称空间中,所有非终止状态(non-terminal)的 Pod 的 CPU限制`resources.limits.cpu`之和不能超过此值 | -| limits.memory | 名称空间中,所有非终止状态(non-terminal)的 Pod 的内存限制`resources.limits.memory`之和不能超过此值 | -| requests.cpu | 名称空间中,所有非终止状态(non-terminal)的 Pod 的 CPU请求`resources.requrest.cpu`之和不能超过此值 | -| requests.memory | 名称空间中,所有非终止状态(non-terminal)的 Pod 的 CPU请求 `resources.requests.memory`之和不能超过此值 | +| limits.cpu | 名称空间中,所有非终止状态(non-terminal)的 Pod 的 CPU限制 `resources.limits.cpu` 之和不能超过此值 | +| limits.memory | 名称空间中,所有非终止状态(non-terminal)的 Pod 的内存限制 `resources.limits.memory` 之和不能超过此值 | +| requests.cpu | 名称空间中,所有非终止状态(non-terminal)的 Pod 的 CPU请求 `resources.requrest.cpu` 之和不能超过此值 | +| requests.memory | 名称空间中,所有非终止状态(non-terminal)的 Pod 的 CPU请求 `resources.requests.memory` 之和不能超过此值 | + +具体案例请参考: [CPU/内存资源限额](./rq_example_cpu_mem.html) diff --git a/support/change-log/change-log-on-the-way.md b/support/change-log/change-log-on-the-way.md index b4e928b..86e4077 100644 --- a/support/change-log/change-log-on-the-way.md +++ b/support/change-log/change-log-on-the-way.md @@ -17,7 +17,8 @@ Kuboard v1.0.x 的更新说明 * 工作负载编辑器 --> Ingress --> 注解被错误写成标签了 - +* 表单校验:数据卷名不能带小数点 +* Kubernetes 体验的安装文档需要优化。 * 点击空白处,不关闭对话框 * Prometheus 监控 * 工作负载编辑器 --> 容器组 --> 容忍 -- 正在开发