๐ŸšŒ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค ๋ฆฌ์†Œ์Šค[์ปจํ…Œ์ด๋„ˆ ๋ฆฌ์†Œ์Šค, LimitRanges, ResourceQuata]

๊น€์„ฑ์ธยท2023๋…„ 10์›” 19์ผ
0

[DevOps] ๐ŸณDocker & Kubernetes

๋ชฉ๋ก ๋ณด๊ธฐ
37/62

<๋„ค์ž„์ŠคํŽ˜์ด์Šค ์ •์ฑ…>
์ปจํ…Œ์ด๋„ˆ ๋ฆฌ์†Œ์Šค - ์ปจํ…Œ์ด๋„ˆ ๋ฆฌ์†Œ์Šค ์ œ์•ฝ ์กฐ๊ฑด
Limit Ranges - ํŒŒ๋“œ ๋ฆฌ์†Œ์Šค ์ œ์•ฝ ์กฐ๊ฑด

<๋„ค์ž„์ŠคํŽ˜์ด์Šค ์ž์ฒด ์ œํ•œ>
ResourceQuata - ๋„ค์ž„์ŠคํŽ˜์ด์Šค ๋ฆฌ์†Œ์Šค ์ œ์•ฝ ์กฐ๊ฑด

๋ฆฌ์†Œ์Šค ์ œํ•œ์„ ํ†ตํ•ด ํŒŒ๋“œ, ์ปจํ…Œ์ด๋„ˆ ๋“ฑ์ด ์‚ฌ์šฉํ•  ๋ฆฌ์†Œ์Šค ๋ฒ”์œ„๋ฅผ ์ ์ ˆํ•˜๊ฒŒ ์„ค์ •ํ•˜๋„๋ก ์ง€์›ํ•˜๋Š” ์ •์ฑ…


์ปจํ…Œ์ด๋„ˆ ๋ฆฌ์†Œ์Šค

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

!!!์ปจํ…Œ์ด๋„ˆ ๋ณ„ ์ œํ•œ์กฐ๊ฑด!!!
ํฌ๋“œ์˜ ๋ณผ๋ฅจ ์ œํ•œ์ด ์กด์žฌํ•˜๊ธด ํ•˜๋‚˜, ์ปจํ…Œ์ด๋„ˆ ์ž์ฒด์˜ ๋ณผ๋ฅจ ์ œํ•œ์€ ๋”ฑํžˆ ์—†์Œ.

  • ํŒŒ๋“œ ์ง€์ •์‹œ ์ปจํ…Œ์ด๋„ˆ์— ํ•„์š”ํ•œ ๊ฐ ๋ฆฌ์†Œ์Šค ์–‘์„ ์„ ํƒ์ ์œผ๋กœ ์ง€์ •(CPU, RAM ๋“ฑ)
  • kube-scheduler๊ฐ€ ๋ฆฌ์†Œ์Šค ์š”์ฒญ ์ •๋ณด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํŒŒ๋“œ๊ฐ€ ๋ฐฐ์น˜๋  ๋…ธ๋“œ๋ฅผ ๊ฒฐ์ •ํ•จ. (๋ฆฌ์†Œ์Šค ์ œํ•œ ์‹œํ‚ด)

์š”์ฒญ ๋ฐ ์ œํ•œ

ํŒŒ๋“œ๊ฐ€ ์‹คํ–‰ ์ค‘์ธ ๋…ธ๋“œ์— ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•œ ๋ฆฌ์†Œ์Šค๊ฐ€ ์ถฉ๋ถ„ํ•˜๋ฉด, ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ํ•ด๋‹น ๋ฆฌ์†Œ์Šค์— ์ง€์ •ํ•œ request ๋ณด๋‹ค ๋” ๋งŽ์€ ๋ฆฌ์†Œ์Šค๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ํ—ˆ์šฉ๋œ๋‹ค. ๊ทธ๋Ÿฌ๋‚˜, ์ปจํ…Œ์ด๋„ˆ๋Š” ๋ฆฌ์†Œ์Šค limit ๋ณด๋‹ค ๋” ๋งŽ์€ ๋ฆฌ์†Œ์Šค๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜๋Š” ์—†๋‹ค.

