Kubernetes整个命名空间的默认QoS [英] Kubernetes default QoS for whole namespace

问题描述

是否有任何方法可以为给定名称空间中的所有节点设置默认服务质量?或者只是在名称空间级别而不是Pod级别上设置QoS. 我的意思是，每个现有的和每个新创建的Pod都将具有给定名称空间的默认设置.

例如.命名空间kube-system或super-important中的所有Pod都获得了保证"的QoS级别.

我想以这样一种方式设置QoS:万一kube-system(或其他重要的组/名称空间)中的资源容器出现问题时，它们的删除要晚于次要的. >

P.S.我收到了有关准入控制器的建议，但没有看到与QoS的关联.

解决方案

有可能.有关QoS的一些基本信息:

Kubernetes使用QoS类来做出有关调度和调度的决策. 驱逐豆荚.

要为Pod提供QoS级别的保证:

• Pod中的每个容器必须有一个内存限制和一个内存 要求，并且它们必须相同.
• 豆荚中的每个容器都必须 有CPU限制和CPU请求，并且它们必须相同.

如果满足以下条件，则为Pod提供burstable的QoS类别:

• 该Pod不符合QoS类别保证的标准.至少 Pod中的一个容器有一个内存或CPU请求.

要为Pod提供BestEffort的QoS类:

• 容器中的容器不得具有任何内存或CPU限制，或者 请求.

这里是如何为命名空间qos-test中的所有Pod设置保证QoS的示例.

让我们创建一个命名空间qos-test:

$ kubectl create namespace qos-test

接下来，我们创建一个LimitRange对象YAML文件(应该存在CPU和内存，限制和请求应该相同):

$ cat <<EOF > limitRange.yaml
apiVersion: v1
kind: LimitRange
metadata:
  name: mem-limit-gua
spec:
  limits:
  - default:
      cpu: 100m
      memory: 512Mi
    defaultRequest:
      cpu: 100m
      memory: 256Mi
    type: Container
EOF

然后将其应用于命名空间qos-test:

$ kubectl create -f limitRange.yaml --namespace=qos-test

现在，让我们创建一个Pod(在Pod规范中不得出现CPU或内存请求和限制):

$ cat <<EOF > default-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: default-pod
spec:
  containers:
  - name: default-ctr
    image: nginx
EOF

$ kubectl create -f default-pod.yaml --namespace=qos-test

最后，让我们检查一下我们得到的:

$ kubectl get namespaces
...
$ kubectl get limitrange --all-namespaces -o wide
...
$ kubectl get limitrange -o yaml -n qos-test
...
$ kubectl get pod default-pod -o yaml -n qos-test

apiVersion: v1
kind: Pod
metadata:
  ...
  name: default-pod
  namespace: qos-test
  ...
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: default-ctr
    resources:
      limits:
        cpu: 100m
        memory: 256Mi
      requests:
        cpu: 100m
        memory: 256Mi
    ...
status:
  ...
  hostIP: 10.0.2.15
  phase: Running
  podIP: 172.17.0.10
  qosClass: Guaranteed
  ...

您可以看到default-pod获得了qosClass: Guaranteed.

要创建具有不同QoS的Pod，请参阅文档的此部分:

• 为Pod配置服务质量

您可以在本文中找到有关配置名称空间默认限制的更多详细信息:

• 配置默认内存请求和限制命名空间

Is there any method of setting default QoS for all of the nodes from given namespace? Or just set QoS on namespace level instead of pod level. I mean the situation where every existing and every newly created pod will have this default setting for given namespace.

Eg. All pods in namespace kube-system or super-important got QoS level "guaranted".

I want to set the QoS in such a way that in case of any problems with the resources pods from kube-system (or other important groups/namespaces), they be removed last, later than the less important ones.

P.S. I got advice about admission-controllers but i didn't see correlation to QoS.

解决方案

It's possible. Some basic information about QoS:

Kubernetes uses QoS classes to make decisions about scheduling and evicting Pods.

For a Pod to be given a QoS class of Guaranteed:

• Every Container in the Pod must have a memory limit and a memory request, and they must be the same.
• Every Container in the Pod must have a CPU limit and a CPU request, and they must be the same.

A Pod is given a QoS class of Burstable if:

• The Pod does not meet the criteria for QoS class Guaranteed. At least one Container in the Pod has a memory or CPU request.

For a Pod to be given a QoS class of BestEffort:

• The Containers in the Pod must not have any memory or CPU limits or requests.

Here is an example of how to set the Guaranteed QoS for all pods in the namespace qos-test.

Let's create a namespace qos-test:

$ kubectl create namespace qos-test

Next, let's create a LimitRange object YAML file (CPU and Memory should be present, limits and requests should be the same):

$ cat <<EOF > limitRange.yaml
apiVersion: v1
kind: LimitRange
metadata:
  name: mem-limit-gua
spec:
  limits:
  - default:
      cpu: 100m
      memory: 512Mi
    defaultRequest:
      cpu: 100m
      memory: 256Mi
    type: Container
EOF

Then let’s apply it to the namespace qos-test:

$ kubectl create -f limitRange.yaml --namespace=qos-test

Now, let's create a pod (CPU or Memory requests and limits must not be present in Pod spec):

$ cat <<EOF > default-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: default-pod
spec:
  containers:
  - name: default-ctr
    image: nginx
EOF

$ kubectl create -f default-pod.yaml --namespace=qos-test

Finally, let's check what we've got:

$ kubectl get namespaces
...
$ kubectl get limitrange --all-namespaces -o wide
...
$ kubectl get limitrange -o yaml -n qos-test
...
$ kubectl get pod default-pod -o yaml -n qos-test

apiVersion: v1
kind: Pod
metadata:
  ...
  name: default-pod
  namespace: qos-test
  ...
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: default-ctr
    resources:
      limits:
        cpu: 100m
        memory: 256Mi
      requests:
        cpu: 100m
        memory: 256Mi
    ...
status:
  ...
  hostIP: 10.0.2.15
  phase: Running
  podIP: 172.17.0.10
  qosClass: Guaranteed
  ...

As you can see default-pod got the qosClass: Guaranteed.

To create pods with different QoS please refer to this part of documentation:

• Configure Quality of Service for Pods

You can find more details about configuring default limits for a Namespace in this article:

• Configure Default Memory Requests and Limits for a Namespace

这篇关于Kubernetes整个命名空间的默认QoS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！