验证[Kubernetes] LimitRange的操作2
首先
上次我们确认了在容器中的LimitRange的操作。这次我想要确认在Pod和PVC中的操作。
我已经在前面提到过,LimitRange的设置选项与Container/Pod/PVC的对应关系如下。
設定項目概要ContainerPodPVCmax最大リソースレレレmin最小リソースレレレdefaultdefaultのLimitsレ
defaultRequestdefaultのRequestsレ
maxLimitRequestRatioLimits / Requestsの割合レレ
播客
首先从Pod开始确认。
最大/ 最小
我会创建以下清单的限制范围。
apiVersion: v1
kind: LimitRange
metadata:
name: limit-range-max-min-pod
namespace: stg
spec:
limits:
- max:
cpu: "500m"
min:
cpu: "200m"
type: Pod
$ kubectl apply -f limitrange-max_min-pod.yaml
limitrange/limit-range-max-min-pod created
$ kubectl -n stg describe limitranges
Name: limit-range-max-min-pod
Namespace: stg
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Pod cpu 200m 500m - - -
当在Container中设置Max/Min时,默认请求/默认限制也会自动设置,但是在Pod的情况下没有进行设置。
这个Max/Min值是指在该Pod中的所有Container的Max/Min值。因此,在Pod中有多个Container时需要注意。
我们将部署以下的Pod并进行确认。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-redis1
namespace: stg
spec:
replicas: 2
selector:
matchLabels:
app: app1
template:
metadata:
labels:
app: app1
spec:
containers:
- name: nginx
image: nginx:latest
resources:
requests:
cpu: 100m
limits:
cpu: 200m
- name: redis
image: redis:latest
resources:
requests:
cpu: 100m
limits:
cpu: 300m
$ kubectl apply -f nginx_redis1.yaml
deployment.apps/nginx-redis1 created
$ kubectl -n stg get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-redis1-cd7f9697d-4csm2 2/2 Running 0 18s 192.168.79.85 k8s-worker01 <none> <none>
nginx-redis1-cd7f9697d-jwbqh 2/2 Running 0 18s 192.168.69.238 k8s-worker02 <none> <none>
部署成功了。
将此 Pod 的配置值绘制成图表后,如下所示。
将Container中的requests总和设置为LimitRange中的min以上,并将limits总和设置为max以下。
如果不设置Requests或不满足以上条件,则Pod的部署将失败。另外,如果只指定limits,则requests将被设置为与limits相同的值。
- Requests/Limitsを設定しない場合
$ kubectl -n stg describe replicasets.apps
Name: nginx-redis1-d856469b4
Namespace: stg
・・・
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 43s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-48f89" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 43s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-rzzh7" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 43s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-n2nt2" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 43s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-gvsqr" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 43s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-94cjr" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 43s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-6g2w4" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 42s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-67kbk" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 42s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-455gx" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 41s replicaset-controller Error creating: pods "nginx-redis1-d856469b4-fz9xz" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
Warning FailedCreate 2s (x5 over 40s) replicaset-controller (combined from similar events): Error creating: pods "nginx-redis1-d856469b4-gmbsz" is forbidden: [minimum cpu usage per Pod is 200m. No request is specified, maximum cpu usage per Pod is 500m. No limit is specified]
- Limitsの合計がLimitRangeのmaxを超える場合
$ kubectl -n stg describe replicasets.apps nginx-redis1-74d95f5b7d
Name: nginx-redis1-74d95f5b7d
Namespace: stg
・・・
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedCreate 22s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-4md4c" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 22s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-w4c4z" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 22s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-27g5j" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 22s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-7sxdz" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 22s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-hvz9d" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 21s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-jj45j" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 21s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-n658t" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 21s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-9rz4l" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 20s replicaset-controller Error creating: pods "nginx-redis1-74d95f5b7d-8mm77" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