์˜ˆ๋ฅผ ๋“ค์–ด, ์ปจํ…Œ์ด๋„ˆ์— ๋Œ€ํ•ด 256MiB์˜ memory ์š”์ฒญ์„ ์„ค์ •ํ•˜๊ณ , ํ•ด๋‹น ์ปจํ…Œ์ด๋„ˆ๊ฐ€ 8GiB์˜ ๋ฉ”๋ชจ๋ฆฌ๋ฅผ ๊ฐ€์ง„ ๋…ธ๋“œ๋กœ ์Šค์ผ€์ค„๋œ ํŒŒ๋“œ์— ์žˆ๊ณ  ๋‹ค๋ฅธ ํŒŒ๋“œ๋Š” ์—†๋Š” ๊ฒฝ์šฐ, ์ปจํ…Œ์ด๋„ˆ๋Š” ๋” ๋งŽ์€ RAM์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค.

ํ•ด๋‹น ์ปจํ…Œ์ด๋„ˆ์— ๋Œ€ํ•ด 4GiB์˜ memory ์ œํ•œ์„ ์„ค์ •ํ•˜๋ฉด, kubelet(๊ทธ๋ฆฌ๊ณ  ์ปจํ…Œ์ด๋„ˆ ๋Ÿฐํƒ€์ž„)์ด ์ œํ•œ์„ ์ ์šฉํ•œ๋‹ค. ๋Ÿฐํƒ€์ž„์€ ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ๊ตฌ์„ฑ๋œ ๋ฆฌ์†Œ์Šค ์ œํ•œ์„ ์ดˆ๊ณผํ•˜์—ฌ ์‚ฌ์šฉํ•˜์ง€ ๋ชปํ•˜๊ฒŒ ํ•œ๋‹ค. ์˜ˆ๋ฅผ ๋“ค์–ด, ์ปจํ…Œ์ด๋„ˆ์˜ ํ”„๋กœ์„ธ์Šค๊ฐ€ ํ—ˆ์šฉ๋œ ์–‘๋ณด๋‹ค ๋งŽ์€ ๋ฉ”๋ชจ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๊ณ  ํ•˜๋ฉด, ์‹œ์Šคํ…œ ์ปค๋„์€ ๋ฉ”๋ชจ๋ฆฌ ๋ถ€์กฑ(out of memory, OOM) ์˜ค๋ฅ˜์™€ ํ•จ๊ป˜ ํ• ๋‹น์„ ์‹œ๋„ํ•œ ํ”„๋กœ์„ธ์Šค๋ฅผ ์ข…๋ฃŒํ•œ๋‹ค.

์ œํ•œ์€ ๋ฐ˜์‘์ (์‹œ์Šคํ…œ์ด ์œ„๋ฐ˜์„ ๊ฐ์ง€ํ•œ ํ›„์— ๊ฐœ์ž…)์œผ๋กœ ๋˜๋Š” ๊ฐ•์ œ์ (์‹œ์Šคํ…œ์ด ์ปจํ…Œ์ด๋„ˆ๊ฐ€ ์ œํ•œ์„ ์ดˆ๊ณผํ•˜์ง€ ์•Š๋„๋ก ๋ฐฉ์ง€)์œผ๋กœ ๊ตฌํ˜„ํ•  ์ˆ˜ ์žˆ๋‹ค. ๋Ÿฐํƒ€์ž„๋งˆ๋‹ค ๋‹ค๋ฅธ ๋ฐฉ์‹์œผ๋กœ ๋™์ผํ•œ ์ œ์•ฝ์„ ๊ตฌํ˜„ํ•  ์ˆ˜ ์žˆ๋‹ค.

