2017-09-03 15:58:39 +08:00
<!DOCTYPE HTML>
2017-09-19 22:01:07 +08:00
< html lang = "zh-hans" >
2017-09-03 15:58:39 +08:00
< head >
< meta charset = "UTF-8" >
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< title > 4.3.7 管理容器的计算资源 · Kubernetes Handbook< / title >
< meta http-equiv = "X-UA-Compatible" content = "IE=edge" / >
< meta name = "description" content = "" >
< meta name = "generator" content = "GitBook 3.2.2" >
< meta name = "author" content = "Jimmy Song" >
< link rel = "stylesheet" href = "../gitbook/style.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-splitter/splitter.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-page-toc-button/plugin.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-image-captions/image-captions.css" >
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-back-to-top-button/plugin.css" >
2017-09-03 15:58:39 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-search-plus/search.css" >
2017-09-19 21:38:03 +08:00
2017-10-09 15:28:05 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css" >
2017-09-03 15:58:39 +08:00
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-highlight/website.css" >
< link rel = "stylesheet" href = "../gitbook/gitbook-plugin-fontsettings/website.css" >
2017-10-09 15:28:05 +08:00
2017-09-03 15:58:39 +08:00
< meta name = "HandheldFriendly" content = "true" / >
< meta name = "viewport" content = "width=device-width, initial-scale=1, user-scalable=no" >
< meta name = "apple-mobile-web-app-capable" content = "yes" >
< meta name = "apple-mobile-web-app-status-bar-style" content = "black" >
< link rel = "apple-touch-icon-precomposed" sizes = "152x152" href = "../gitbook/images/apple-touch-icon-precomposed-152.png" >
< link rel = "shortcut icon" href = "../gitbook/images/favicon.ico" type = "image/x-icon" >
2017-09-25 21:41:08 +08:00
< link rel = "next" href = "using-prometheus-to-monitor-kuberentes-cluster.html" / >
2017-09-03 15:58:39 +08:00
< link rel = "prev" href = "data-persistence-problem.html" / >
2017-10-09 15:28:05 +08:00
< link rel = "shortcut icon" href = '../favicon.ico' type = "image/x-icon" >
< link rel = "bookmark" href = '../favicon.ico' type = "image/x-icon" >
< style >
@media only screen and (max-width: 640px) {
.book-header .hidden-mobile {
display: none;
}
}
< / style >
< script >
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
< / script >
2017-09-03 15:58:39 +08:00
< / head >
< body >
< div class = "book" >
< div class = "book-summary" >
< div id = "book-search-input" role = "search" >
2017-09-19 22:01:07 +08:00
< input type = "text" placeholder = "输入并搜索" / >
2017-09-03 15:58:39 +08:00
< / div >
< nav role = "navigation" >
< ul class = "summary" >
2017-10-09 15:28:05 +08:00
< li >
< a href = "https://jimmysong.io" target = "_blank" class = "custom-link" > Home< / a >
< / li >
2017-09-03 15:58:39 +08:00
2017-10-09 15:28:05 +08:00
< li class = "divider" > < / li >
2017-09-03 15:58:39 +08:00
< li class = "chapter " data-level = "1.1" data-path = "../" >
< a href = "../" >
2017-10-20 10:51:14 +08:00
序言
2017-09-03 15:58:39 +08:00
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.2" data-path = "../cloud-native/kubernetes-and-cloud-native-app-overview.html" >
< a href = "../cloud-native/kubernetes-and-cloud-native-app-overview.html" >
1. Kubernetes与云原生应用概览
< / a >
< / li >
< li class = "chapter " data-level = "1.3" data-path = "../concepts/" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/" >
2. 概念原理
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.1" data-path = "../concepts/concepts.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/concepts.html" >
2.1 设计理念
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2" data-path = "../concepts/objects.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/objects.html" >
2.2 Objects
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1" data-path = "../concepts/pod-overview.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/pod-overview.html" >
2.2.1 Pod
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.1" data-path = "../concepts/pod.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/pod.html" >
2.2.1.1 Pod解析
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.2" data-path = "../concepts/init-containers.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/init-containers.html" >
2.2.1.2 Init容器
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.3" data-path = "../concepts/pod-security-policy.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/pod-security-policy.html" >
2.2.1.3 Pod安全策略
< / a >
2017-09-17 15:39:26 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.1.4" data-path = "../concepts/pod-lifecycle.html" >
2017-09-17 15:39:26 +08:00
< a href = "../concepts/pod-lifecycle.html" >
2.2.1.4 Pod的生命周期
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.2" data-path = "../concepts/node.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/node.html" >
2.2.2 Node
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.3" data-path = "../concepts/namespace.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/namespace.html" >
2.2.3 Namespace
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.4" data-path = "../concepts/service.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/service.html" >
2.2.4 Service
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.5" data-path = "../concepts/volume.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/volume.html" >
2.2.5 Volume和Persistent Volume
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.6" data-path = "../concepts/deployment.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/deployment.html" >
2.2.6 Deployment
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.7" data-path = "../concepts/secret.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/secret.html" >
2.2.7 Secret
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.8" data-path = "../concepts/statefulset.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/statefulset.html" >
