Kubernetes Namespace ResourceQuota LimitRange 使用设置经验
namespace 配置经验
namespace设置多租户
label添加
在 Kubenetes version >= 1.21 版本,--feature-gates=...,--feature-gates=...,GracefulNodeShutdown=true,NamespaceDefaultLabelName=true
---
apiVersion: v1
kind: namespace
metadata:
name: my-test
release: stable #"stable" or "canary"
environment: production # "dev" or "uat" or "testing" or "production"
tenantid: customerAid # "tenant-id"
region: bj-region # "bj-region"
zone: bj-zone-a # "bj-zone-a"
name
、release
、 environment
、 tenantid
是必填项
region
和 zone
是选填项, 用于后续集群归属和划分使用
ResourceQuota 配置经验
限制namespace下资源总数
,按容量规划设置Quota
上
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: my-test-quota
spec:
hard:
#api配额
persistentvolumeclaims: "1"
services.loadbalancers: "2"
services.nodeports: "0" # 禁止nodeports
pods: "10"
services : "10"
replicationcontrollers: "4"
resourcequotas : "2"
secrets : "10"
#cpu mem 配额
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
limitrange 配置经验
限制单个 Pod 或 Pod 中的容器
, 资源大小
---
apiVersion: v1
kind: LimitRange
metadata:
name: limits
namespace: my-test
spec:
limits:
- default: # namespace下默认 添加 request 和 limits
cpu: 200m
memory: 512Mi
defaultRequest:
cpu: 100m
memory: 256Mi
- max: # namespace下pod的上下线配置
memory: 1Gi
cpu: 4
min:
memory: 100Mi
cpu: 100m
type: Container
正式环境设置:max、min 和 defaut Request 和 Limits
, 并且Request == Limits
;
其他环境设置:max、min 和 defaut Request
, 将Request设置为min
「如果这篇文章对你有用,请随意打赏」
FEATURED TAGS
agent
apiserver
application
bandwidth-limit
cgo
cgroupfs
ci/cd
client-go
cloudnative
cncf
cni
community
container
container-network-interface
containerd
controller
coredns
crd
custom-controller
deployment
docker
docker-build
docker-image
drop
ebpf
ecology
egress
etcd
gitee
github
gitlab
golang
governance
hpa
http2
image
ingress
iptables
jobs
kata
kata-runtime
kernel
kind
kubelet
kubenetes
kubernetes
library
linux-os
logging
loki
metrics
monitor
namespace
network
network-troubleshooting
node
nodeport
pingmesh
pod
prestop
prometheus
proxyless
pvc
rollingupdate
schedule
scheduler
serverless
sidecar
sigtrem
systemd
throttling
timeout
tools
traceroute