虽然使用Kubernetes v1.16.8时,默认情况下都启用了ResourceQuota和LimitRanger,而我不必在kube-apiserver的允许插件中添加它们。就我而言,我使用以下LimitRanger
apiVersion: v1
items:
- apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
namespace: test
spec:
limits:
- default:
memory: 512Mi
defaultRequest:
memory: 256Mi
type: Container
并且它按预期在新的Pod中添加了默认的内存使用限制,没有指定的限制。Pod的定义尽可能简单:
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- name: test-pod-ctr
image: redis
当我得到描述的已创建吊舱时,它已从LimitRanger获得了极限值。一切都很好!
当我尝试对名称空间强制执行resourcequota时,会发生问题。ResourceQuota看起来像这样:
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
spec:
hard:
limits.cpu: "2"
limits.memory: 2Gi
当我删除并重新创建广告连播时不会被创建。resourcequota将导致以下错误:
来自服务器的错误(禁止):创建“ test-pod.yml”时出错:荚“ test-pod”被禁止:配额失败:mem-cpu-demo:必须指定limits.cpu
换句话说,资源配额在LimitRanger之前应用,因此不允许我创建没有指定限制的Pod。
是否有一种方法可以先执行LimitRanger,然后再强制ResourceQuota?如何将它们应用于名称空间?
我希望开发人员在pod定义中不指定限制,以便能够在执行资源配额的同时获取默认值。
TL; DR:
根据ResourceQuota Docs,您没有为CPU设置默认限制:
在[cpu和内存等计算资源的名称空间中,如果启用了配额,用户必须指定请求或限制这些值; 否则,配额系统可能拒绝创建窗格]。
添加cpu-limit.yaml
:
apiVersion: v1 kind: LimitRange metadata: name: cpu-limit-range namespace: test spec: limits: - default: cpu: 1 defaultRequest: cpu: 0.5 type: Container
namespace: test
行,这对于将资源分配给正确的名称空间很重要。复制:
$ kubectl create namespace test
namespace/test created
$ cat mem-limit.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
namespace: test
spec:
limits:
- default:
memory: 512Mi
defaultRequest:
memory: 256Mi
type: Container
$ cat quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
namespace: test
spec:
hard:
limits.cpu: "2"
limits.memory: 2Gi
$ kubectl apply -f mem-limit.yaml
limitrange/mem-limit-range created
$ kubectl apply -f quota.yaml
resourcequota/mem-cpu-demo created
$ kubectl describe resourcequota -n test
Name: mem-cpu-demo
Namespace: test
Resource Used Hard
-------- ---- ----
limits.cpu 0 2
limits.memory 0 2Gi
$ kubectl describe limits -n test
Name: mem-limit-range
Namespace: test
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container memory - - 256Mi 512Mi -
$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-pod
namespace: test
spec:
containers:
- name: test-pod-ctr
image: redis
$ kubectl apply -f pod.yaml
Error from server (Forbidden): error when creating "pod.yaml": pods "test-pod" is forbidden: failed quota: mem-cpu-demo: must specify limits.cpu
$ cat cpu-limit.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-limit-range
namespace: test
spec:
limits:
- default:
cpu: 1
defaultRequest:
cpu: 0.5
type: Container
$ kaf cpu-limit.yaml
limitrange/cpu-limit-range created
$ kubectl describe limits cpu-limit-range -n test
Name: cpu-limit-range
Namespace: test
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu - - 500m 1 -
$ kubectl apply -f pod.yaml
pod/test-pod created
$ kubectl describe pod test-pod -n test
Name: test-pod
Namespace: test
Status: Running
...{{Suppressed output}}...
Limits:
cpu: 1
memory: 512Mi
Requests:
cpu: 500m
memory: 256Mi
如果有任何问题,请在评论中让我知道。