2.2.8 StatefulSet
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.9" data-path = "../concepts/daemonset.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/daemonset.html" >
2.2.9 DaemonSet
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.10" data-path = "../concepts/serviceaccount.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/serviceaccount.html" >
2.2.10 ServiceAccount
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.11" data-path = "../concepts/replicaset.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/replicaset.html" >
2.2.11 ReplicationController和ReplicaSet
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.12" data-path = "../concepts/job.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/job.html" >
2.2.12 Job
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.13" data-path = "../concepts/cronjob.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/cronjob.html" >
2.2.13 CronJob
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.14" data-path = "../concepts/ingress.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/ingress.html" >
2.2.14 Ingress
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.15" data-path = "../concepts/configmap.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/configmap.html" >
2.2.15 ConfigMap
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.16" data-path = "../concepts/horizontal-pod-autoscaling.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/horizontal-pod-autoscaling.html" >
2.2.16 Horizontal Pod Autoscaling
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.17" data-path = "../concepts/label.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/label.html" >
2.2.17 Label
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.18" data-path = "../concepts/garbage-collection.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/garbage-collection.html" >
2.2.18 垃圾收集
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.3.2.19" data-path = "../concepts/network-policy.html" >
2017-09-03 15:58:39 +08:00
< a href = "../concepts/network-policy.html" >
2.2.19 NetworkPolicy
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4" data-path = "../guide/" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/" >
3. 用户指南
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1" data-path = "../guide/resource-configuration.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/resource-configuration.html" >
2017-09-28 21:20:49 +08:00
3.1 资源对象配置
2017-09-03 15:58:39 +08:00
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.1" data-path = "../guide/configure-liveness-readiness-probes.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/configure-liveness-readiness-probes.html" >
3.1.1 配置Pod的liveness和readiness探针
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.2" data-path = "../guide/configure-pod-service-account.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/configure-pod-service-account.html" >
3.1.2 配置Pod的Service Account
< / a >
2017-09-28 21:20:49 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.3" data-path = "../guide/secret-configuration.html" >
2017-09-28 21:20:49 +08:00
< a href = "../guide/secret-configuration.html" >
3.1.3 Secret配置
< / a >
2017-10-10 14:51:45 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.1.4" data-path = "../guide/resource-quota-management.html" >
2017-10-10 14:51:45 +08:00
< a href = "../guide/resource-quota-management.html" >
3.2.3 管理namespace中的资源配额
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.2" data-path = "../guide/command-usage.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/command-usage.html" >
3.2 命令使用
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.2.1" data-path = "../guide/using-kubectl.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/using-kubectl.html" >
3.2.1 使用kubectl
< / a >
2017-09-16 20:56:43 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.2.2" data-path = "../guide/docker-cli-to-kubectl.html" >
2017-09-16 20:56:43 +08:00
< a href = "../guide/docker-cli-to-kubectl.html" >
3.2.2 docker用户过度到kubectl命令行指南
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3" data-path = "../guide/cluster-security-management.html" >
2017-09-03 15:58:39 +08:00
2017-09-07 12:29:13 +08:00
< a href = "../guide/cluster-security-management.html" >
2017-09-03 15:58:39 +08:00
2017-09-07 12:29:13 +08:00
3.3 集群安全性管理
2017-09-03 15:58:39 +08:00
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.1" data-path = "../guide/managing-tls-in-a-cluster.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/managing-tls-in-a-cluster.html" >
3.3.1 管理集群中的TLS
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.2" data-path = "../guide/kubelet-authentication-authorization.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/kubelet-authentication-authorization.html" >
3.3.2 kubelet的认证授权
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.3" data-path = "../guide/tls-bootstrapping.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/tls-bootstrapping.html" >
3.3.3 TLS bootstrap
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.4" data-path = "../guide/kubectl-user-authentication-authorization.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/kubectl-user-authentication-authorization.html" >
3.3.4 kubectl的用户认证授权
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.5" data-path = "../guide/rbac.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/rbac.html" >
3.3.5 RBAC——基于角色的访问控制
< / a >
2017-09-07 14:13:59 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.3.6" data-path = "../guide/ip-masq-agent.html" >
2017-09-07 14:13:59 +08:00
< a href = "../guide/ip-masq-agent.html" >
3.3.6 IP伪装代理
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4" data-path = "../guide/access-kubernetes-cluster.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/access-kubernetes-cluster.html" >
3.4 访问 Kubernetes 集群
