Kubernetes资源配额实战:LimitRange配置指南
1 基本介绍
官方网址:https://kubernetes.io/zh-cn/docs/reference/kubernetes-api/policy-resources/limit-range-v1/
作用:LimitRange 设置名字空间中每个资源类别的资源用量限制。
2 配置Limitrange资源配额的最大值及最小值
2.1 LimitRange资源清单
## LimitRange资源清单
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# cat 01-dinginx-limitrange.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dinginx-project
---
apiVersion: v1
kind: LimitRange
metadata:
name: limitrange-default
namespace: dinginx-project
spec:
limits:
#限制容器的最大资源配额
- max:
cpu: 2
memory: 4Gi
# #限制容器的最小资源配额
min:
cpu: 200m
memory: "200Mi"
type: Container
#创建资源并查看
[root@k8s-master01 /data/manifests/project]# kubectl apply -f dinginx-limitrange.yaml
[root@k8s-master01 /data/manifests/project]# kubectl -n dinginx-project describe limitranges
Name: limitrange-default
Namespace: dinginx-project
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu 200m 2 2 2 -
Container memory 200Mi 4Gi 4Gi 4Gi -
#默认使用limitrange配置的最大资源
2.2 验证大于cpu最大配额deploy资源
2.2.1 创建测试deploy资源
#创建测试deploy资源
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# cat 02-limitrange-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dinginx-limitrange
namespace: dinginx-project
spec:
replicas: 1
selector:
matchLabels:
app: dinginx
template:
metadata:
labels:
app: dinginx
spec:
containers:
- image: harbor.dinginx.org/dinginx/app-dinginx:v1
name: dinginx-limitrange-pods
resources:
requests:
cpu: 3 # 注意 CPU 请求单位
memory: "200Mi" # 内存请求
limits:
cpu: "1" # CPU 限制
memory: "2Gi" # 内存限制
restartPolicy: Always
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl apply -f 02-limitrange-deploy.yaml
The Deployment "dinginx-limitrange" is invalid: spec.template.spec.containers[0].resources.requests: Invalid value: "3": must be less than or equal to cpu limit of 1
2.2.2 大于limit最大值memory资源配额
#测试资源清单文件
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# cat 02-limitrange-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dinginx-limitrange
namespace: dinginx-project
spec:
replicas: 1
selector:
matchLabels:
app: dinginx
template:
metadata:
labels:
app: dinginx
spec:
containers:
- image: harbor.dinginx.org/dinginx/app-dinginx:v1
name: dinginx-limitrange-pods
resources:
requests:
cpu: "200m" # 注意 CPU 请求单位
memory: "200Mi" # 内存请求
limits:
cpu: "1" # CPU 限制
#测试大于limit值配额
memory: "6Gi" # 内存限制
restartPolicy: Always
#无法创建pod
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl get deploy,pods -n dinginx-project
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/dinginx-limitrange 0/1 0 0 9m18s #pod因资源限制无法创建
#修改为正常范围内配额
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# cat 02-limitrange-deploy.yaml
apiVersion: apps/v1
kind: Deployment
#...
spec:
containers:
- image: harbor.dinginx.org/dinginx/app-dinginx:v1
name: dinginx-limitrange-pods
resources:
requests:
cpu: "200m" # 注意 CPU 请求单位
memory: "200Mi" # 内存请求
limits:
cpu: "2" # CPU 限制
memory: "3Gi" # 内存限制
restartPolicy: Always
#...