Warning FailedCreate 1s (x4 over 19s) replicaset-controller (combined from similar events): Error creating: pods "nginx-redis1-74d95f5b7d-gl5jq" is forbidden: maximum cpu usage per Pod is 500m, but limit is 700m
最大限制请求比率
接下来我们将验证maxLimitRequestRatio的运行情况。
我将创建以下的限制范围。
apiVersion: v1
kind: LimitRange
metadata:
name: limitlange-ratio-pod
namespace: prd
spec:
limits:
- maxLimitRequestRatio:
cpu: 2
type: Pod
$ kubectl apply -f limitrange-ratio-pod.yaml
limitrange/limitlange-ratio-pod created
$ kubectl -n prd describe limitranges
Name: limitlange-ratio-pod
Namespace: prd
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Pod cpu - - - - 2
我将部署并确认Pod。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-redis2
namespace: prd
spec:
replicas: 2
selector:
matchLabels:
app: app1
template:
metadata:
labels:
app: app1
spec:
containers:
- name: nginx
image: nginx:latest
resources:
requests:
cpu: 100m
limits:
cpu: 100m
- name: redis
image: redis:latest
resources:
requests:
cpu: 100m
limits:
cpu: 300m
$ kubectl apply -f nginx_redis2.yaml
deployment.apps/nginx-redis2 created
$ kubectl -n prd get pod
NAME READY STATUS RESTARTS AGE
nginx-redis2-6547498d-2xkbk 2/2 Running 0 15s
nginx-redis2-6547498d-dwwdw 2/2 Running 0 15s
将maxLimitRequestRatio设置为“2″。
观察每个容器的设置值,nginx的Limit/Request为“1”,而redis为“3”。maxLimitRequestRatio与max/min一样,判断标准不是每个容器,而是所包含的所有容器的总值。
总和为Limit/Request为“2”,所以是符合条件的。
聚氯乙烯
我希望最后确认一下PVC操作时的情况。
在PVC时,只能指定最大/最小值。
创建下面的LimitRange。
apiVersion: v1
kind: LimitRange
metadata:
name: limit-range-pvc
namespace: stg
spec:
limits:
- max:
storage: 100Mi
min:
storage: 50Mi
type: PersistentVolumeClaim
$ kubectl apply -f limitrange-pvc.yaml
limitrange/limit-range-pvc created
$ kubectl describe -n stg limitranges
Name: limit-range-pvc
Namespace: stg
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
PersistentVolumeClaim storage 50Mi 100Mi - - -
为了确认PVC的操作,创建一个StorageClass。
请查看有关StorageClass和DynamicProvisioning的详细信息。
确认[Kubernetes]动态供应的运作
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: zfs-sc
namespace: stg
provisioner: gentics.com/zfs
reclaimPolicy: Retain
$ kubectl apply -f storageclass.yml
storageclass.storage.k8s.io/zfs-sc created
$ kubectl get storageclasses
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
zfs-sc gentics.com/zfs Retain Immediate false 16s
创建PVC并验证LimitRange的功能。
apiVersion: v1
metadata:
name: example-pvc
namespace: stg
annotations:
volume.beta.kubernetes.io/storage-class: "zfs-sc"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
$ kubectl apply -f pvc.yaml
persistentvolumeclaim/example-pvc created
$ kubectl -n stg get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
example-pvc Bound pvc-a4b904b0-84bc-4bb8-b481-d7c1c13174da 100Mi RWX zfs-sc 3m22s
$ kubectl -n stg get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-a4b904b0-84bc-4bb8-b481-d7c1c13174da 100Mi RWX Retain Bound stg/example-pvc zfs-sc 15s
PVC和PV已经创建好了吧。
如果指定的值超过了Max/Min的范围,或者小于Min的值,将会发生以下错误。
$ kubectl apply -f pvc.yaml
Error from server (Forbidden): error when creating "pvc.yaml": persistentvolumeclaims "example-pvc" is forbidden: maximum storage usage per PersistentVolumeClaim is 100Mi, but request is 110Mi
$ kubectl apply -f pvc.yaml
Error from server (Forbidden): error when creating "pvc.yaml": persistentvolumeclaims "example-pvc" is forbidden: minimum storage usage per PersistentVolumeClaim is 50Mi, but request is 10Mi
总结
我已经在本次和上次中确认了LimitRange的操作。
如果不设置容器的资源限制,它会尽可能地使用CPU和内存资源,所以我们希望能够根据环境和系统适当地设置LimitRange。另外,使用DynamicProvisioning可以轻松创建存储(PV),所以我们也希望能够为PVC设置LimitRange。