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.1" data-path = "../guide/access-cluster.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/access-cluster.html" >
3.4.1 访问集群
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.2" data-path = "../guide/authenticate-across-clusters-kubeconfig.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/authenticate-across-clusters-kubeconfig.html" >
3.4.2 使用 kubeconfig 文件配置跨集群认证
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.3" data-path = "../guide/connecting-to-applications-port-forward.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/connecting-to-applications-port-forward.html" >
3.4.3 通过端口转发访问集群中的应用程序
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.4.4" data-path = "../guide/service-access-application-cluster.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/service-access-application-cluster.html" >
3.4.4 使用 service 访问群集中的应用程序
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.5" data-path = "../guide/application-development-deployment-flow.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/application-development-deployment-flow.html" >
3.5 在kubernetes中开发部署应用
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.5.1" data-path = "../guide/deploy-applications-in-kubernetes.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/deploy-applications-in-kubernetes.html" >
3.5.1 适用于kubernetes的应用开发部署流程
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.4.5.2" data-path = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
2017-09-03 15:58:39 +08:00
< a href = "../guide/migrating-hadoop-yarn-to-kubernetes.html" >
3.5.2 迁移传统应用到kubernetes中——以Hadoop YARN为例
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5" data-path = "./" >
2017-09-03 15:58:39 +08:00
< a href = "./" >
4. 最佳实践
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1" data-path = "install-kbernetes1.6-on-centos.html" >
2017-09-03 15:58:39 +08:00
< a href = "install-kbernetes1.6-on-centos.html" >
4.1 在CentOS上部署kubernetes1.6集群
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.1" data-path = "create-tls-and-secret-key.html" >
2017-09-03 15:58:39 +08:00
< a href = "create-tls-and-secret-key.html" >
4.1.1 创建TLS证书和秘钥
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.2" data-path = "create-kubeconfig.html" >
2017-09-03 15:58:39 +08:00
< a href = "create-kubeconfig.html" >
4.1.2 创建kubeconfig文件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.3" data-path = "etcd-cluster-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "etcd-cluster-installation.html" >
4.1.3 创建高可用etcd集群
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.4" data-path = "kubectl-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "kubectl-installation.html" >
4.1.4 安装kubectl命令行工具
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.5" data-path = "master-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "master-installation.html" >
4.1.5 部署master节点
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.6" data-path = "node-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "node-installation.html" >
4.1.6 部署node节点
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.7" data-path = "kubedns-addon-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "kubedns-addon-installation.html" >
4.1.7 安装kubedns插件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.8" data-path = "dashboard-addon-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "dashboard-addon-installation.html" >
4.1.8 安装dashboard插件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.9" data-path = "heapster-addon-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "heapster-addon-installation.html" >
4.1.9 安装heapster插件
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.1.10" data-path = "efk-addon-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "efk-addon-installation.html" >
4.1.10 安装EFK插件
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2" data-path = "service-discovery-and-loadbalancing.html" >
2017-09-03 15:58:39 +08:00
< a href = "service-discovery-and-loadbalancing.html" >
4.2 服务发现与负载均衡
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.1" data-path = "traefik-ingress-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "traefik-ingress-installation.html" >
4.2.1 安装Traefik ingress
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.2" data-path = "distributed-load-test.html" >
2017-09-03 15:58:39 +08:00
< a href = "distributed-load-test.html" >
4.2.2 分布式负载测试
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.3" data-path = "network-and-cluster-perfermance-test.html" >
2017-09-03 15:58:39 +08:00
< a href = "network-and-cluster-perfermance-test.html" >
4.2.3 网络和集群性能测试
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.2.4" data-path = "edge-node-configuration.html" >
2017-09-03 15:58:39 +08:00
< a href = "edge-node-configuration.html" >
4.2.4 边缘节点配置
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3" data-path = "operation.html" >
2017-09-03 15:58:39 +08:00
< a href = "operation.html" >
4.3 运维管理
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.1" data-path = "service-rolling-update.html" >
2017-09-03 15:58:39 +08:00
< a href = "service-rolling-update.html" >
4.3.1 服务滚动升级
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.2" data-path = "app-log-collection.html" >
2017-09-03 15:58:39 +08:00
< a href = "app-log-collection.html" >
4.3.2 应用日志收集
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.3" data-path = "configuration-best-practice.html" >
2017-09-03 15:58:39 +08:00
< a href = "configuration-best-practice.html" >
4.3.3 配置最佳实践
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.4" data-path = "monitor.html" >
2017-09-03 15:58:39 +08:00
< a href = "monitor.html" >
4.3.4 集群及应用监控
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.5" data-path = "jenkins-ci-cd.html" >
2017-09-03 15:58:39 +08:00
< a href = "jenkins-ci-cd.html" >
4.3.5 使用Jenkins进行持续构建与发布
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.6" data-path = "data-persistence-problem.html" >