  • ์š”์ฒญ ์ œํ•œ์ด ์—†์„ ๊ฒฝ์šฐ ๋ฆฌ์†Œ์Šค ์ œํ•œ์„ ๋ณต์‚ฌํ•˜์—ฌ ์š”์ฒญ ๊ฐ’์— ์‚ฌ์šฉํ•จ.

๋ฆฌ์†Œ์Šค ํƒ€์ž…(๋‹จ์œ„)

hugepages-*

  • CPU : m(millicpu) (0.1 = 100m)
  • Memory: Ti, Gi, Mi, Ki(1024) / T, G, M, K (1000)

๋ฆฌ์†Œ์Šค ์š”์ฒญ/์ œํ•œ ์„ค์ •

spec.containers[].resources.limits.cpu
spec.containers[].resources.limits.memory
spec.containers[].resources.limits.hugepages-<size>
spec.containers[].resources.requests.cpu
spec.containers[].resources.requests.memory
spec.containers[].resources.requests.hugepages-<size>

yaml

apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: images.my-company.example/app:v4
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
  - name: log-aggregator
    image: images.my-company.example/log-aggregator:v6
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"

๋ฆฌ์†Œ์Šค ํ™•์ธ

kubectl top pod -> heapster๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ž‘๋™ํ•จ


Limit Range

https://kubernetes.io/docs/concepts/policy/limit-range/

!!!ํฌ๋“œ๋ณ„ ์ œ์•ฝ์กฐ๊ฑด!!!

  • ์ฟ ๋ฒ„๋„คํ‹ฐ์Šค์˜ ๋ฆฌ์†Œ์Šค ์ฟผํ„ฐ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด ํด๋Ÿฌ์Šคํ„ฐ ๊ด€๋ฆฌ์ž(๋˜๋Š” ํด๋Ÿฌ์Šคํ„ฐ ์˜คํผ๋ ˆ์ดํ„ฐ ๋ผ๊ณ  ํ•จ)๋Š” ๋„ค์ž„์ŠคํŽ˜์ด์Šค๋ณ„๋กœ ๋ฆฌ์†Œ์Šค(CPU ์‹œ๊ฐ„, ๋ฉ”๋ชจ๋ฆฌ ๋ฐ ํผ์‹œ์Šคํ„ดํŠธ ์Šคํ† ๋ฆฌ์ง€) ์‚ฌ์šฉ๊ณผ ์ƒ์„ฑ์„ ์ œํ•œํ•  ์ˆ˜ ์žˆ๋‹ค.
  • ๋„ค์ž„์ŠคํŽ˜์ด์Šค ๋‚ด์—์„œ ํŒŒ๋“œ๋Š” ๋„ค์ž„์ŠคํŽ˜์ด์Šค์˜ ๋ฆฌ์†Œ์Šค ์ฟผํ„ฐ์— ์ •์˜๋œ ๋งŒํผ์˜ CPU์™€ ๋ฉ”๋ชจ๋ฆฌ๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋‹ค.

Limit Range : ๋„ค์ž„์ŠคํŽ˜์ด์Šค์˜ ๊ฐ ์ ์šฉ ๊ฐ€๋Šฅํ•œ ์˜ค๋ธŒ์ ํŠธ ์ข…๋ฅ˜์— ๋Œ€ํ•ด ์ง€์ •ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฆฌ์†Œ์Šคํ• ๋‹น์„ ์ œํ•œํ•˜๋Š” ์ •์ฑ…
-> ์˜ค๋ธŒ์ ํŠธ ์ข…๋ฅ˜: ํŒŒ๋“œ, PVC | ๋ฆฌ์†Œ์Šคํ• ๋‹น (์ œํ•œ/์š”์ฒญ)

