Kubenetes Namespace LimitRange ResourceQuota

TIPS之 Kubernetes Namespace ResourceQuota LimitRange 使用设置经验

Kubernetes Namespace ResourceQuota LimitRange 使用设置经验

Posted by 董江 on Tuesday, July 26, 2022

Kubernetes Namespace ResourceQuota LimitRange 使用设置经验

namespace 配置经验

namespace设置多租户label添加

在 Kubenetes version >= 1.21 版本,--feature-gates=...,--feature-gates=...,GracefulNodeShutdown=true,NamespaceDefaultLabelName=true

---
apiVersion: v1
kind: namespace
metadata:
  name: my-test  
  release: stable #"stable" or "canary"
  environment: production # "dev" or "uat" or "testing" or "production"
  tenantid: customerAid  # "tenant-id"
  region: bj-region  # "bj-region"
  zone: bj-zone-a # "bj-zone-a"

namereleaseenvironmenttenantid 是必填项

regionzone 是选填项, 用于后续集群归属和划分使用

ResourceQuota 配置经验

限制namespace下资源总数,按容量规划设置Quota

---
apiVersion: v1
kind: ResourceQuota
metadata:
  name: my-test-quota
spec:
  hard: 
    #api配额
    persistentvolumeclaims: "1"
    services.loadbalancers: "2"
    services.nodeports: "0"    # 禁止nodeports
    pods: "10"
    services : "10"
    replicationcontrollers: "4"
    resourcequotas : "2"
    secrets : "10"
    #cpu mem 配额
    requests.cpu: "1"
    requests.memory: 1Gi
    limits.cpu: "2"
    limits.memory: 2Gi

limitrange 配置经验

限制单个 Pod 或 Pod 中的容器, 资源大小

---
apiVersion: v1
kind: LimitRange
metadata:
  name: limits
  namespace: my-test
spec:
  limits:
  - default:   # namespace下默认 添加 request 和 limits
      cpu: 200m
      memory: 512Mi
    defaultRequest:  
      cpu: 100m
      memory: 256Mi
  - max:      # namespace下pod的上下线配置
      memory: 1Gi
      cpu: 4
    min:
      memory: 100Mi
      cpu: 100m
    type: Container

正式环境设置:max、min 和 defaut Request 和 Limits, 并且Request == Limits; 其他环境设置:max、min 和 defaut Request, 将Request设置为min

「如果这篇文章对你有用,请随意打赏」

Kubeservice博客

如果这篇文章对你有用,请随意打赏

使用微信扫描二维码完成支付

CATALOG
    FEATURED TAGS
    agent apiserver application bandwidth-limit cgo cgroupfs ci/cd client-go cloudnative cncf cni community container container-network-interface containerd controller coredns crd custom-controller deployment docker docker-build docker-image drop ebpf ecology egress etcd gitee github gitlab golang governance hpa http2 image ingress iptables jobs kata kata-runtime kernel kind kubelet kubenetes kubernetes library linux-os logging loki metrics monitor namespace network network-troubleshooting node nodeport pingmesh pod prestop prometheus proxyless pvc rollingupdate schedule scheduler serverless sidecar sigtrem systemd throttling timeout tools traceroute