2017-09-03 15:58:39 +08:00
< a href = "data-persistence-problem.html" >
4.3.6 数据持久化问题
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter active" data-level = "1.5.3.7" data-path = "manage-compute-resources-container.html" >
2017-09-03 15:58:39 +08:00
< a href = "manage-compute-resources-container.html" >
4.3.7 管理容器的计算资源
< / a >
2017-09-25 21:41:08 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.8" data-path = "using-prometheus-to-monitor-kuberentes-cluster.html" >
2017-09-25 21:41:08 +08:00
< a href = "using-prometheus-to-monitor-kuberentes-cluster.html" >
4.3.8 使用Prometheus监控kubernetes集群
< / a >
2017-10-16 17:36:01 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.9" data-path = "using-heapster-to-get-object-metrics.html" >
2017-10-16 17:36:01 +08:00
< a href = "using-heapster-to-get-object-metrics.html" >
4.3.9 使用Heapster获取集群和对象的metric数据
< / a >
2017-10-18 16:53:12 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.3.10" data-path = "manually-upgrade.html" >
2017-10-18 16:53:12 +08:00
< a href = "manually-upgrade.html" >
4.3.10 手动集群升级
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4" data-path = "storage.html" >
2017-09-03 15:58:39 +08:00
< a href = "storage.html" >
4.4 存储管理
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.1" data-path = "glusterfs.html" >
2017-09-03 15:58:39 +08:00
< a href = "glusterfs.html" >
4.4.1 GlusterFS
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.1.1" data-path = "using-glusterfs-for-persistent-storage.html" >
2017-09-03 15:58:39 +08:00
< a href = "using-glusterfs-for-persistent-storage.html" >
4.4.1.1 使用GlusterFS做持久化存储
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.1.2" data-path = "storage-for-containers-using-glusterfs-with-openshift.html" >
2017-09-03 15:58:39 +08:00
< a href = "storage-for-containers-using-glusterfs-with-openshift.html" >
4.4.1.2 在OpenShift中使用GlusterFS做持久化存储
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.2" data-path = "cephfs.html" >
2017-09-03 15:58:39 +08:00
< a href = "cephfs.html" >
4.4.2 CephFS
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.4.2.1" data-path = "using-ceph-for-persistent-storage.html" >
2017-09-03 15:58:39 +08:00
< a href = "using-ceph-for-persistent-storage.html" >
4.4.2.1 使用Ceph做持久化存储
< / a >
< / li >
< / ul >
< / li >
< / ul >
2017-10-19 15:31:08 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.5.5" data-path = "services-management-tool.html" >
2017-10-19 15:31:08 +08:00
< a href = "services-management-tool.html" >
4.5 服务编排管理
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6" data-path = "../usecases/" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/" >
5. 领域应用
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.1" data-path = "../usecases/microservices.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/microservices.html" >
5.1 微服务架构
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.1.1" data-path = "../usecases/service-discovery-in-microservices.html" >
2017-09-20 21:55:19 +08:00
< a href = "../usecases/service-discovery-in-microservices.html" >
5.1.1 微服务中的服务发现
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2" data-path = "../usecases/service-mesh.html" >
2017-09-20 21:55:19 +08:00
< a href = "../usecases/service-mesh.html" >
5.2 Service Mesh 服务网格
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.1" data-path = "../usecases/istio.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/istio.html" >
5.1.1 Istio
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.1.1" data-path = "../usecases/istio-installation.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/istio-installation.html" >
5.1.1.1 安装istio
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.1.2" data-path = "../usecases/configuring-request-routing.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/configuring-request-routing.html" >
5.1.1.2 配置请求的路由规则
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.2" data-path = "../usecases/linkerd.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/linkerd.html" >
5.1.2 Linkerd
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.2.2.1" data-path = "../usecases/linkerd-user-guide.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/linkerd-user-guide.html" >
5.1.2.1 Linkerd 使用指南
< / a >
< / li >
< / ul >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.3" data-path = "../usecases/big-data.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/big-data.html" >
5.2 大数据
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.3.1" data-path = "../usecases/spark-standalone-on-kubernetes.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/spark-standalone-on-kubernetes.html" >
5.2.1 Spark standalone on Kubernetes
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.3.2" data-path = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
2017-09-03 15:58:39 +08:00
2017-09-14 15:57:50 +08:00
< a href = "../usecases/running-spark-with-kubernetes-native-scheduler.html" >
2017-09-03 15:58:39 +08:00
5.2.2 运行支持kubernetes原生调度的Spark程序
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.6.4" data-path = "../usecases/serverless.html" >
2017-09-03 15:58:39 +08:00
< a href = "../usecases/serverless.html" >
5.3 Serverless架构
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7" data-path = "../develop/" >
2017-09-03 15:58:39 +08:00
< a href = "../develop/" >
6. 开发指南
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.1" data-path = "../develop/developing-environment.html" >
2017-09-03 15:58:39 +08:00
< a href = "../develop/developing-environment.html" >
6.1 开发环境搭建
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.2" data-path = "../develop/testing.html" >
2017-09-03 15:58:39 +08:00
< a href = "../develop/testing.html" >
6.2 单元测试和集成测试
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.3" data-path = "../develop/client-go-sample.html" >
2017-09-03 15:58:39 +08:00
< a href = "../develop/client-go-sample.html" >
6.3 client-go示例
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.7.4" data-path = "../develop/contribute.html" >
