节点资源预留情况

背景知识

在kubernetes中可以通过给kubelet配置参数预留资源给系统进程和kubernetes进程保证它们稳定运行。目前能实现到cpu、memory、ephemeral-storage层面的资源预留。

  • cpu:配置cpu shares实际上对应的是cpu的优先级,简单来说,这个在cpu繁忙时,它能有更高优先级获取更多cpu资源。

  • ephemeral-storage:kubernetes1.8开始引入的一个资源限制的对象,kubernetes 1.10版本中kubelet默认已经打开的了,到目前1.11还是beta阶段,主要是用于对本地临时存储使用空间大小的限制,如对pod的empty dir、/var/lib/kubelet、日志、容器可读写层的使用大小的限制。

配置

  • Node capacity:节点总共的资源
  • kube-reserved:给kubernetes进程预留的资源
  • system-reserved:给操作系统预留的资源
  • eviction-threshold:kubelet eviction的阈值
  • allocatable:留给pod使用的资源

    node_allocatable=Node_capacity-(kube-reserved+system-reserved+hard-eviction)

eviction-threshold

分两类:

  1. kube-control-manager周期性的接收kubelet发送过来的心跳,检查所有节点的状态,当节点属于no ready时,驱逐重建上面的pod(默认超时5分钟)。
  2. kubelet周期性的检查host上的资源,与配置项里面的配置进行比对,达到阈值后,按照优先级驱逐pod。

eviction-threshold实际上是对pod limit_resource的补充,因为limit_resource只能针对单个pod做资源限制,当这个pod达到限制的阈值后,kubelet便会oom_killer掉这个container,而eviction-threshold根据事先设定的Eviction Thresholds来触发Eviction,调用算法筛选出合适的几个pod,kill掉一个或多个pod回收资源,被eviction掉的pod会被kube-scheduler在其他节点重新调度起来。
eviction-threshold分两种类型
Soft Eviction Thresholds:达到触发值后,并不是马上去驱逐pod,而是等待一个缓冲时间,这个配置参考
https://kubernetes.io/docs/tasks/administer-cluster/out-of-resource/

Hard Eviction Thresholds:达到触发值后,直接筛选出对应的pod kill掉

两种配置方式

  • 绝对值:memory.available<5Gi
  • 百分比:memory.available<5%

修改完配置后需要重启kubelet

systemctl restart kubelet

k8s-node1 (stable)

Capacity:
 cpu:                8
 ephemeral-storage:  41151808Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             16431804Ki
Allocatable:
 cpu:                7200m
 ephemeral-storage:  30666048Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             11823804Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=800m,memory=1500Mi --eviction-hard=memory.available<3000Mi,nodefs.available<10Gi

系统保留CPU资源800m,内存资源1500Mi
节点内存小于3000Mi,或者磁盘可用空间少于10Gi,立即触发Pod驱除机制

k8s-node5 (stable)

Capacity:
 cpu:                8
 ephemeral-storage:  515928504Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             16431788Ki
Allocatable:
 cpu:                7500m
 ephemeral-storage:  421556664Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             14334636Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=500m,memory=1024Mi --eviction-hard=memory.available<1024Mi,nodefs.available<90Gi

系统保留CPU资源500m,内存资源1024Mi
节点内存小于1024Mi,或者磁盘可用空间少于90Gi,立即触发Pod驱除机制

k8s-node-extend0 (stable)

Capacity:
 cpu:                4
 ephemeral-storage:  82437788Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             8174704Ki
Allocatable:
 cpu:                3600m
 ephemeral-storage:  75974665296
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             7548016Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=200m,memory=256Mi --kube-reserved=cpu=200m,memory=256Mi

系统保留CPU资源200m,内存资源256Mi
k8s保留CPU资源200m,内存资源256Mi

外部服务(未部署到ks8)

  • drone

k8s-node2 (computing)

Capacity:
 cpu:                4
 ephemeral-storage:  41151808Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             8174812Ki
Allocatable:
 cpu:                2
 ephemeral-storage:  34860352Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             5553372Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=1500m,memory=1024Mi --kube-reserved=cpu=500m,memory=512Mi --eviction-hard=memory.available<1Gi,nodefs.available<6Gi,imagefs.available<1Gi --eviction-minimum-reclaim="memory.available=0.6Gi,nodefs.available=5Gi,imagefs.available=1Gi"

系统保留CPU资源1500m,内存资源1024Mi
k8s保留CPU资源500m,内存资源512Mi
节点内存小于1Gi,磁盘可用空间少于6Gi,容器镜像可用磁盘空间少于1Gi,立即触发Pod驱除机制
每次pod驱除至少回收资源:内存不小于0.6Gi,磁盘不小于5Gi,容器镜像不小于1Gi

外部服务(未部署到ks8)

  • nginx

k8s-node3 (computing)

Capacity:
 cpu:                12
 ephemeral-storage:  103080204Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             24688684Ki
Allocatable:
 cpu:                9
 ephemeral-storage:  82108684Ki
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             19445804Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=3000m,memory=3Gi --eviction-hard=memory.available<2Gi,nodefs.available<20Gi

系统保留CPU资源3000m,内存资源3Gi
节点内存小于2Gi,磁盘可用空间少于20Gi,立即触发Pod驱除机制

外部服务(未部署到ks8)

  • rabbitmq

k8s-node4 (computing)

Capacity:
 cpu:                8
 ephemeral-storage:  302250Mi
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             16431788Ki
Allocatable:
 cpu:                6500m
 ephemeral-storage:  302250Mi
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             12235436Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=1500m,memory=2048Mi --eviction-hard=memory.available<2050Mi

系统保留CPU资源1500m,内存资源2048Mi
节点内存小于2050Mi,立即触发Pod驱除机制

k8s-node9 (computing)

Capacity:
 cpu:                8
 ephemeral-storage:  302250Mi
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             16431788Ki
Allocatable:
 cpu:                6
 ephemeral-storage:  301226Mi
 hugepages-1Gi:      0
 hugepages-2Mi:      0
 memory:             12237484Ki
/etc/default/kubelet
KUBELET_EXTRA_ARGS=--system-reserved=cpu=1000m,memory=2048Mi --kube-reserved=cpu=1000m,memory=1024Mi --eviction-hard=memory.available<1024Mi,nodefs.available<1Gi,imagefs.available<1Gi

系统保留CPU资源1000m,内存资源2048Mi
k8s保留CPU资源1000m,内存资源1024Mi
节点内存小于1024Mi,磁盘可用空间少于1Gi,容器镜像可用磁盘空间小于1Gi,立即触发Pod驱除机制

最后编辑: 马运宝  文档更新时间: 2021-01-08 14:32   作者:马运宝