2.2.3 修改为正常值
##再次创建,pod创建成功
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl apply -f 02-limitrange-deploy.yaml
deployment.apps/dinginx-limitrange configured
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl -n dinginx-project get pods
NAME READY STATUS RESTARTS AGE
dinginx-limitrange-787c5964bc-qspd9 1/1 Running 0 5s
2.2.4 不设置resources字段测试
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# vim 02-limitrange-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dinginx-limitrange
namespace: dinginx-project
spec:
replicas: 1
selector:
matchLabels:
app: dinginx
template:
metadata:
labels:
app: dinginx
spec:
containers:
- image: harbor.dinginx.org/dinginx/app-dinginx:v1
name: dinginx-limitrange-pods
restartPolicy: Always
#创建资源并验证
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl -n dinginx-project get pods -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dinginx-limitrange-678fc88765-fkx5d 1/1 Running 0 9s 10.244.2.99 k8s-node02.dinginx.org <none> <none>
[root@k8s-node02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bca608447a80 b71dcd634698 "/docker-entrypoint.…" 2 minutes ago Up 2 minutes k8s_dinginx-limitrange-pods_dinginx-limitrange-678fc88765-fkx5d_dinginx-project_6e481c74-b750-4639-9fa2-9b51a8df5d49_0
[root@k8s-node02 ~]#
#默认会使用limitrang最大配额
[root@k8s-node02 ~]# docker stats bca608447a80
CONTAINER ID NAME
CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS bca608447a80 k8s_dinginx-limitrange-pods_dinginx-limitrange-678fc88765-fkx5d_dinginx-project_6e481c74-b750-4639-9fa2-9b51a8df5d49_0 0.00% 3.227MiB / 4GiB 0.08% 0B / 0B 0B / 12.3kB 3
3 设置默认的计算资源配额
3.1 limitrange设置默认配额并创建资源
#limitrange设置默认配额
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# cat 01-dinginx-limitrange.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dinginx-project
---
apiVersion: v1
kind: LimitRange
metadata:
name: limitrange-default
namespace: dinginx-project
spec:
limits:
- max:
cpu: 1
memory: 4Gi
min:
cpu: 200m
memory: "200Mi"
default:
cpu: "500m" # 所有容器的默认 CPU 限制为 500 毫核
memory: "2Gi" # 所有容器的默认内存限制为 2 Gi
defaultRequest:
cpu: "250m" # 所有容器的默认 CPU 请求为 250 毫核
memory: "250Mi" # 所有容器的默认内存请求为 128 Mi
type: Container # 资源限制的类型为容器
#创建 资源并验证
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl -n dinginx-project get limitranges
NAME CREATED AT
limitrange-default 2026-01-24T15:31:07Z
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl -n dinginx-project describe limitranges
Name: limitrange-default
Namespace: dinginx-project
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container memory 200Mi 4Gi 250Mi 2Gi -
Container cpu 200m 1 250m 500m -
3.2 创建deploy资源清单并验证
#创建deploy资源清单
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# cat 02-limitrange-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: dinginx-limitrange
namespace: dinginx-project
spec:
replicas: 1
selector:
matchLabels:
app: dinginx
template:
metadata:
labels:
app: dinginx
spec:
containers:
- image: harbor.dinginx.org/dinginx/app-dinginx:v1
name: dinginx-limitrange-pods
#resources:
# requests:
# cpu: "200m" # 注意 CPU 请求单位
# memory: "200Mi" # 内存请求
# limits:
# cpu: "2" # CPU 限制
# #测试大于最小值limitrange配额
# memory: "3Gi" # 内存限制
restartPolicy: Always
#创建资源并验证
[root@k8s-master01 /data/manifests/project/03-dinginx-limitrange]# kubectl get pods -n dinginx-project -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
dinginx-limitrange-678fc88765-fbmpt 1/1 Running 0 8m40s 10.244.2.100 k8s-node02.dinginx.org <none> <none>
#到被调度的节点查看资源,和limitrange默认配额一致
[root@k8s-node02 ~]# docker ps -l
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b217fae91cf b71dcd634698 "/docker-entrypoint.…" 9 minutes ago Up 9 minutes k8s_dinginx-limitrange-pods_dinginx-limitrange-678fc88765-fbmpt_dinginx-project_334b727f-5f04-4ea2-9cd6-204a5755c5f1_0
[root@k8s-node02 ~]# docker stats 2b217fae91cf
CONTAINER ID NAME CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 2b217fae91cf k8s_dinginx-limitrange-pods_dinginx-limitrange-2b217fae91cf-skdj2_dinginx-project_d7eb4d07-2206-4991-bdc7-ac56d7206dde_0 0.00% 3.23MiB / 2GiB 0.16% 0B / 0B 0B / 12.3kB 3
浙公网安备 33010602011771号