2017-09-03 15:58:39 +08:00
< a href = "../develop/contribute.html" >
6.4 社区贡献
< / a >
< / li >
< / ul >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8" data-path = "../appendix/" >
2017-09-03 15:58:39 +08:00
< a href = "../appendix/" >
7. 附录
< / a >
< ul class = "articles" >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.1" data-path = "../appendix/docker-best-practice.html" >
2017-09-03 15:58:39 +08:00
< a href = "../appendix/docker-best-practice.html" >
7.1 Docker最佳实践
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.2" data-path = "../appendix/issues.html" >
2017-09-03 15:58:39 +08:00
< a href = "../appendix/issues.html" >
7.2 问题记录
< / a >
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.3" data-path = "../appendix/tricks.html" >
2017-09-03 15:58:39 +08:00
< a href = "../appendix/tricks.html" >
7.3 使用技巧
< / a >
2017-09-21 15:00:54 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.4" data-path = "../appendix/debug-kubernetes-services.html" >
2017-09-21 15:00:54 +08:00
< a href = "../appendix/debug-kubernetes-services.html" >
7.4 kubernetes service中的故障排查
< / a >
2017-10-18 14:16:55 +08:00
< / li >
2017-10-20 10:51:14 +08:00
< li class = "chapter " data-level = "1.8.5" data-path = "../appendix/material-share.html" >
2017-10-18 14:16:55 +08:00
< a href = "../appendix/material-share.html" >
2017-10-18 16:53:12 +08:00
7.5 Kubernetes相关资讯和情报链接
2017-10-18 14:16:55 +08:00
< / a >
2017-09-03 15:58:39 +08:00
< / li >
< / ul >
< / li >
< li class = "divider" > < / li >
< li >
< a href = "https://www.gitbook.com" target = "blank" class = "gitbook-link" >
2017-09-19 22:01:07 +08:00
本书使用 GitBook 发布
2017-09-03 15:58:39 +08:00
< / a >
< / li >
< / ul >
< / nav >
< / div >
< div class = "book-body" >
< div class = "body-inner" >
< div class = "book-header" role = "navigation" >
<!-- Title -->
< h1 >
< i class = "fa fa-circle-o-notch fa-spin" > < / i >
< a href = ".." > 4.3.7 管理容器的计算资源< / a >
< / h1 >
< / div >
< div class = "page-wrapper" tabindex = "-1" role = "main" >
< div class = "page-inner" >
< div class = "search-plus" id = "book-search-results" >
< div class = "search-noresults" >
< section class = "normal markdown-section" >
< h1 id = "管理容器的计算资源" > 管 理 容 器 的 计 算 资 源 < / h1 >
< p > 当 您 定 义 < a href = "http://kubernetes.io/docks/user-guide/pods" target = "_blank" > Pod< / a > 的 时 候 可 以 选 择 为 每 个 容 器 指 定 需 要 的 CPU 和 内 存 ( RAM) 大 小 。 当 为 容 器 指 定 了 资 源 请 求 后 , 调 度 器 就 能 够 更 好 的 判 断 出 将 容 器 调 度 到 哪 个 节 点 上 。 如 果 您 还 为 容 器 指 定 了 资 源 限 制 , 节 点 上 的 资 源 就 可 以 按 照 指 定 的 方 式 做 竞 争 。 关 于 资 源 请 求 和 限 制 的 不 同 点 和 更 多 资 料 请 参 考 < a href = "https://git.k8s.io/community/contributors/design-proposals/resource-qos.md" target = "_blank" > Resource QoS< / a > 。 < / p >
< h2 id = "资源类型" > 资 源 类 型 < / h2 >
< p > < em > CPU< / em > 和 < em > memory< / em > 都 是 < em > 资 源 类 型 < / em > 。 资 源 类 型 具 有 基 本 单 位 。 CPU 的 单 位 是 core, memory 的 单 位 是 byte。 < / p >
< p > CPU和 内 存 统 称 为 < em > 计 算 资 源 < / em > , 也 可 以 称 为 < em > 资 源 < / em > 。 计 算 资 源 的 数 量 是 可 以 被 请 求 、 分 配 和 消 耗 的 可 测 量 的 。 它 们 与 < a href = "https://kubernetes.io/docks/api/" target = "_blank" > API 资 源 < / a > 不 同 。 API 资 源 ( 如 Pod 和 < a href = "https://kubernetes.io/docks/user-guide/services" target = "_blank" > Service< / a > ) 是 可 通 过 Kubernetes API server 读 取 和 修 改 的 对 象 。 < / p >
< h2 id = "pod-和-容器的资源请求和限制" > Pod 和 容 器 的 资 源 请 求 和 限 制 < / h2 >
< p > Pod 中 的 每 个 容 器 都 可 以 指 定 以 下 的 一 个 或 者 多 个 值 : < / p >
< ul >
2017-09-28 17:37:59 +08:00
< li > < code > spec.containers[].resources.limits.cpu< / code > < / li >
2017-09-03 15:58:39 +08:00
< li > < code > spec.containers[].resources.limits.memory< / code > < / li >
< li > < code > spec.containers[].resources.requests.cpu< / code > < / li >
< li > < code > spec.containers[].resources.requests.memory< / code > < / li >
< / ul >
< p > 尽 管 只 能 在 个 别 容 器 上 指 定 请 求 和 限 制 , 但 是 我 们 可 以 方 便 地 计 算 出 Pod 资 源 请 求 和 限 制 。 特 定 资 源 类 型 的 Pod 资 源 请 求 /限 制 是 Pod 中 每 个 容 器 的 该 类 型 的 资 源 请 求 /限 制 的 总 和 。 < / p >
< h2 id = "cpu-的含义" > CPU 的 含 义 < / h2 >
< p > CPU 资 源 的 限 制 和 请 求 以 < em > cpu< / em > 为 单 位 。 < / p >
< p > Kubernetes 中 的 一 个 cpu 等 于 : < / p >
< ul >
< li > 1 AWS vCPU< / li >
< li > 1 GCP Core< / li >
< li > 1 Azure vCore< / li >
< li > 1 < em > Hyperthread< / em > 在 带 有 超 线 程 的 裸 机 Intel 处 理 器 上 < / li >
< / ul >
< p > 允 许 浮 点 数 请 求 。 具 有 < code > spec.containers[].resources.requests.cpu< / code > 为 0.5 的 容 器 保 证 了 一 半 CPU 要 求 1 CPU的 一 半 。 表 达 式 < code > 0.1< / code > 等 价 于 表 达 式 < code > 100m< / code > , 可 以 看 作 “ 100 millicpu” 。 有 些 人 说 成 是 “ 一 百 毫 cpu” , 其 实 说 的 是 同 样 的 事 情 。 具 有 小 数 点 ( 如 < code > 0.1< / code > ) 的 请 求 由 API 转 换 为 < code > 100m< / code > , 精 度 不 超 过 < code > 1m< / code > 。 因 此 , 可 能 会 优 先 选 择 < code > 100m< / code > 的 形 式 。 < / p >
2017-09-08 11:23:28 +08:00
< p > CPU 总 是 要 用 绝 对 数 量 , 不 可 以 使 用 相 对 数 量 ; 0.1 的 CPU 在 单 核 、 双 核 、 48核 的 机 器 中 的 意 义 是 一 样 的 。 < / p >
2017-09-03 15:58:39 +08:00
< h2 id = "内存的含义" > 内 存 的 含 义 < / h2 >
< p > 内 存 的 限 制 和 请 求 以 字 节 为 单 位 。 您 可 以 使 用 以 下 后 缀 之 一 作 为 平 均 整 数 或 定 点 整 数 表 示 内 存 : E, P, T, G, M, K。 您 还 可 以 使 用 两 个 字 母 的 等 效 的 幂 数 : Ei, Pi, Ti , Gi, Mi, Ki。 例 如 , 以 下 代 表 大 致 相 同 的 值 : < / p >
< pre > < code class = "lang-shell" > 128974848, 129e6, 129M, 123Mi
< / code > < / pre >
< p > 下 面 是 个 例 子 。 < / p >
2017-09-08 11:23:28 +08:00
< p > 以 下 Pod 有 两 个 容 器 。 每 个 容 器 的 请 求 为 0.25 cpu 和 64MiB( 2< sup > 26< / sup > 字 节 ) 内 存 , 每 个 容 器 的 限 制 为 0.5 cpu 和 128MiB 内 存 。 您 可 以 说 该 Pod 请 求 0.5 cpu 和 128 MiB 的 内 存 , 限 制 为 1 cpu 和 256MiB 的 内 存 。 < / p >
2017-09-03 15:58:39 +08:00
< pre > < code class = "lang-yaml" > < span class = "hljs-attr" > apiVersion:< / span > v1
< span class = "hljs-attr" > kind:< / span > Pod
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > frontend
< span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > containers:< / span >
< span class = "hljs-attr" > - name:< / span > db
< span class = "hljs-attr" > image:< / span > mysql
< span class = "hljs-attr" > resources:< / span >
< span class = "hljs-attr" > requests:< / span >
< span class = "hljs-attr" > memory:< / span > < span class = "hljs-string" > " 64Mi" < / span >
< span class = "hljs-attr" > cpu:< / span > < span class = "hljs-string" > " 250m" < / span >
< span class = "hljs-attr" > limits:< / span >
< span class = "hljs-attr" > memory:< / span > < span class = "hljs-string" > " 128Mi" < / span >
< span class = "hljs-attr" > cpu:< / span > < span class = "hljs-string" > " 500m" < / span >
< span class = "hljs-attr" > - name:< / span > wp
< span class = "hljs-attr" > image:< / span > wordpress
< span class = "hljs-attr" > resources:< / span >
< span class = "hljs-attr" > requests:< / span >
< span class = "hljs-attr" > memory:< / span > < span class = "hljs-string" > " 64Mi" < / span >
< span class = "hljs-attr" > cpu:< / span > < span class = "hljs-string" > " 250m" < / span >
< span class = "hljs-attr" > limits:< / span >
< span class = "hljs-attr" > memory:< / span > < span class = "hljs-string" > " 128Mi" < / span >
< span class = "hljs-attr" > cpu:< / span > < span class = "hljs-string" > " 500m" < / span >
< / code > < / pre >
< h2 id = "具有资源请求的-pod-如何调度" > 具 有 资 源 请 求 的 Pod 如 何 调 度 < / h2 >
< p > 当 您 创 建 一 个 Pod 时 , Kubernetes 调 度 程 序 将 为 Pod 选 择 一 个 节 点 。 每 个 节 点 具 有 每 种 资 源 类 型 的 最 大 容 量 : 可 为 Pod 提 供 的 CPU 和 内 存 量 。 调 度 程 序 确 保 对 于 每 种 资 源 类 型 , 调 度 的 容 器 的 资 源 请 求 的 总 和 小 于 节 点 的 容 量 。 请 注 意 , 尽 管 节 点 上 的 实 际 内 存 或 CPU 资 源 使 用 量 非 常 低 , 但 如 果 容 量 检 查 失 败 , 则 调 度 程 序 仍 然 拒 绝 在 该 节 点 上 放 置 Pod。 当 资 源 使 用 量 稍 后 增 加 时 , 例 如 在 请 求 率 的 每 日 峰 值 期 间 , 这 可 以 防 止 节 点 上 的 资 源 短 缺 。 < / p >
< h2 id = "具有资源限制的-pod-如何运行" > 具 有 资 源 限 制 的 Pod 如 何 运 行 < / h2 >
< p > 当 kubelet 启 动 一 个 Pod 的 容 器 时 , 它 会 将 CPU 和 内 存 限 制 传 递 到 容 器 运 行 时 。 < / p >
< p > 当 使 用 Docker 时 : < / p >
< ul >
2017-09-08 11:23:28 +08:00
< li > < code > spec.containers[].resources.requests.cpu< / code > 的 值 将 转 换 成 millicore 值 , 这 是 个 浮 点 数 , 并 乘 以 1024, 这 个 数 字 中 的 较 大 者 或 2用 作 < code > docker run< / code > 命 令 中 的 < a href = "https://docs.docker.com/engine/reference/run/#/cpu-share-constraint" target = "_blank" > < code > --cpu-shares< / code > < / a > 标 志 的 值 。 < / li >
2017-09-03 15:58:39 +08:00
< li > < code > spec.containers[].resources.limits.cpu< / code > 被 转 换 成 millicore 值 。 被 乘 以 100000 然 后 除 以 1000。 这 个 数 字 用 作 < code > docker run< / code > 命 令 中 的 < a href = "https://docs.docker.com/engine/reference/run/#/cpu-quota-constraint" target = "_blank" > < code > --cpu-quota< / code > < / a > 标 志 的 值 。 [< code > --cpu-quota< / code > ] 标 志 被 设 置 成 了 100000, 表 示 测 量 配 额 使 用 的 默 认 100ms 周 期 。 如 果 [< code > --cpu-cfs-quota< / code > ] 标 志 设 置 为 true, 则 kubelet 会 强 制 执 行 cpu 限 制 。 从 Kubernetes 1.2 版 本 起 , 此 标 志 默 认 为 true。 < / li >
< li > < code > spec.containers[].resources.limits.memory< / code > 被 转 换 为 整 型 , 作 为 < code > docker run< / code > 命 令 中 的 < a href = "https://docs.docker.com/engine/reference/run/#/user-memory-constraints" target = "_blank" > < code > --memory< / code > < / a > 标 志 的 值 。 < / li >
< / ul >
< p > 如 果 容 器 超 过 其 内 存 限 制 , 则 可 能 会 被 终 止 。 如 果 可 重 新 启 动 , 则 与 所 有 其 他 类 型 的 运 行 时 故 障 一 样 , kubelet 将 重 新 启 动 它 。 < / p >
< p > 如 果 一 个 容 器 超 过 其 内 存 请 求 , 那 么 当 节 点 内 存 不 足 时 , 它 的 Pod 可 能 被 逐 出 。 < / p >
< p > 容 器 可 能 被 允 许 也 可 能 不 被 允 许 超 过 其 CPU 限 制 时 间 。 但 是 , 由 于 CPU 使 用 率 过 高 , 不 会 被 杀 死 。 < / p >
< p > 要 确 定 容 器 是 否 由 于 资 源 限 制 而 无 法 安 排 或 被 杀 死 , 请 参 阅 < a href = "#troubleshooting" > 疑 难 解 答 < / a > 部 分 。 < / p >
< h2 id = "监控计算资源使用" > 监 控 计 算 资 源 使 用 < / h2 >
< p > Pod 的 资 源 使 用 情 况 被 报 告 为 Pod 状 态 的 一 部 分 。 < / p >
2017-09-08 11:23:28 +08:00
< p > 如 果 为 集 群 配 置 了 < a href = "http://releases.k8s.io//cluster/addons/cluster-monitoring/README.md" target = "_blank" > 可 选 监 控 < / a > , 则 可 以 从 监 控 系 统 检 索 Pod 资 源 的 使 用 情 况 。 < / p >
2017-09-03 15:58:39 +08:00
< h2 id = "疑难解答" > 疑 难 解 答 < / h2 >
2017-09-06 22:20:04 +08:00
< h3 id = "我的-pod-处于-pending-状态且事件信息显示-failedscheduling" > 我 的 Pod 处 于 pending 状 态 且 事 件 信 息 显 示 failedScheduling< / h3 >
< p > 如 果 调 度 器 找 不 到 任 何 该 Pod 可 以 匹 配 的 节 点 , 则 该 Pod 将 保 持 不 可 调 度 状 态 , 直 到 找 到 一 个 可 以 被 调 度 到 的 位 置 。 每 当 调 度 器 找 不 到 Pod 可 以 调 度 的 地 方 时 , 会 产 生 一 个 事 件 , 如 下 所 示 : < / p >
< pre > < code class = "lang-shell" > $ kubectl describe pod frontend | grep -A 3 Events
Events:
FirstSeen LastSeen Count From Subobject PathReason Message
36s 5s 6 {scheduler } FailedScheduling Failed for reason PodExceedsFreeCPU and possibly others
< / code > < / pre >
< p > 在 上 述 示 例 中 , 由 于 节 点 上 的 CPU 资 源 不 足 , 名 为 “ frontend” 的 Pod 将 无 法 调 度 。 由 于 内 存 不 足 ( PodExceedsFreeMemory) , 类 似 的 错 误 消 息 也 可 能 会 导 致 失 败 。 一 般 来 说 , 如 果 有 这 种 类 型 的 消 息 而 处 于 pending 状 态 , 您 可 以 尝 试 如 下 几 件 事 情 : < / p >
< pre > < code class = "lang-Shell" > $ kubectl describe nodes e2e-test-minion-group-4lw4
Name: e2e-test-minion-group-4lw4
[ ... lines removed for clarity ...]
Capacity:
alpha.kubernetes.io/nvidia-gpu: 0
cpu: 2
memory: 7679792Ki
pods: 110
Allocatable:
alpha.kubernetes.io/nvidia-gpu: 0
cpu: 1800m
memory: 7474992Ki
pods: 110
[ ... lines removed for clarity ...]
Non-terminated Pods: (5 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits
--------- ---- ------------ ---------- --------------- -------------
kube-system fluentd-gcp-v1.38-28bv1 100m (5%) 0 (0%) 200Mi (2%) 200Mi (2%)
kube-system kube-dns-3297075139-61lj3 260m (13%) 0 (0%) 100Mi (1%) 170Mi (2%)
kube-system kube-proxy-e2e-test-... 100m (5%) 0 (0%) 0 (0%) 0 (0%)
kube-system monitoring-influxdb-grafana-v4-z1m12 200m (10%) 200m (10%) 600Mi (8%) 600Mi (8%)
kube-system node-problem-detector-v0.1-fj7m3 20m (1%) 200m (10%) 20Mi (0%) 100Mi (1%)
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
CPU Requests CPU Limits Memory Requests Memory Limits
------------ ---------- --------------- -------------
680m (34%) 400m (20%) 920Mi (12%) 1070Mi (14%)
< / code > < / pre >
< h2 id = "我的容器被终结了" > 我 的 容 器 被 终 结 了 < / h2 >
< p > 您 的 容 器 可 能 因 为 资 源 枯 竭 而 被 终 结 了 。 要 查 看 容 器 是 否 因 为 遇 到 资 源 限 制 而 被 杀 死 , 请 在 相 关 的 Pod 上 调 用 < code > kubectl describe pod< / code > : < / p >
< pre > < code class = "lang-shell" > [12:54:41] $ kubectl describe pod simmemleak-hra99
Name: simmemleak-hra99
Namespace: default
Image(s): saadali/simmemleak
Node: kubernetes-node-tf0f/10.240.216.66
Labels: name=simmemleak
Status: Running
Reason:
Message:
IP: 10.244.2.75
Replication Controllers: simmemleak (1/1 replicas created)
Containers:
simmemleak:
Image: saadali/simmemleak
Limits:
cpu: 100m
memory: 50Mi
State: Running
Started: Tue, 07 Jul 2015 12:54:41 -0700
Last Termination State: Terminated
Exit Code: 1
Started: Fri, 07 Jul 2015 12:54:30 -0700
Finished: Fri, 07 Jul 2015 12:54:33 -0700
Ready: False
Restart Count: 5
Conditions:
Type Status
Ready False
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
Tue, 07 Jul 2015 12:53:51 -0700 Tue, 07 Jul 2015 12:53:51 -0700 1 {scheduler } scheduled Successfully assigned simmemleak-hra99 to kubernetes-node-tf0f
Tue, 07 Jul 2015 12:53:51 -0700 Tue, 07 Jul 2015 12:53:51 -0700 1 {kubelet kubernetes-node-tf0f} implicitly required container POD pulled Pod container image " gcr.io/google_containers/pause:0.8.0" already present on machine
Tue, 07 Jul 2015 12:53:51 -0700 Tue, 07 Jul 2015 12:53:51 -0700 1 {kubelet kubernetes-node-tf0f} implicitly required container POD created Created with docker id 6a41280f516d
Tue, 07 Jul 2015 12:53:51 -0700 Tue, 07 Jul 2015 12:53:51 -0700 1 {kubelet kubernetes-node-tf0f} implicitly required container POD started Started with docker id 6a41280f516d
Tue, 07 Jul 2015 12:53:51 -0700 Tue, 07 Jul 2015 12:53:51 -0700 1 {kubelet kubernetes-node-tf0f} spec.containers{simmemleak} created Created with docker id 87348f12526a
< / code > < / pre >
< p > 在 上 面 的 例 子 中 , < code > Restart Count: 5< / code > 意 味 着 Pod 中 的 < code > simmemleak< / code > 容 器 被 终 止 并 重 启 了 五 次 。 < / p >
< p > 您 可 以 使 用 < code > kubectl get pod< / code > 命 令 加 上 < code > -o go-template=...< / code > 选 项 来 获 取 之 前 终 止 容 器 的 状 态 。 < / p >
< pre > < code class = "lang-Shell" > [13:59:01] $ kubectl get pod -o go-template=' {{range.status.containerStatuses}}{{" Container Name: " }}{{.name}}{{" \r\nLastState: " }}{{.lastState}}{{end}}' simmemleak-60xbc
Container Name: simmemleak
LastState: map[terminated:map[exitCode:137 reason:OOM Killed startedAt:2015-07-07T20:58:43Z finishedAt:2015-07-07T20:58:43Z containerID:docker://0e4095bba1feccdfe7ef9fb6ebffe972b4b14285d5acdec6f0d3ae8a22fad8b2]]
< / code > < / pre >
< p > 您 可 以 看 到 容 器 因 为 < code > reason:OOM killed< / code > 被 终 止 , < code > OOM< / code > 表 示 Out Of Memory。 < / p >
< h2 id = "不透明整型资源(alpha功能)" > 不 透 明 整 型 资 源 ( Alpha功 能 ) < / h2 >
< p > Kubernetes 1.5 版 本 中 引 入 不 透 明 整 型 资 源 。 不 透 明 的 整 数 资 源 允 许 集 群 运 维 人 员 发 布 新 的 节 点 级 资 源 , 否 则 系 统 将 不 了 解 这 些 资 源 。 < / p >
< p > 用 户 可 以 在 Pod 的 spec 中 消 费 这 些 资 源 , 就 像 CPU 和 内 存 一 样 。 调 度 器 负 责 资 源 计 量 , 以 便 在 不 超 过 可 用 量 的 同 时 分 配 给 Pod。 < / p >
< p > < strong > 注 意 : < / strong > 不 透 明 整 型 资 源 在 kubernetes 1.5 中 还 是 Alpha 版 本 。 只 实 现 了 资 源 计 量 , 节 点 级 别 的 隔 离 还 处 于 积 极 的 开 发 阶 段 。 < / p >
< p > 不 透 明 整 型 资 源 是 以 < code > pod.alpha.kubernetes.io/opaque-int-resource-< / code > 为 前 缀 的 资 源 。 API server 将 限 制 这 些 资 源 的 数 量 为 整 数 。 < em > 有 效 < / em > 数 量 的 例 子 有 < code > 3< / code > 、 < code > 3000m< / code > 和 < code > 3Ki< / code > 。 < em > 无 效 < / em > 数 量 的 例 子 有 < code > 0.5< / code > 和 < code > 1500m< / code > 。 < / p >
2017-09-08 11:23:28 +08:00
< p > 申 请 使 用 不 透 明 整 型 资 源 需 要 两 步 。 首 先 , 集 群 运 维 人 员 必 须 在 一 个 或 多 个 节 点 上 通 告 每 个 节 点 不 透 明 的 资 源 。 然 后 , 用 户 必 须 在 Pod 中 请 求 不 透 明 资 源 。 < / p >
2017-09-06 22:20:04 +08:00
< p > 要 发 布 新 的 不 透 明 整 型 资 源 , 集 群 运 维 人 员 应 向 API server 提 交 < code > PATCH< / code > HTTP请 求 , 以 指 定 集 群 中 节 点 的 < code > status.capacity< / code > 的 可 用 数 量 。 在 此 操 作 之 后 , 节 点 的 < code > status.capacity< / code > 将 包 括 一 个 新 的 资 源 。 < code > status.allocatable< / code > 字 段 由 kubelet 异 步 地 使 用 新 资 源 自 动 更 新 。 请 注 意 , 由 于 调 度 器 在 评 估 Pod 适 应 度 时 使 用 节 点 < code > status.allocatable< / code > 值 , 所 以 在 使 用 新 资 源 修 补 节 点 容 量 和 请 求 在 该 节 点 上 调 度 资 源 的 第 一 个 pod 之 间 可 能 会 有 短 暂 的 延 迟 。 < / p >
2017-09-08 11:23:28 +08:00
< p > < strong > 示 例 < / strong > < / p >
< p > 这 是 一 个 HTTP 请 求 , master 节 点 是 k8s-master, 在 k8s-node-1 节 点 上 通 告 5 个 “ foo” 资 源 。 < / p >
2017-09-06 22:20:04 +08:00
< pre > < code class = "lang-http" > < span class = "hljs-keyword" > PATCH< / span > < span class = "hljs-string" > /api/v1/nodes/k8s-node-1/status< / span > HTTP/1.1
< span class = "hljs-attribute" > Accept< / span > : application/json
< span class = "hljs-attribute" > Content-Type< / span > : application/json-patch+json
< span class = "hljs-attribute" > Host< / span > : k8s-master:8080
< span class = "json" > [
{
< span class = "hljs-attr" > " op" < / span > : < span class = "hljs-string" > " add" < / span > ,
< span class = "hljs-attr" > " path" < / span > : < span class = "hljs-string" > " /status/capacity/pod.alpha.kubernetes.io~1opaque-int-resource-foo" < / span > ,
< span class = "hljs-attr" > " value" < / span > : < span class = "hljs-string" > " 5" < / span >
}
]
< / span > < / code > < / pre >
< pre > < code class = "lang-shell" > curl --header " Content-Type: application/json-patch+json" \
--request PATCH \
--data ' [{" op" : " add" , " path" : " /status/capacity/pod.alpha.kubernetes.io~1opaque-int-resource-foo" , " value" : " 5" }]' \
http://k8s-master:8080/api/v1/nodes/k8s-node-1/status
< / code > < / pre >
< p > < strong > 注 意 : < / strong > 在 前 面 的 请 求 中 , < code > ~1< / code > 是 patch 路 径 中 < code > /< / code > 字 符 的 编 码 。 JSON-Patch 中 的 操 作 路 径 值 被 解 释 为 JSON-Pointer。 更 多 详 细 信 息 请 参 阅 < a href = "https://tools.ietf.org/html/rfc6901#section-3" target = "_blank" > IETF RFC 6901, section 3< / a > 。 < / p >
< pre > < code class = "lang-yaml" > < span class = "hljs-attr" > apiVersion:< / span > v1
< span class = "hljs-attr" > kind:< / span > Pod
< span class = "hljs-attr" > metadata:< / span >
< span class = "hljs-attr" > name:< / span > my-pod
< span class = "hljs-attr" > spec:< / span >
< span class = "hljs-attr" > containers:< / span >
< span class = "hljs-attr" > - name:< / span > my-container
< span class = "hljs-attr" > image:< / span > myimage
< span class = "hljs-attr" > resources:< / span >
< span class = "hljs-attr" > requests:< / span >
< span class = "hljs-attr" > cpu:< / span > < span class = "hljs-number" > 2< / span >
pod.alpha.kubernetes.io/opaque-int-resource-foo: < span class = "hljs-number" > 1< / span >
< / code > < / pre >
< h2 id = "计划改进" > 计 划 改 进 < / h2 >
< p > 在 kubernetes 1.5 版 本 中 仅 允 许 在 容 器 上 指 定 资 源 量 。 计 划 改 进 对 所 有 容 器 在 Pod 中 共 享 资 源 的 计 量 , 如 < a href = "https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" target = "_blank" > emptyDir volume< / a > 。 < / p >
< p > 在 kubernetes 1.5 版 本 中 仅 支 持 容 器 对 CPU 和 内 存 的 申 请 和 限 制 。 计 划 增 加 新 的 资 源 类 型 , 包 括 节 点 磁 盘 空 间 资 源 和 一 个 可 支 持 自 定 义 < a href = "https://github.com/kubernetes/community/blob//contributors/design-proposals/resources.md" target = "_blank" > 资 源 类 型 < / a > 的 框 架 。 < / p >
< p > Kubernetes 通 过 支 持 通 过 多 级 别 的 < a href = "http://issue.k8s.io/168" target = "_blank" > 服 务 质 量 < / a > 来 支 持 资 源 的 过 度 使 用 。 < / p >
2017-10-09 15:28:05 +08:00
< p > 在 kubernetes 1.5 版 本 中 , 一 个 CPU 单 位 在 不 同 的 云 提 供 商 和 同 一 云 提 供 商 的 不 同 机 器 类 型 中 的 意 味 都 不 同 。 例 如 , 在 AWS 上 , 节 点 的 容 量 报 告 为 < a href = "http://aws.amazon.com/ec2/faqs/" target = "_blank" > ECU< / a > , 而 在 GCE 中 报 告 为 逻 辑 内 核 。 我 们 计 划 修 改 cpu 资 源 的 定 义 , 以 便 在 不 同 的 提 供 商 和 平 台 之 间 保 持 一 致 。 < / p >
< footer class = "page-footer" > < span class = "copyright" > Copyright © jimmysong.io 2017 all right reserved, powered by Gitbook< / span > < span class = "footer-modification" > Updated:
2017-09-28 17:36:25
< / span > < / footer >
2017-09-03 15:58:39 +08:00
< / section >
< / div >
< div class = "search-results" >
< div class = "has-results" >
< h1 class = "search-results-title" > < span class = 'search-results-count' > < / span > results matching "< span class = 'search-query' > < / span > "< / h1 >
< ul class = "search-results-list" > < / ul >
< / div >
< div class = "no-results" >
< h1 class = "search-results-title" > No results matching "< span class = 'search-query' > < / span > "< / h1 >
< / div >
< / div >
< / div >
< / div >
< / div >
< / div >
< a href = "data-persistence-problem.html" class = "navigation navigation-prev " aria-label = "Previous page: 4.3.6 数据持久化问题" >
< i class = "fa fa-angle-left" > < / i >
< / a >
2017-09-25 21:41:08 +08:00
< a href = "using-prometheus-to-monitor-kuberentes-cluster.html" class = "navigation navigation-next " aria-label = "Next page: 4.3.8 使用Prometheus监控kubernetes集群" >
2017-09-03 15:58:39 +08:00
< i class = "fa fa-angle-right" > < / i >
< / a >
< / div >
< script >
var gitbook = gitbook || [];
gitbook.push(function() {
2017-10-20 10:51:14 +08:00
gitbook.page.hasChanged({"page":{"title":"4.3.7 管理容器的计算资源","level":"1.5.3.7","depth":3,"next":{"title":"4.3.8 使用Prometheus监控kubernetes集群","level":"1.5.3.8","depth":3,"path":"practice/using-prometheus-to-monitor-kuberentes-cluster.md","ref":"practice/using-prometheus-to-monitor-kuberentes-cluster.md","articles":[]},"previous":{"title":"4.3.6 数据持久化问题","level":"1.5.3.6","depth":3,"path":"practice/data-persistence-problem.md","ref":"practice/data-persistence-problem.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"Copyright © jimmysong.io 2017","modify_label":"Updated:","modify_format":"YYYY-MM-DD HH:mm:ss"},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"fontsettings":{"theme":"white","family":"sans","size":2},"highlight":{},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"page-toc-button":{},"back-to-top-button":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.1","level":"1.2","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":1,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"1.2.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.2","level":"1.2","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":2,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"1.2.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.3","level":"1.2","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":3,"url":"../images/12-factor-app.png","index":3,"caption_template":"图片 - _CAPTION_","label":"十二因素应用","attributes":{},"skip":false,"key":"1.2.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.4","level":"1.2","list_caption":"Figure: 使用Jenkins进行持续集成与发布流程图","alt":"使用Jenkins进行持续集成与发布流程图","nro":4,"url":"../images/kubernetes-jenkins-ci-cd.png","index":4,"caption_template":"图片 - _CAPTION_","label":"使用Jenkins进行持续集成与发布流程图","attributes":{},"skip":false,"key":"1.2.4"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig1.2.5","level":"1.2","list_cap
2017-09-03 15:58:39 +08:00
});
< / script >
< / div >
< script src = "../gitbook/gitbook.js" > < / script >
< script src = "../gitbook/theme.js" > < / script >
< script src = "../gitbook/gitbook-plugin-github/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-splitter/splitter.js" > < / script >
< script src = "../gitbook/gitbook-plugin-page-toc-button/plugin.js" > < / script >
< script src = "../gitbook/gitbook-plugin-editlink/plugin.js" > < / script >
2017-09-19 21:38:03 +08:00
< script src = "../gitbook/gitbook-plugin-back-to-top-button/plugin.js" > < / script >
2017-09-03 15:58:39 +08:00
< script src = "../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js" > < / script >
< script src = "../gitbook/gitbook-plugin-search-plus/search.js" > < / script >
2017-10-09 15:28:05 +08:00
< script src = "../gitbook/gitbook-plugin-github-buttons/plugin.js" > < / script >
2017-10-11 18:13:13 +08:00
< script src = "../gitbook/gitbook-plugin-3-ba/plugin.js" > < / script >
2017-09-03 15:58:39 +08:00
< script src = "../gitbook/gitbook-plugin-sharing/buttons.js" > < / script >
< script src = "../gitbook/gitbook-plugin-fontsettings/fontsettings.js" > < / script >
< / body >
< / html >
