Kubernetes resource management

This is the 9th day of my participation in the November Gwen Challenge. Check out the event details: The last Gwen Challenge 2021.

Kubernetes resource management

We can specify resource configurations for pods through Requests and limits, but it’s a bit cumbersome to specify resource configurations for each Pod. We can use LimitRange to specify a global default configuration. In addition, with the ResourceQuota object, we can define resource quotas, which can provide an overall limit on resource usage for each namespace: it can limit the total number of objects of a certain type in the namespace, and it can set a total limit on computing resources that can be used by pods in the namespace.

LimitRange

Create a namespace before using LimitRange:

apiVersion: v1
kind: Namespace
metadata:
  name: test-resource
Copy the code

Then define the LimitRange configuration (limit-range.yml) :

apiVersion: v1
kind: LimitRange
metadata:
  name: limit-range-example
spec:
  limits:
    - max:
        cpu: 2
        memory: 2Gi
      min:
        cpu: 200m
        memory: 6Mi
      maxLimitRequestRatio:
        cpu: 3
        memory: 2
      type: Pod
    - default:
        cpu: 300m
        memory: 200Mi
      defaultRequest:
        cpu: 200m
        memory: 100Mi
      max:
        cpu: 2
        memory: 1Gi
      min:
        cpu: 100m
        memory: 3Mi
      maxLimitRequestRatio:
        cpu: 5
        memory: 4
      type: Container
Copy the code

Create this LimitRange:

You can see that the configuration has taken effect. The following describes the meanings of these configurations:

The configuration above is divided into Pod and Container configuration. Container resource configuration corresponds to resource configuration of each Docker Container, and Pod resource configuration corresponds to the sum of all Container resources in a Pod. Where Pod and Container can specify min, Max, and maxLimitRequestRatio:

1. min: Specifies the lower limit of resources. That is, the minimum resource configuration cannot be lower than this value.
2. max: Specifies the upper limit of resources, that is, the maximum resource usage cannot be higher than this value.
3. maxLimitRequestRatio: This value specifies the upper limit of the ratio of requests and limits values.

In contrast to Pod, containers can also specify defaultRequest and default:

1. defaultRequest: default for the global containerrequestsValue;
2. default: default for the global containerlimitsValue.

Here are a few examples to see if the LimitRange we created takes effect. Define a Pod configuration file (test-default.yml) :

apiVersion: v1
kind: Pod
metadata:
  name: test-default
spec:
  containers:
    - name: nginx
      image: nginx
      ports:
        - containerPort: 80
Copy the code

Create the Pod:

You can see that we don’t define requests and limits configurations in test-default.yml, but yaml of the Pod instance does specify these values, which are the default values we defined above in LimitRange.

Then define a new Pod configuration (test-max.yml) :

apiVersion: v1
kind: Pod
metadata:
  name: test-max
spec:
  containers:
    - name: nginx
      image: nginx
      ports:
        - containerPort: 80
      resources:
        limits:
          cpu: 3
          memory: 500Mi
Copy the code

Create the Pod:

As you can see, an error was reported at creation time because the CPU configuration exceeds the maximum CPU configuration of both the Container and Pod as defined in LimtRange.

Create a Pod configuration (test-ratio. Yml) :

apiVersion: v1
kind: Pod
metadata:
  name: test-ratio
spec:
  containers:
    - name: nginx
      image: nginx
      ports:
        - containerPort: 80
      resources:
        limits:
          cpu: 2
          memory: 500Mi
        requests:
          cpu: 300m
          memory: 50Mi
Copy the code

Create the Pod:

You can see that an error was also reported because the ratio of requests to limits does not match the maxLimitRequestRatio configuration for LimitRange.

LimitRange test: LimitRange test: LimitRange test: LimitRange test: LimitRange test: LimitRange test: LimitRange test: LimitRange test: LimitRange test

ResourceQuota

ResourceQuota is used to manage resource quotas, which can provide an overall resource usage limit for each namespace. Resource quotas are classified into the following types:

Computing Resource Quota

The name of the resource	instructions
Cpu	The total of CPU Requests for all non-terminated PODS cannot exceed this value
limits.cpu	The sum of CPU Limits for all non-terminated pods cannot exceed this value
limits.memory	The sum of memory Limits for all non-terminated pods cannot exceed this value
Memory	The total of memory Requests for all non-terminated PODS cannot exceed this value
requests.cpu	The total of CPU Requests for all non-terminated PODS cannot exceed this value
requests.memory	The total of memory Requests for all non-terminated PODS cannot exceed this value

Storage Resource Quota

The name of the resource	instructions
requests.storage	For all PVCS, the total number of storage requests cannot exceed this value
PersistentVolumeclaims	The maximum number of persistent volumes that can exist in this namespace
.storageclass.storage.k8s.io/requests.storage	The total of storage requests for all PVCS associated with the storage class cannot exceed this value
.storageclass.storage.k8s.io/persistentvolumeclaims	The sum of all PVCS associated with the storage class

Object Quantity Quota

The name of the resource	instructions
Configmaps	The maximum number of ConfigMaps that can exist in the namespace
Pods	The maximum number of pods that can exist in this namespace in a non-terminated state equivalent to Pod status.phase in(Failed, Succeeded) = true
Replicationcontrollers	The upper limit on the total number of RCS that can exist in the namespace
Resourcequtas	The maximum number of resource quotas that can exist in the namespace
Services	The maximum number of services that can exist in this namespace
service.loadbalancers	The maximum number of load balancers that can exist in this namespace
services.nodeports	The maximum number of Nodeports that can exist in this namespace
Secrets	The maximum number of secrets that can exist in this namespace

test

Let’s also create a namespace before testing ResourceQuota:

apiVersion: v1
kind: Namespace
metadata:
  name: quota-ns
Copy the code

Create a simple ResourceQuota configuration (test-quota.yml) :

apiVersion: v1
kind: ResourceQuota
metadata:
  name: test-quota
spec:
  hard:
    pods: "4"
Copy the code

Create this ResourceQuota:

Then define an RC configuration (nginx-rc.yml) :

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx-rc
spec:
  replicas: 3
  selector:
    name: nginx
  template:
    metadata:
      labels:
        name: nginx
    spec:
      containers:
        - name: nginx
          image: nginx
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 80
Copy the code

Create the RC:

As you can see, there are already three Pod instances. If you expand the number of pods to five, see what happens:

There will only be 4 Pod instances, because we specified a maximum of 4 pods in ResourceQuota above.