背景 容器中的应用有BUG 内存泄漏 吃掉了宿主机上的内存资源
资源需求(requests)
定义需要系统预留给该容器使用的资源最小可用值
- 容器运行时可能用不到这些额度的资源,但用到时必须确保有相应数量的资源可用
- 资源需求的定义会影响调度器的决策
- 调度的节点可用资源 需要 满足pod的资源需求
资源限制(limits) cgroup
定义该容器可以申请使用的资源最大可用值
- 超出该额度的资源使用请求将被拒绝
- 该限制需要大于等于requests的值,但系统在其某项资源紧张时,会从容器那里回收其使用的超出其requests值的那部分
- requests和limits定义在容器级别,主要围绕cpu、memory和hugepages三种资源
cpu 参数解释
cpu 1 使用一核cpu
- 如果是4c的机器 每个cpu最多到25%
cpu 1m 使用cpu运行时间的 1/1000
cpu 100m 使用cpu运行时间的 100/1000
内存参数
需求64M 最大128M
如果运行时用了100M 系统会强制回收36M
优先级配置
kubectl explain pods.spec
priority <integer>
The priority value. Various system components use this field to find the
priority of the pod. When Priority Admission Controller is enabled, it
prevents users from setting this field. The admission controller populates
this field from PriorityClassName. The higher the value, the higher the
priority.
priorityClassName <string>
If specified, indicates the pod's priority. "system-node-critical" and
"system-cluster-critical" are two special keywords which indicate the
highest priorities with the former being the highest priority. Any other
name must be defined by creating a PriorityClass object with that name. If
not specified, the pod priority will be default or zero if there is no
default.
配置示例
参考文档
apiVersion: v1
kind: Pod
metadata:
name: memleak-pod
labels:
app: memleak
spec:
containers:
- name: simmemleak
image: ikubernetes/simmemleak
imagePullPolicy: IfNotPresent
resources:
requests:
memory: "64Mi"
cpu: "1"
limits:
memory: "64Mi"
cpu: "1"
