【Kubernetes】容器内存限制
2023-09-27 14:23:50 时间
环境
- kubernetes 1.20.2
- Spring Boot 2.5.0-M1
目标
创建一个 Pod 限制其使用不同的内存量,查看 Pod 的状态。
限制最小内存
pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
spec:
containers:
- name: pod-demo
image: jiangbo920827/spring-demo:actuator
ports:
- containerPort: 8080
resources:
requests:
memory: 100Mi
查看请求限制
可以看到内存请求量已经生效了
[root@master pod]# kubectl describe -f pod.yaml
Name: pod-demo
Namespace: default
Priority: 0
Node: node1/192.168.56.102
Start Time: Tue, 26 Jan 2021 23:44:25 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.1.35
IPs:
IP: 10.244.1.35
Containers:
pod-demo:
Container ID: docker://44eccd49e8cff129eedb1e439785c383d70a3fae74e377f216240344d4e02159
Image: jiangbo920827/spring-demo:actuator
Image ID: docker-pullable://jiangbo920827/spring-demo@sha256:fef2dd74c274e783e4cf2f270da15cadbc0766c8a0d24dad31dd0258e2eb4722
Port: 8080/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 26 Jan 2021 23:44:26 +0800
Ready: True
Restart Count: 0
Requests:
memory: 100Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-slbq5 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-slbq5:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-slbq5
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 3s default-scheduler Successfully assigned default/pod-demo to node1
Normal Pulled 2s kubelet Container image "jiangbo920827/spring-demo:actuator" already present on machine
Normal Created 2s kubelet Created container pod-demo
Normal Started 2s kubelet Started container pod-demo
限制最大内存
pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
spec:
containers:
- name: pod-demo
image: jiangbo920827/spring-demo:actuator
ports:
- containerPort: 8080
resources:
requests:
memory: 100Mi
limits:
memory: 200Mi
查看最大限制
Ready: True
Restart Count: 0
Limits:
memory: 200Mi
Requests:
memory: 100Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-slbq5 (ro)
不限制请求大小
不限制请求内存的大小,只限制最大,则请求和最大一样多。
Ready: True
Restart Count: 0
Limits:
memory: 200Mi
Requests:
memory: 200Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-slbq5 (ro)
内存不足
pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
spec:
containers:
- name: pod-demo
image: jiangbo920827/spring-demo:actuator
ports:
- containerPort: 8080
resources:
limits:
memory: 20Mi
OOMKilled
可以看到容器启动失败,失败原因是:OOMKilled。
[root@master pod]# kubectl get pod
NAME READY STATUS RESTARTS AGE
pod-demo 0/1 CrashLoopBackOff 1 9s
[root@master pod]# kubectl describe -f pod.yaml
Name: pod-demo
Namespace: default
Priority: 0
Node: node1/192.168.56.102
Start Time: Wed, 27 Jan 2021 22:37:33 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.1.47
IPs:
IP: 10.244.1.47
Containers:
pod-demo:
Container ID: docker://479f54bdef27e9a22d51af01bf3b42d1e38be5b21674b8a40e239d5cb4d6b3b2
Image: jiangbo920827/spring-demo:actuator
Image ID: docker-pullable://jiangbo920827/spring-demo@sha256:fef2dd74c274e783e4cf2f270da15cadbc0766c8a0d24dad31dd0258e2eb4722
Port: 8080/TCP
Host Port: 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: OOMKilled
Exit Code: 137
Started: Wed, 27 Jan 2021 22:37:35 +0800
Finished: Wed, 27 Jan 2021 22:37:36 +0800
Ready: False
Restart Count: 1
Limits:
memory: 20Mi
Requests:
memory: 20Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-slbq5 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-slbq5:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-slbq5
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 18s default-scheduler Successfully assigned default/pod-demo to node1
Normal Pulled 17s (x2 over 18s) kubelet Container image "jiangbo920827/spring-demo:actuator" already present on machine
Normal Created 17s (x2 over 18s) kubelet Created container pod-demo
Normal Started 17s (x2 over 18s) kubelet Started container pod-demo
Warning BackOff 15s (x2 over 16s) kubelet Back-off restarting failed container
总结
介绍了容器的内存资源限制,可以限制容器请求量,也可以限制最大量。容器的内存资源限制不能动态修改,修改时会提示错误。
在内存资源不足时,容器将因为 Terminated 失败,并且不断地重启。
附录
相关文章
- kubernetes二进制文件、镜像tar包的下载方式
- kubernetes垃圾回收器GarbageCollector Controller源码分析(二)
- flink-kubernetes-operator 的简单使用
- kubernetes 安全
- Kubernetes安全专家认证 (CKS)1.20模拟题答案中文版
- Kubernetes CKS 2021【3】---Cluster Setup - Dashboard
- Kubernetes CKS 2021 Complete Course + Simulator笔记【1】---k8s架构介绍
- kubernetes 资源管理策略 Pod 的服务质量(QoS)
- 《Docker容器:利用Kubernetes、Flannel、Cockpit和Atomic构建和部署》——第1章 使用Docker对应用进行容器化 1.1了解容器化应用的优缺点
- Kubernetes基础知识详解
- Kubernetes生态架构以及常见的 CI/CD 架构,几张图拓宽k8s认识的场景和视野