1. CPU和内存限制

在生产环境中，一般都要求Pod配置CPU和内存的限制，如果没有配置可能会吃掉过多的内存影响其它的Pod正常运行。kubernetes为namespace的资源限制提供了CPU、Memory、GPU三个维度，并且提供了默认值、最大值、最小值配置。当配置了这些参数后，创建容器时候会进行资源限制的检查:

• 如果容器没有指定资源限制，则使用默认的配置
• 检查容器的CPU和Memory的Limits是否超过Max设定，超过则报错
• 检查容器的CPU和Memory的Requests是否低于Min设定，低于则报错

  1.1. LimitRange字段

  apiVersion: v1
  kind: LimitRange
  metadata
  name # 在一个名称空间不能重复
  namespace # 指定名称空间，默认defalut
  labels # 标签
  annotations # 注释
  spec
  default # 默认的资源上限, limit
  defaultRequest # 默认的资源申请值, required
  max # 声明的limit上限
  min # 声明的required下线
  type -required- # 被限制的对象，Container

  1.2. 默认值案例

  1.2.1. 设置默认的request和limit

  apiVersion: v1
  kind: Namespace
  metadata:
  name: apps
  —-
  apiVersion: v1
  kind: LimitRange
  metadata:
  name: limit-resource
  namespace: apps
  spec:
  limits:
  # 设定默认request和limit
  - default:
  memory: 1024Mi
  cpu: 500m
  defaultRequest:
  memory: 128Mi
  cpu: 100m
  type: Container
  [root@duduniao local-k8s-yaml]# kubectl describe namespace apps
  Name: apps
  Labels:
  Annotations: Status: Active

No resource quota.

Resource Limits
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
—— ———— —- —- ———————- ——————- ———————————-
Container memory - - 128Mi 1Gi -
Container cpu - - 100m 500m -

1.2.2. 不指定request和limit

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
# 容器采用默认值
[root@duduniao local-k8s-yaml]# kubectl describe pod -n apps nginx-demo-1
Limits:
cpu: 500m
memory: 1Gi
Requests:
cpu: 100m
memory: 128Mi

1.2.3. 指定request，不指定limit

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
resources:
requests:
memory: 200Mi
cpu: 200m
# 当指定request后，以request为准, limit使用默认的limit。
# 如果request超过了默认Limit限制，会出现报错(请自行测试)
[root@duduniao local-k8s-yaml]# kubectl describe pod -n apps nginx-demo-1
Limits:
cpu: 500m
memory: 1Gi
Requests:
cpu: 200m
memory: 200Mi
Environment:

1.2.4. 不指定request，指定limit

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
resources:
limit:
memory: 200Mi
cpu: 200m
# 当指定Limits时，request和Limits都以指定的Limit为准
# 当指定Limits小于默认requests时，并不会报错
[root@duduniao local-k8s-yaml]# kubectl describe pod -n apps nginx-demo-1
Limits:
cpu: 200m
memory: 200Mi
Requests:
cpu: 200m
memory: 200Mi

1.2.5. 同时指定request和limit

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
resources:
limits:
memory: 500Mi
cpu: 500m
requests:
memory: 400Mi
cpu: 200m
# 如果指定了requests和limits，则以用户指定为准
[root@duduniao local-k8s-yaml]# kubectl describe pod -n apps nginx-demo-1
Limits:
cpu: 500m
memory: 500Mi
Requests:
cpu: 200m
memory: 400Mi

1.3. 极值设置

1.3.1. 设定极值

apiVersion: v1
kind: LimitRange
metadata:
name: limit-resource
namespace: apps
spec:
limits:
- default:
memory: 1024Mi
cpu: 500m
defaultRequest:
memory: 128Mi
cpu: 100m
max:
memory: 2048Mi
cpu: 1000m
min:
memory: 64Mi
cpu: 50m
type: Container
[root@duduniao local-k8s-yaml]# kubectl describe ns apps
Name: apps
Labels:
Annotations: Status: Active

No resource quota.

Resource Limits
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
—— ———— —- —- ———————- ——————- ———————————-
Container cpu 50m 1 100m 500m -
Container memory 64Mi 2Gi 128Mi 1Gi -

1.3.2. 超过最大值场景

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
resources:
limits:
memory: 4096Mi
cpu: 500m
requests:
memory: 400Mi
cpu: 200m
[root@duduniao local-k8s-yaml]# kubectl apply -f pod-demo.yaml
Error from server (Forbidden): error when creating “pod-demo.yaml”: pods “nginx-demo-1” is forbidden: maximum memory usage per Container is 2Gi, but limit is 4Gi

1.3.3. 低于最小值场景

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
resources:
limits:
memory: 2048Mi
cpu: 500m
requests:
memory: 32Mi
cpu: 200m
[root@duduniao local-k8s-yaml]# kubectl apply -f pod-demo.yaml
Error from server (Forbidden): error when creating “pod-demo.yaml”: pods “nginx-demo-1” is forbidden: minimum memory usage per Container is 64Mi, but request is 32Mi

1.3.4. 一般正常场景

apiVersion: v1
kind: Pod
metadata:
name: nginx-demo-1
namespace: apps
labels:
app: nginx
spec:
containers:
- name: nginx-demo-1
image: linuxduduniao/nginx:v1.0.0
resources:
limits:
memory: 2048Mi
cpu: 500m
requests:
memory: 512Mi
cpu: 200m
[root@duduniao local-k8s-yaml]# kubectl describe pod -n apps nginx-demo-1
Limits:
cpu: 500m
memory: 2Gi
Requests:
cpu: 200m
memory: 512Mi

2. 名称空间配额

上述CPU和内存限制是针对单个Container而言的，而配额指的是当前名称空间中所有符合条件的Pod累计资源消耗的上限，在不同业务使用不同名称空间的场景中，避免资源被一个业务线抢占过多，需要设定配额。如开发和测试共用一个K8S集群，并且通过名称空间进行区分时，每个名称空间推荐设定配额。

2.1. 字段

apiVersion: v1
kind: ResourceQuota
metadata: