K8S资源限制之LimitRange

LimitRange介绍

• LimitRange也是一种资源，在名称空间内有效；限制同一个名称空间下pod容器的申请资源的最大值，最小值
• pod的resources中requests和limits必须在这个范围内，否则pod无法创建。当然pod也可以不使用resources进行创建
• type: 限制对象可以是 ontainer、Pod、PersistentVolumeClaim

应用场景：

• 开发或测试环境中的所有容器设置统一的资源限制时

• 当需要防止某个 Pod 占用过多资源影响其他 Pod 运行时

• 当想要简化资源配置过程，避免每次创建 Pod 时都详细指定资源请求和限制

01 编写limitrange

提示：操作之前确认kube-public名称空间下没有其他相关的资源限制，以避免干扰

1.编写LimitRange资源清单

cat > 01-cpu-memory-min-max.yaml <<EOF
apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-memory-min-max
  namespace: kube-public
spec:
  limits:
    # 容器能设置limit的最大值
  - max:
      cpu: 2
      memory: 4Gi
    # 容器能设置limit的最小值
    min:
      cpu: 200m
      memory: 100Mi
    # 限制的类型是容器
    type: Container
EOF

查看资源限制，虽然没有设置默认值。但是自动设置了默认值。

[root@master231~]# kubectl -n kube-public describe limitranges 
Name:       cpu-memory-min-max
Namespace:  kube-public
Type        Resource  Min    Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---    ---  ---------------  -------------  -----------------------
Container   cpu       200m   2    2                2              -
Container   memory    100Mi  4Gi  4Gi              4Gi            -

2.创建第1个pod。limitrange中限制了CPU的最小值200Mi，pod的CPU资源请求为100Mi，明显低于这个数，因此是不会创建的。

cat > 02-pods.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: pods-nginx
  namespace: kube-public
spec:
  containers:
  - name: web
    image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    resources:
      requests:
        cpu: 0.1
        memory: 1Gi
      limits:
        cpu: 1
        memory: 2Gi
EOF

kubectl apply -f 02-pods.yaml

Error from server (Forbidden): error when creating "02-pods.yaml": pods "pods-nginx" is forbidden: minimum cpu usage per Container is 200m, but request is 100m

3.继续创建pod，这次在request中限制内存最大使用为5Gi，超过了limitrange中设置的最大值4Gi。因此也不能创建成功

cat > 03-pods.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: pods-nginx-02
  namespace: kube-public
spec:
  containers:
  - name: web
    image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    resources:
      requests:
        cpu: 0.5
        memory: 1Gi
      limits:
        cpu: 1
        memory: 5Gi
EOF

kubectl apply -f 03-pods.yaml

Error from server (Forbidden): error when creating "03-pods.yaml": pods "pods-nginx-02" is forbidden: maximum memory usage per Container is 4Gi, but limit is 5Gi

4.不设置限制的方式创建pod可以成功

cat > 04-pods.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: pods-nginx-04
  namespace: kube-public
spec:
  containers:
  - name: web
    image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
EOF

[root@master231~]# kubectl -n kube-public get pods -o wide 
NAME            READY   STATUS    RESTARTS   AGE   IP               NODE      
pods-nginx-04   1/1     Running   0          18s   10.100.203.155   worker232

在worker232节点使用docker status命令查看其状态

CONTAINER ID   NAME           CPU %     MEM USAGE / LIMIT   MEM %     NET I/O   BLOCK I/O     PIDS
26de8eac876c   k8s_web...     0.00%     8.992MiB / 4GiB     0.22%     0B / 0B   0B / 12.3kB   13

5.这个pod也在范围内，也可以创建成功。

cat > 05-pods.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: pods-nginx-05
  namespace: kube-public
spec:
  containers:
  - name: web
    image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
    resources:
      requests:
        cpu: 0.5
        memory: 1Gi
      limits:
        cpu: 2
        memory: 3Gi
EOF

[root@master231~]# kubectl -n kube-public get pods -o wide | grep pods-nginx-05
pods-nginx-05   1/1     Running   0          104s    10.100.140.93    worker233

02 为pod设置request默认值

1.没有设置默认值，自动使用最大值作为默认值。

[root@master231~]# kubectl describe limits -n kube-public 
Name:       cpu-memory-min-max
Namespace:  kube-public
Type        Resource  Min    Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---    ---  ---------------  -------------  -----------------------
Container   cpu       200m   2    2                2              -
Container   memory    100Mi  4Gi  4Gi              4Gi            -

运行1个资源清单设置默认值

cat > 01-cpu-memory-default.yaml <<EOF
apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-memory-min-max-default
  namespace: kube-public
spec:
  limits:
  - max:
      cpu: 2
      memory: 4Gi
    min:
      cpu: 200m
      memory: 100Mi
    type: Container
    # 设置默认值的Request
    defaultRequest:
      cpu: 200m
      memory: 500Mi
    # 设置默认值的Limit
    default:
      cpu: 1
      memory: 2Gi
EOF

2.查看符合default结果

[root@master231~]# kubectl -n kube-public describe limitranges 
Name:       cpu-memory-min-max
Namespace:  kube-public
Type        Resource  Min    Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---    ---  ---------------  -------------  -----------------------
Container   cpu       200m   2    2                2              -
Container   memory    100Mi  4Gi  4Gi              4Gi            -


Name:       cpu-memory-min-max-default
Namespace:  kube-public
Type        Resource  Min    Max  Default Request  Default Limit  Max Limit/Request Ratio
----        --------  ---    ---  ---------------  -------------  -----------------------
Container   memory    100Mi  4Gi  500Mi            2Gi            -
Container   cpu       200m   2    200m             1              -