From fc26e5438ac217e76eae2c2cf465de364fabd204 Mon Sep 17 00:00:00 2001
From: "huanqing.shao" <shaohq@foxmail.com>
Date: Sun, 20 Oct 2019 23:33:25 +0800
Subject: [PATCH] ResourceQuota Scope

---
 .vuepress/config.js                           |   1 +
 .../policy/rq-scope-high-priority-pod.yaml    |  18 +++
 .../learning/policy/rq-scope-quota.yaml       |  45 ++++++
 learning/k8s-advanced/policy/lr.md            |   2 +-
 learning/k8s-advanced/policy/lr_container.md  |   2 +-
 learning/k8s-advanced/policy/lr_pod.md        |   2 +-
 learning/k8s-advanced/policy/lr_ratio.md      |   2 +-
 learning/k8s-advanced/policy/lr_storage.md    |   2 +-
 learning/k8s-advanced/policy/rq.md            |   2 +-
 learning/k8s-advanced/policy/rq_scope.md      | 151 ++++++++++++++++++
 learning/k8s-advanced/policy/rq_types.md      |   2 +-
 11 files changed, 222 insertions(+), 7 deletions(-)
 create mode 100644 .vuepress/public/statics/learning/policy/rq-scope-high-priority-pod.yaml
 create mode 100644 .vuepress/public/statics/learning/policy/rq-scope-quota.yaml
 create mode 100644 learning/k8s-advanced/policy/rq_scope.md

diff --git a/.vuepress/config.js b/.vuepress/config.js
index 740a95e..437bb39 100644
--- a/.vuepress/config.js
+++ b/.vuepress/config.js
@@ -491,6 +491,7 @@ module.exports = {
                   children: [
                     'k8s-advanced/policy/rq',
                     'k8s-advanced/policy/rq_types',
+                    'k8s-advanced/policy/rq_scope',
                   ]
                 },
               ]
diff --git a/.vuepress/public/statics/learning/policy/rq-scope-high-priority-pod.yaml b/.vuepress/public/statics/learning/policy/rq-scope-high-priority-pod.yaml
new file mode 100644
index 0000000..b2731ad
--- /dev/null
+++ b/.vuepress/public/statics/learning/policy/rq-scope-high-priority-pod.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: high-priority
+spec:
+  containers:
+  - name: high-priority
+    image: ubuntu
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo hello; sleep 10;done"]
+    resources:
+      requests:
+        memory: "10Gi"
+        cpu: "500m"
+      limits:
+        memory: "10Gi"
+        cpu: "500m"
+  priorityClassName: high
diff --git a/.vuepress/public/statics/learning/policy/rq-scope-quota.yaml b/.vuepress/public/statics/learning/policy/rq-scope-quota.yaml
new file mode 100644
index 0000000..83bff90
--- /dev/null
+++ b/.vuepress/public/statics/learning/policy/rq-scope-quota.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: List
+items:
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pods-high
+  spec:
+    hard:
+      cpu: "1000"
+      memory: 200Gi
+      pods: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator : In
+        scopeName: PriorityClass
+        values: ["high"]
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pods-medium
+  spec:
+    hard:
+      cpu: "10"
+      memory: 20Gi
+      pods: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator : In
+        scopeName: PriorityClass
+        values: ["medium"]
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pods-low
+  spec:
+    hard:
+      cpu: "5"
+      memory: 10Gi
+      pods: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator : In
+        scopeName: PriorityClass
+        values: ["low"]
diff --git a/learning/k8s-advanced/policy/lr.md b/learning/k8s-advanced/policy/lr.md
index b817897..be27c44 100644
--- a/learning/k8s-advanced/policy/lr.md
+++ b/learning/k8s-advanced/policy/lr.md
@@ -5,7 +5,7 @@ layout: LearningLayout
 description: Kubernetes教程_默认情况下_容器在 Kubernetes 集群上运行时_不受计算资源的限制_使用Resourcequota集群管理员可以针对名称空间限定资源的使用情况
 meta:
   - name: keywords
-    content: Kubernetes
+    content: Kubernetes教程, LimitRange, Kubernetes Limit Range
 ---
 
 # 概述
diff --git a/learning/k8s-advanced/policy/lr_container.md b/learning/k8s-advanced/policy/lr_container.md
index a5760f0..f8dda01 100644
--- a/learning/k8s-advanced/policy/lr_container.md
+++ b/learning/k8s-advanced/policy/lr_container.md
@@ -4,7 +4,7 @@ layout: LearningLayout
 description: Kubernetes教程_本文讨论了如何在容器级别创建 LimitRange。假设有一个 Pod 包含 4个容器，每个容器都定义了 spec.resource，此时 LimitRanger 管理控制器在处理该 Pod 中的 4个容器是，处理方式是不一样的。
 meta:
   - name: keywords
-    content: Kubernetes
+    content: Kubernetes教程, LimitRange, Kubernetes Limit Range
 ---
 