๋ฆฌ๋ฐ‹๋ ˆ์ธ์ง€์˜ ์ œ์•ฝ ์กฐ๊ฑด

  • ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ํŒŒ๋“œ ๋˜๋Š” ์ปจํ…Œ์ด๋„ˆ๋ณ„ ์ตœ์†Œ ๋ฐ ์ตœ๋Œ€ ์ปดํ“จํŒ… ๋ฆฌ์†Œ์Šค ์‚ฌ์šฉ๋Ÿ‰์„ ์ง€์ •ํ•œ๋‹ค.
  • ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ PVC ๋ณ„ ์ตœ์†Œ ๋ฐ ์ตœ๋Œ€ ์Šคํ† ๋ฆฌ์ง€ ์š”์ฒญ์„ ์ง€์ •ํ•œ๋‹ค.
  • ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ๋ฆฌ์†Œ์Šค์— ๋Œ€ํ•œ ์š”์ฒญ๊ณผ ์ œํ•œ ์‚ฌ์ด์˜ ๋น„์œจ์„ ์ง€์ •ํ•œ๋‹ค.
  • ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ์ปดํ“จํŒ… ๋ฆฌ์†Œ์Šค์— ๋Œ€ํ•œ ๊ธฐ๋ณธ ์š”์ฒญ/์ œํ•œ์„ ์„ค์ •ํ•˜๊ณ  ๋Ÿฐํƒ€์ž„์— ์žˆ๋Š” ์ปจํ…Œ์ด๋„ˆ์— ์ž๋™์œผ๋กœ ์„ค์ •ํ•œ๋‹ค.

๋ฆฌ์†Œ์Šค ์ œํ•œ/์š”์ฒญ ์ œ์•ฝ

  1. ๊ด€๋ฆฌ์ž๋Š” ๋„ค์ž„์ŠคํŽ˜์ด์Šค์— ๋ฆฌ๋ฐ‹๋ ˆ์ธ์ง€๋ฅผ ์ƒ์„ฑํ•œ๋‹ค.

  2. ์‚ฌ์šฉ์ž๋Š” ํ•ด๋‹น ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ํŒŒ๋“œ ๋˜๋Š” ํผ์‹œ์Šคํ„ดํŠธ๋ณผ๋ฅจํด๋ ˆ์ž„๊ณผ ๊ฐ™์€ ์˜ค๋ธŒ์ ํŠธ๋ฅผ ์ƒ์„ฑํ•˜๊ฑฐ๋‚˜ ์ƒ์„ฑํ•˜๋ ค๊ณ  ์‹œ๋„ํ•œ๋‹ค.

  3. ์ฒซ์งธ, LimitRange ์–ด๋“œ๋ฏธ์…˜ ์ปจํŠธ๋กค๋Ÿฌ๋Š” ์ปดํ“จํŒ… ๋ฆฌ์†Œ์Šค ์š”๊ตฌ์‚ฌํ•ญ์„ ์„ค์ •ํ•˜์ง€ ์•Š์€ ๋ชจ๋“  ํŒŒ๋“œ(๋ฐ ํ•ด๋‹น ์ปจํ…Œ์ด๋„ˆ)์— ๋Œ€ํ•ด ๊ธฐ๋ณธ ์š”์ฒญ ๋ฐ ์ œํ•œ ๊ฐ’์„ ์ ์šฉํ•œ๋‹ค.

  4. ๋‘˜์งธ, LimitRange๋Š” ์‚ฌ์šฉ๋Ÿ‰์„ ์ถ”์ ํ•˜์—ฌ ๋„ค์ž„์ŠคํŽ˜์ด์Šค์— ์กด์žฌํ•˜๋Š” LimitRange์— ์ •์˜๋œ ๋ฆฌ์†Œ์Šค ์ตœ์†Œ, ์ตœ๋Œ€ ๋ฐ ๋น„์œจ์„ ์ดˆ๊ณผํ•˜์ง€ ์•Š๋Š”์ง€ ํ™•์ธํ•œ๋‹ค.

