K8s Series 17: Resource quota

This is the 13th day of my participation in the August More text Challenge. For details, see: August More Text Challenge

If multiple teams or projects are running in a cluster, there is a policy called resource quota in K8S to control resource allocation in order to achieve fairness or pre-stated resource allocation

There are two strategies in K8S to limit different scenarios

One is ResourceQuotas. If multiple project teams share resources in a cluster, different amounts of resources are allocated to different namespaces
LimitRange Specifies the resource quota for cluster controller objects. You can limit the number of resources for each application

ResourceQuotas

The ResourceQuotas function is enabled by default in K8S. For earlier versions of K8S, check whether — enabl-admission -plugins=ResourceQuota has this parameter

Test cases

Create a new namespace

kubectl create namespace compute
Copy the code

Create ResourceQuota kubectl apply -f resourcequota.yaml

apiVersion: v1
kind: ResourceQuota
metadata:
  name:  compute
  namespace: compute
spec:
  hard:
    cpu: 500m  
    memory: 200Mi
    pods: "10"
    services: "2"
    requests.cpu: 5
    limits.memory: 2Gi
    persistentvolumeclaims: "2"
    services.nodeports: "2"
    configmaps: "2"
    secrets: "2"
Copy the code

The above configuration is restricted in the compute namespace:

Up to 10 PODS,2 SVC,2 PVC,2 ConfigMap,2 Secret, up to 2 GB memory, up to 5 CPUS
Request is the minimum resource request for POD
Limit Limits the maximum usage of POD resources

For example, if the resource is used up in the Compute namespace, an error will be reported if the application fails to request the resource (for all applications that are already running).

Obtain the resource quota configuration

#kubectl -n compute  get resourcequotas
kubectl describe resourcequotas/compute -n compute
Copy the code

As you can see, this is in effect, and this is the detail of resource allocation for the Compute namespace

Use the ConfigMap resource to test whether the above rules are valid, add two, and then report that the limit is exceeded when you are ready to add a third

LimitRange

LimitRange is enabled by default in K8S and is limited to all controller objects. It is often used in actual scenarios and has the following functions:

Limit the memory usage of a single application to avoid memory competition that causes innocent applications to OOM
Limit the CPU usage of an application to prevent CPU resources from becoming unavailable to other applications
Limit the storage usage of an application to prevent other applications from writing data when the shared storage is full

Test cases

Using the Deployment application as an example, forward portal :juejin.cn/post/697645…

In the following example, you can see the restriction policy added to the spec.spec.resources field

apiVersion: apps/v1
kind: Deployment
metadata:
  name: springboot-hive
  namespace: devops
  labels:
    app: springboot
    version: "1.0"
spec:
  replicas: 3
  selector:
    matchLabels:
      app: springboot
  template:
    metadata:
      labels:
        app: springboot
        version: "1.0"
    spec:
      terminationGracePeriodSeconds: 30
      containers:
      - name: springboot-hive
        image: harbor-test.xxxxx.cn/dev/springboot-hive:v1
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 100m
            memory: 1Gi
          limits:
            cpu: 2
            memory: 2Gi
        ports:
        - containerPort: 8080
          name: web
Copy the code

Limit Limits the maximum usage of POD resources
Request is the minimum resource request for POD
If request is not configured with limit, default request= LIMIT
When the container memory exceeds 2 gb, it will result in an OOM
CPU usage will not exceed the limit value and will be limited to this limit

Resource unit

Unit of CPU:

CPU resources are in units of MilicPU. Small values are allowed. The suffix M can be used to indicate mili. The unit suffix m means one thousandth of a core, so 1 core = 1000m, or just write 1 or 1000m

RAN units:

Ram is mainly in units of Mi, Mi means 1Mi=1024*1024, basic application memory use is starting from M, so 1Gi=1024Mi can be converted

Object type class

LimitRange is used in object resource mode to limit resource allocation of one-class controllers. However, it is rarely used in actual scenarios

The configuration file is as follows:

apiVersion: v1
kind: LimitRange
metadata:
  name: test-limitrange
spec: limits: -type: Pod # Specifies the type of the resourcemax:
      cpu: 1Limit maximum CPUmemory: 1Gi # specifies the maximum memorymin: CPU: 100M # Specifies the minimum CPUmemory: 100Mi # Specifies the minimum memorydefault:
      cpu: 1# Default CPU limitmemory: 1Gi # Default memory limitsdefaultRequest: CPU: 200M # Default CPU requestmemory: 200Mi # Default memory requestmaxLimitRequestRatio:
      cpu: 2Set CPU limit/request ratio to maximum2  
      memory: 2Gi # Specifies the maximum memory limit/request ratio2
 
  - type: PersistentVolumeClaim
    max: storage: 2Gi # specifies the maximum requests for PVCmin: storage: 1Gi # qualifies PVC for minimal requests. StorageCopy the code

Note that the preceding configuration takes effect on the resources in the namespace under which the namespace is executed. The preceding configuration limits the Pod and PVC resources in the namespace

Check the command

kubectl describe limits lr-test
Copy the code

ResourceQuotas

Test cases

LimitRange

Test cases

Resource unit

Object type class

Related Posts

Java basics: Error and Exception

802: Find the final safety state (medium, DFS, BFS)

Goodbye Microservices, from more than 100 troubled children to a superstar