kubernetes-pod资源需求和资源限制 _kubernetes

须知少年凌云志，曾许人间第一流。这篇文章主要讲述kubernetes-pod资源需求和资源限制相关的知识，希望能为你提供帮助。
一、如果requests与limits相等，则为指定固定大小。也可不指定limits为无上限，但cpu不足1核心时，最多只能跑满一个核心。

apiVersion: v1
kind: Pod
metadata:
name: stress-pod
spec:
containers:
- name: stress
image: ikubernetes/stress-ng
command: ["/usr/bin/stress-ng", "-c 1", "-m 1", "--metrics-brief"]
resources:
requests: #下阈值，最小阈值
memory: "128Mi"
cpu: "200m"
limits:#上阈值，最大阈值
memory: "512Mi"
cpu: "400m"

#测试
kubectl exec stress-pod -- top

二、Pod的资源优先级

QoS Class：服务质量类别，代表了Pod的资源被优先满足的类别
Guaranteed：Pod内的每个容器都分别设定了CPU和Memroy资源需求和资源限制，CPU的需求与限制相等，而且Memory的需求与限制也相等；
Bustable：中间层
BestEffort：未为任何一个容器设定任何需求或限制；

【kubernetes-pod资源需求和资源限制】三、pod 安全上下文、探针、sidecar、资源汇总示例

apiVersion: v1
kind: Pod
metadata:
name: all-in-one
namespace: default
spec:
initContainers:
- name: iptables-init
image: ikubernetes/admin-box:latest
imagePullPolicy: IfNotPresent
command: [/bin/sh,-c]
args: [iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80]
securityContext:
capabilities:
add:
- NET_ADMIN
containers:
- name: sidecar-proxy
image: envoyproxy/envoy-alpine:v1.13.1
command: [/bin/sh,-c]
args: [sleep 3 & & envoy -c /etc/envoy/envoy.yaml]
lifecycle:
postStart:
exec:
command: [/bin/sh,-c,wget -O /etc/envoy/envoy.yaml http://ilinux.io/envoy.yaml]
livenessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 5
readinessProbe:
tcpSocket:
port: 80
initialDelaySeconds: 5
- name: demo
image: ikubernetes/demoapp:v1.0
imagePullPolicy: IfNotPresent
env:
- name: PORT
value: 8080
livenessProbe:
httpGet:
path: /livez
port: 8080
initialDelaySeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: 8080
initialDelaySeconds: 15
securityContext:
runAsUser: 1001
runAsGroup: 1001
resources:
requests:
cpu: 0.5
memory: "64Mi"
limits:
cpu: 2
memory: "1024Mi"
securityContext:
supplementalGroups: [1002, 1003]
fsGroup: 2000