Container 的 Max Limit/Requests Ratio (5 和 4)限制了 Pod 中所有容器的 Limits 值与 Requests 值的比例上限;
1 2 3 4 5
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- .............. Container cpu 100m 2 200m 300m 5 Container memory 3Mi 1Gi 100Mi 200Mi 4
Pod 的 Min(200m 和 6Mi)是 Pod 中所有容器的 Requests 值的 总和 下限;
Pod 的 Max(4 和 2Gi)是 Pod 中所有容器的 Limits 值的 总和 上限。
Pod 的 Max Limit/Requests Ratio (3 和 2)限制了 Pod 中所有容器的 Limits 值总和与 Requests 值总和的比例上限。
1 2 3 4 5
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Pod cpu 200m 4 - - 3 Pod memory 6Mi 2Gi - - 2 ........
对于任意一个 Pod 而言,该 Pod 中所有容器的 Requests 总和必须大于或等于 6MiB,而且所有容器的 Limits 总和必须小于或等于 1GiB;同样,所有容器的 CPU Requests 总和必须大于或等于 200m,而且所有容器的 CPU Limits 总和必须小于或等于 2。
Pod 里任何容器的 Limits 与 Requests 的比例都不能超过 Container 的 Max Limit/Requests Ratio
Pod 里所有容器的 Limits 总和与 Requests 的总和的比例不能超过 Pod 的 Max Limit/Requests Ratio
准入检查 Demo
当前的 LimitRange 定义为:
1 2 3 4 5 6
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Pod cpu 200m 4 - - 3 Pod memory 6Mi 2Gi - - 2 Container cpu 100m 2 200m 300m 5 Container memory 3Mi 1Gi 100Mi 200Mi 4
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl apply -f pod-demo-limitrange.yaml -n limitrange-example The Pod "pod-demo" is invalid: spec.containers[0].resources.requests: Invalid value: "500m": must be less than or equal to cpu limit
新 Pod 会被成功调度,但是这里需要注意的是, requests 和 limits 要符合 Limitrange 中 容器的MAX,MIN配置
1 2 3 4 5 6 7
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl apply -f pod-demo-limitrange.yaml -n limitrange-example pod/pod-demo created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl get pods -n limitrange-example NAME READY STATUS RESTARTS AGE pod-demo 1/1 Running 0 11s
Max 限制 ,当 Limits 大于 Max 值时,Pod 不会创建成功, 我的定义如下一个 LimiRanga 的资源对象
1 2 3 4 5 6 7 8 9 10
┌──[root@vms81.liruilongs.github.io]-[/] └─$kubectl describe limitranges -n limitrange-example mylimits Name: mylimits Namespace: limitrange-example Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Container cpu 100m 2 2 2 - Container memory 3Mi 1Gi 1Gi 1Gi - ┌──[root@vms81.liruilongs.github.io]-[/] └─$
┌──[root@vms81.liruilongs.github.io]-[/] └─$kubectl apply -f pod1.yaml -n limitrange-example Error from server (Forbidden): error when creating "pod1.yaml": pods "pod-demo" is forbidden: maximum cpu usage per Container is 2, but limit is 3
** Max Limit/Request Ratio 限制** ,当 Limit/Request 的比值 超过 Max Limit/Request Ratio 时调度失败
┌──[root@vms81.liruilongs.github.io]-[/] └─$kubectl apply -f pod1.yaml -n limitrange-example Error from server (Forbidden): error when creating "pod1.yaml": pods "pod-demo" is forbidden: [minimum memory usage per Pod is 6Mi. No request is specified, maximum memory usage per Pod is 2Gi. No limit is specified, cpu max limit to request ratio per Pod is 3, but provided ratio is 4.000000, memory max limit to request ratio per Pod is 2, but no request is specified or request is 0] ┌──[root@vms81.liruilongs.github.io]-[/] └─$
可以看到提示准入规则校验失败。相差了 4 倍不符合要求
Pod 的 Limits 和 Requests 限制,当设置了 Pod 的 Max 和 Min 、Max Limit/Request Ratio 时,如果没有定义对应的 Limits 和 Requests ,则创建失败.
还使用之前的 Limitrange,
1 2 3 4 5
Namespace: limitrange-example Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Pod cpu 200m 4 - - 3 Pod memory 6Mi 2Gi - - 2
Limitrange 中定义了 Max 所以必须要设置 Limit ,设置了 Min ,需要设置 Request。
1 2 3
┌──[root@vms81.liruilongs.github.io]-[/] └─$kubectl apply -f pod1.yaml -n limitrange-example Error from server (Forbidden): error when creating "pod1.yaml": pods "pod-demo" is forbidden: [minimum memory usage per Pod is 6Mi. No request is specified, maximum memory usage per Pod is 2Gi. No limit is specified, memory max limit to request ratio per Pod is 2, but no request is specified or request is 0]
创建失败 ,提示,没有内存相关的资源限制定义
资源约束 Demo
为命名空间配置 CPU 最小和最大约束
1 2 3 4 5 6 7 8
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl create namespace constraints-cpu-example namespace/constraints-cpu-example created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$vim cpu-constraints.yaml ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl apply -f cpu-constraints.yaml -n constraints-cpu-example limitrange/cpu-min-max-demo-lr created
输出结果显示 CPU 的最小和最大限制符合预期。但需要注意的是,尽管你在 LimitRange 的配置文件中你没有声明默认值,默认值也会被自动创建。默人资源限制为 limits 和 requests 都是 max 的值
1 2 3 4 5 6 7 8 9
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl describe limitrange cpu-min-max-demo-lr -n constraints-cpu-example Name: cpu-min-max-demo-lr Namespace: constraints-cpu-example Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Container cpu 200m 800m 800m 800m - ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$
创建一个不定义 资源限制 pod
1 2 3 4 5 6 7 8
┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl run pod-demo-limitrange --image=nginx --image-pull-policy=IfNotPresent -n constraints-cpu-e xample pod/pod-demo-limitrange created ┌──[root@vms81.liruilongs.github.io]-[~/ansible/k8s-pod-create] └─$kubectl get pods -n constraints-cpu-example NAME READY STATUS RESTARTS AGE pod-demo-limitrange 1/1 Running 0 30s
可以看到使用了默认值,当前 pod 的 limits 值为 800m,requests 值为 800m,即最少为 800m pod 才能被调度,超过 800m 。pod 被 kill