1 introduction
Kubernetes provides two ways to limit resources: ResourceQuota and LimitRange.
The ResourceQuota is the resource limit for the namespace, and the LimitRange is the resource limit for each component in the namespace.
If multiple namespaces share a cluster, the resource quota of one namespace may exceed its fair quota. As a result, the resources of other namespaces are occupied. At this point we can create a ResourceQuota for each namespace,
When a user creates a resource in a namespace, the quota system tracks the usage of the resource to ensure that the quota is not exceeded. If the creation or update of a resource violates the quota constraint, the HTTP status code will cause the request to fail 403 FORBIDDEN. The change to the resource quota does not affect the pod that has already been created.
In the apiserver startup parameter, ResourceQuota is enabled in Kubernetes by default. In the apiserver startup parameter — enabl-admission -plugins=, ResourceQuota is enabled.
2 use
Create an NS for the test
[~] kubectl create ns testquota
namespace/testquota created
Copy the code[~] kubectl get ns | grep quota
testquota Active 3m41s
Copy the codeCreate a ResourceQuota
[yaml] cat resourcequota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: testquota-resources
namespace: testquota
spec:
hard:
pods: "4"
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
Copy the code[yaml] kubectl apply -f resourcequota.yaml
resourcequota/testquota-resources created
Copy the code[yaml] kubectl describe resourcequotas -n testquota testquota-resources
Name: testquota-resources
Namespace: testquota
Resource Used Hard
-------- ---- ----
limits.cpu 0 2
limits.memory 0 2Gi
pods 0 4
requests.cpu 0 1
requests.memory 0 1Gi
Copy the codeCreate a Deployment and limit resources
[yaml] cat quota-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: testquota
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
resources:
requests:
memory: "100Mi"
cpu: "100m"
limits:
memory: "200Mi"
cpu: "500m"
[yaml] kubectl apply -f quota-deploy.yaml
deployment.apps/nginx-deployment created
[yaml] kubectl get po -n testquota
NAME READY STATUS RESTARTS AGE
nginx-deployment-7c6bbc77d8-mfxnl 1/1 Running 0 9s
Copy the codeChange the number of Deployment copies so that the total resources used exceed those defined in ResourceQuota
First, check the current resource usage
[yaml] kubectl describe resourcequotas -n testquota testquota-resources
Name: testquota-resources
Namespace: testquota
Resource Used Hard
-------- ---- ----
limits.cpu 500m 2
limits.memory 200Mi 2Gi
pods 1 4
requests.cpu 100m 1
requests.memory 100Mi 1Gi
Copy the codeChange the number of copies
[yaml] kubectl scale deployment -n testquota nginx-deployment --replicas=4
deployment.apps/nginx-deployment scaled
[yaml] kubectl get po -n testquota
NAME READY STATUS RESTARTS AGE
nginx-deployment-7c6bbc77d8-5mbc6 1/1 Running 0 7s
nginx-deployment-7c6bbc77d8-ld69h 1/1 Running 0 7s
nginx-deployment-7c6bbc77d8-mfxnl 1/1 Running 0 5m18s
nginx-deployment-7c6bbc77d8-sdcxb 1/1 Running 0 7s
Copy the codeCurrent resource usage
[yaml] kubectl describe resourcequotas -n testquota testquota-resources
Name: testquota-resources
Namespace: testquota
Resource Used Hard
-------- ---- ----
limits.cpu 2 2
limits.memory 800Mi 2Gi
pods 4 4
requests.cpu 400m 1
requests.memory 400Mi 1Gi
Copy the codeCreate another Deployment
[yaml] kubectl apply -f quota-deploy-2.yaml
deployment.apps/nginx2-deployment created
[yaml] kubectl get deployment -n testquota
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deployment 4/4 4 4 7m48s
nginx2-deployment 0/1 0 0 34s
Copy the codeAs you can see, although Deployment has been successfully created, no corresponding POD has been created and you can see that Deployment has reported an error
[yaml] kubectl describe deployments -n testquota nginx2-deployment
Name: nginx2-deployment
Namespace: testquota
...
Replicas: 1 desired | 0 updated | 0 total | 0 available | 1 unavailable
NewReplicaSet: nginx2-deployment-7c6bbc77d8 (0/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 98s deployment-controller Scaled up replica set nginx2-deployment-7c6bbc77d8 to 1
Copy the codeThe pod cannot be created because the total number of created Pods exceeds the total resource limit of the namespace.
3 Common resource types
| The name of the resource | describe |
|---|---|
| limits.cpu | Total CPU limit of all Pods in the namespace |
| limits.memory | Memory limit sum |
| requests.cpu | Total CPU Requests |
| requests.memory | Memory limit sum |
| requests.storage | The sum of stored values requested by the PVC |
| persistentvolumeclaims | The number of PVC |
| requests.ephemeral-storage | Total number of local temporary storage requests |
| limits.ephemeral-storage | Total number of temporary local storage limits |