 # 限定容器的计算资源
diff --git a/learning/k8s-advanced/policy/lr_pod.md b/learning/k8s-advanced/policy/lr_pod.md
index 6bc3089..79e53c1 100644
--- a/learning/k8s-advanced/policy/lr_pod.md
+++ b/learning/k8s-advanced/policy/lr_pod.md
@@ -4,7 +4,7 @@ layout: LearningLayout
 description: Kubernetes教程_本文讨论了如何使用LimitRange_在Pod级别限定资源的使用_下面是一个用于限定Pod资源使用的LimitRange对象。
 meta:
   - name: keywords
-    content: Kubernetes
+    content: Kubernetes教程, LimitRange, Kubernetes Limit Range
 ---
 
 # 限定Pod的计算资源
diff --git a/learning/k8s-advanced/policy/lr_ratio.md b/learning/k8s-advanced/policy/lr_ratio.md
index 3d399e0..3429ed2 100644
--- a/learning/k8s-advanced/policy/lr_ratio.md
+++ b/learning/k8s-advanced/policy/lr_ratio.md
@@ -4,7 +4,7 @@ layout: LearningLayout
 description: Kubernetes教程_本文讨论了如何使用LimitRange在名称空间中限制Limits/Requests的比例_如果指定了LimitRange对象的spec.limits.maxLimitRequestRatio字段_名称空间中的Pod/容器的request和limit都不能为0_且limit除以request的结果必须小于或等于LimitRange的spec.limits.maxLimitRequestRatio
 meta:
   - name: keywords
-    content: Kubernetes
+    content: Kubernetes教程, LimitRange, Kubernetes Limit Range
 ---
 
 # 限定 Limit/Request 比例
diff --git a/learning/k8s-advanced/policy/lr_storage.md b/learning/k8s-advanced/policy/lr_storage.md
index 63024d1..0c5ee71 100644
--- a/learning/k8s-advanced/policy/lr_storage.md
+++ b/learning/k8s-advanced/policy/lr_storage.md
@@ -4,7 +4,7 @@ layout: LearningLayout
 description: Kubernetes教程_本文讨论了如何使用LimitRange_名称空间中限制存储资源的使用_通过LimitRange对象_集群管理员可以限定名称空间中每个PersistentVolumeClaim存储卷声明可以使用的最小最大存储空间
 meta:
   - name: keywords
-    content: Kubernetes
+    content: Kubernetes教程, LimitRange, Kubernetes Limit Range
 ---
 
 # 限定存储资源
diff --git a/learning/k8s-advanced/policy/rq.md b/learning/k8s-advanced/policy/rq.md
index 3d8f281..4a04146 100644
--- a/learning/k8s-advanced/policy/rq.md
+++ b/learning/k8s-advanced/policy/rq.md
@@ -4,7 +4,7 @@ layout: LearningLayout
 description: Kubernetes教程_当多个用户或团队共享一个节点数量有限的集群时_如何在多个用户或团队之间分配集群的资源就会变得非常重要_Resource_quota的用途便在于此
 meta:
   - name: keywords
-    content: Kubernetes
+    content: Kubernetes 教程,Resource Quota,ResourceQuota
 ---
 
