kubernetes调度之资源配额 (2)

当使用count/*类型资源配额,服务器上存在的资源对象将都被控制.这将有助于防止服务器存储资源被耗尽.比如,如果存储在服务器上的secrets资源对象过大,你可能会想要限制它的数量.过多的secrets可能会导致服务器无法启动!你也可能会限制job的数量以防一些设计拙劣的定时任务会创建过多的job以导致服务被拒绝

以下资源类型的限额是支持的

Resource Name Description
configmaps   The total number of config maps that can exist in the namespace.  
persistentvolumeclaims   The total number of persistent volume claims that can exist in the namespace.  
pods   The total number of pods in a non-terminal state that can exist in the namespace. A pod is in a terminal state if .status.phase in (Failed, Succeeded) is true.  
replicationcontrollers   The total number of replication controllers that can exist in the namespace.  
resourcequotas   The total number of resource quotas that can exist in the namespace.  
services   The total number of services that can exist in the namespace.  
services.loadbalancers   The total number of services of type load balancer that can exist in the namespace.  
services.nodeports   The total number of services of type node port that can exist in the namespace.  
secrets   The total number of secrets that can exist in the namespace.  

例如,pod配额限制了一个名称空间下非terminal状态的pod总数量.这样可以防止一个用户创建太多小的pod以至于耗尽集群分配给pod的所有IP

配额范围

每一个配额都可以包含一系列相关的范围.配额只会在匹配列举出的范围的交集时才计算资源的使用.

当一个范围被添加到配额里,它将限制它支持的,属于范围的资源.指定的资源不在支持的集合里时,将会导致验证错误

Scope Description
Terminating   Match pods where .spec.activeDeadlineSeconds >= 0  
NotTerminating   Match pods where .spec.activeDeadlineSeconds is nil  
BestEffort   Match pods that have best effort quality of service.  
NotBestEffort   Match pods that do not have best effort quality of service.  

BestEffort范围限制配额只追踪pods资源

Terminating,NotTerminating和NotBestEffort范围限制配额追踪以下资源:

cpu

limits.cpu

limits.memory

memory

pods

requests.cpu

requests.memory

每一个PriorityClass的资源配额

此特征在1.12片本中为beta

pod可以以指定的优先级创建.你可以通过pod的优先级来控制pod对系统资源的使用,它是通过配额的spec下的scopeSelector字段产生效果的.

只有当配额spec的scopeSelector选择了一个pod,配额才会被匹配和消费

你在使用PriorityClass的配额的之前,需要启用ResourceQuotaScopeSelectors

以下示例创建一个配额对象,并且一定优先级的pod会匹配它.

集群中的pod有以下三个优先级类之一:low,medium,high

每个优先级类都创建了一个资源配额

apiVersion: v1 kind: List items: - apiVersion: v1 kind: ResourceQuota metadata: name: pods-high spec: hard: cpu: "1000" memory: 200Gi pods: "10" scopeSelector: matchExpressions: - operator : In scopeName: PriorityClass values: ["high"] - apiVersion: v1 kind: ResourceQuota metadata: name: pods-medium spec: hard: cpu: "10" memory: 20Gi pods: "10" scopeSelector: matchExpressions: - operator : In scopeName: PriorityClass values: ["medium"] - apiVersion: v1 kind: ResourceQuota metadata: name: pods-low spec: hard: cpu: "5" memory: 10Gi pods: "10" scopeSelector: matchExpressions: - operator : In scopeName: PriorityClass values: ["low"]

使用kubectl create来用户以上yml文件

kubectl create -f ./quota.yml resourcequota/pods-high created resourcequota/pods-medium created resourcequota/pods-low created