 # 概述
diff --git a/learning/k8s-advanced/policy/rq_scope.md b/learning/k8s-advanced/policy/rq_scope.md
new file mode 100644
index 0000000..f4241ab
--- /dev/null
+++ b/learning/k8s-advanced/policy/rq_scope.md
@@ -0,0 +1,151 @@
+---
+vssueId: 144
+layout: LearningLayout
+description: Kubernetes教程_当多个用户或团队共享一个节点数量有限的集群时_如何在多个用户或团队之间分配集群的资源就会变得非常重要_Resource_quota的用途便在于此_本文探索了可以通过ResourceQuota限定名称空间资源配额时的作用域
+meta:
+  - name: keywords
+    content: K8S 教程,Resource Quota,ResourceQuota
+---
+
+# 作用域
+
+## 按Scope设定ResourceQuota
+
+<AdSenseTitle >
+
+> 参考文档：[Resource Quota](https://kubernetes.io/docs/concepts/policy/resource-quotas/)
+
+当多个用户（团队）共享一个节点数量有限的集群时，如何在多个用户（团队）之间分配集群的资源就会变得非常重要。Resource quota 的用途便在于此。本文主要探索通过 ResourceQuota 限定名称空间资源配额时的作用域。
+
+每个 ResourceQuota 对象都可以绑定一组作用域，当 Kubernetes 对象与此 ResourceQuota 的作用域匹配（在作用域中）时，ResourceQuota 的限定才对该对象生效。
+
+</AdSenseTitle>
+
+
+
+| Scope（作用域） | 描述                                                         |
+| --------------- | ------------------------------------------------------------ |
+| Terminating     | 包含所有 `.spec.activeDeadlineSeconds >= 0 ` 的 Pod          |
+| NotTerminating  | 包含所有 `.spec.activeDeadlineSeconds is nil` 的Pod          |
+| BestEffort      | 包含所有服务等级（quality of service）为 BestEffort 的 Pod   |
+| NotBestEffort   | 包含所有服务等级（quality of service）为 NotBestEffort 的 Pod |
+
+* 带有 `BestEffort` 作用域的 ResourceQuota 关注点为: `Pod`
+* 带有 `Terminating`、` NotTerminating`、 `NotBestEffort` 的作用域关注点为：
+  * `cpu`
+  * `limits.cpu`
+  * `limits.memory`
+  * `memory`
+  * `pods`
+  * `requests.cpu`
+  * `requests.memory`
+
+## 按PriorityClass设定ResourceQuota
+
+**FEATURE STATE** `Kubernetes 1.12` <Badge type="warning">beta</Badge>
+
+创建 Pod 时，可以指定 [priority](https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#pod-priority)。使用 ResourceQuota 的 `.spec.scopeSelector` 字段将 ResourceQuota 和 Pod 的 priority 关联，进而限定 Pod 的资源消耗。
+
+<!--FIXME -->
+
+只有当 ResourceQuota 的 `.spec.scopeSelector` 字段与 Pod 的 priorty 字段匹配时，ResourceQuota 才生效。
+
+下面的例子创建了一个通过 priority 限定特定 Pod 的 ResourceQuota 对象，该例子的工作方式如下：
+* 假设集群中的 Pod 可以被指定三种 priority class： `low`、`medium`、`high`
+* 集群中为每个 Priority 都创建了一个 ResourceQuota 对象
+
+定义 ResourceQuota 对象的文件如下所示：
+
+<<< @/.vuepress/public/statics/learning/policy/rq-scope-quota.yaml
+
+执行命令以创建 ResourceQuota：
+``` sh
+kubectl create -f https://kuboard.cn/statics/learning/policy/rq-scope-quota.yaml
+```
+输出结果如下所示
+```
+resourcequota/pods-high created
+resourcequota/pods-medium created
+resourcequota/pods-low created
+```
+执行如下命令验证 quota 的使用为 `0`：
+```sh
+kubectl describe quota
+```
+输出结果如下所示：
+```
+Name:       pods-high
+Namespace:  default
+Resource    Used  Hard
+--------    ----  ----
+cpu         0     1k
+memory      0     200Gi
+pods        0     10
+
+
+Name:       pods-low
+Namespace:  default
+Resource    Used  Hard
+--------    ----  ----
+cpu         0     5
+memory      0     10Gi
+pods        0     10
+
+
+Name:       pods-medium
+Namespace:  default
+Resource    Used  Hard
+--------    ----  ----
+cpu         0     10
+memory      0     20Gi
+pods        0     10
+```
+创建 “high” priority Pod，YAML 文件如下所示：
+
+<<< @/.vuepress/public/statics/learning/policy/rq-scope-high-priority-pod.yaml
+
+执行命令以创建
+```sh
+kubectl create -f https://kuboard.cn/statics/learning/policy/rq-scope-high-priority-pod.yaml
+```
+
+验证 "high" priority 对应的 ResourceQuota `pods-high` 的 `Used` 统计结果，可以发现 `pods-heigh` 的配额已经被使用，而其他两个的配额则没有被使用。
+
+执行命令
+``` sh
+kubectl describe quota
+```
+输出结果如下所示：
+```
+Name:       pods-high
+Namespace:  default
+Resource    Used  Hard
+--------    ----  ----
+cpu         500m  1k
+memory      10Gi  200Gi
+pods        1     10
+
+
+Name:       pods-low
+Namespace:  default
+Resource    Used  Hard
+--------    ----  ----
+cpu         0     5
+memory      0     10Gi
+pods        0     10
+
+
+Name:       pods-medium
+Namespace:  default
+Resource    Used  Hard
+--------    ----  ----
+cpu         0     10
+memory      0     20Gi
+pods        0     10
+```
+
+`scopeSelector.matchExpressions.operator` 字段中，可以使用如下几种取值：
+* In
+* NotIn
+* Exist
+* DoesNotExist
diff --git a/learning/k8s-advanced/policy/rq_types.md b/learning/k8s-advanced/policy/rq_types.md
index 30ec0ed..641831c 100644
--- a/learning/k8s-advanced/policy/rq_types.md
+++ b/learning/k8s-advanced/policy/rq_types.md
@@ -4,7 +4,7 @@ layout: LearningLayout
 description: Kubernetes教程_当多个用户或团队共享一个节点数量有限的集群时_如何在多个用户或团队之间分配集群的资源就会变得非常重要_Resource_quota的用途便在于此_本文探索了可以通过ResourceQuota限定的资源类型。
 meta:
   - name: keywords
-    content: Kubernetes
+    content: K8S 教程,Resource Quota,ResourceQuota
 ---
 
 # 资源类型