  5. ๋ฆฌ๋ฐ‹๋ ˆ์ธ์ง€ ์ œ์•ฝ ์กฐ๊ฑด์„ ์œ„๋ฐ˜ํ•˜๋Š” ๋ฆฌ์†Œ์Šค(ํŒŒ๋“œ, ์ปจํ…Œ์ด๋„ˆ, ํผ์‹œ์Šคํ„ดํŠธ๋ณผ๋ฅจํด๋ ˆ์ž„)๋ฅผ ์ƒ์„ฑํ•˜๊ฑฐ๋‚˜ ์—…๋ฐ์ดํŠธํ•˜๋ ค๊ณ  ํ•˜๋Š” ๊ฒฝ์šฐ HTTP ์ƒํƒœ ์ฝ”๋“œ 403 FORBIDDEN ๋ฐ ์œ„๋ฐ˜๋œ ์ œ์•ฝ ์กฐ๊ฑด์„ ์„ค๋ช…ํ•˜๋Š” ๋ฉ”์‹œ์ง€์™€ ํ•จ๊ป˜ API ์„œ๋ฒ„์— ๋Œ€ํ•œ ์š”์ฒญ์ด ์‹คํŒจํ•œ๋‹ค.

  6. cpu, memory์™€ ๊ฐ™์€ ์ปดํ“จํŒ… ๋ฆฌ์†Œ์Šค์˜ ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ๋ฆฌ๋ฐ‹๋ ˆ์ธ์ง€๋ฅผ ์ถ”๊ฐ€ํ•œ ๊ฒฝ์šฐ ์‚ฌ์šฉ์ž๋Š” ํ•ด๋‹น ๊ฐ’์— ๋Œ€ํ•œ ์š”์ฒญ ๋˜๋Š” ์ œํ•œ์„ ์ง€์ •ํ•ด์•ผ ํ•œ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š์œผ๋ฉด ์‹œ์Šคํ…œ์—์„œ ํŒŒ๋“œ ์ƒ์„ฑ์ด ๊ฑฐ๋ถ€๋  ์ˆ˜ ์žˆ๋‹ค.

  7. LimitRange ์œ ํšจ์„ฑ ๊ฒ€์‚ฌ๋Š” ์‹คํ–‰ ์ค‘์ธ ํŒŒ๋“œ๊ฐ€ ์•„๋‹Œ ํŒŒ๋“œ ์–ด๋“œ๋ฏธ์…˜ ๋‹จ๊ณ„์—์„œ๋งŒ ์ˆ˜ํ–‰๋œ๋‹ค. ๋ฆฌ๋ฐ‹๋ ˆ์ธ์ง€๊ฐ€ ์ถ”๊ฐ€๋˜๊ฑฐ๋‚˜ ์ˆ˜์ •๋˜๋ฉด, ํ•ด๋‹น ๋„ค์ž„์ŠคํŽ˜์ด์Šค์— ์ด๋ฏธ ์กด์žฌํ•˜๋Š” ํŒŒ๋“œ๋Š” ๋ณ€๊ฒฝ๋˜์ง€ ์•Š๊ณ  ๊ณ„์† ์œ ์ง€๋œ๋‹ค. (admissiont:๊ฐ€์ž…)

  8. ๋„ค์ž„์ŠคํŽ˜์ด์Šค์— ๋‘ ๊ฐœ ์ด์ƒ์˜ LimitRange ์˜ค๋ธŒ์ ํŠธ๊ฐ€ ์กด์žฌํ•˜๋Š” ๊ฒฝ์šฐ, ์–ด๋–ค ๊ธฐ๋ณธ๊ฐ’์ด ์ ์šฉ๋ ์ง€๋Š” ๊ฒฐ์ •์ ์ด์ง€ ์•Š๋‹ค.

yaml

concepts/policy/limit-range/problematic-limit-range.yaml

apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-resource-constraint
spec:
  limits:
  - default: # this section defines default limits
      cpu: 500m
    defaultRequest: # this section defines default requests
      cpu: 500m
    max: # max and min define the limit range
      cpu: "1"
    min:
      cpu: 100m
    type: Container

-type: PersistentVolumeClaim ์„ ํ†ตํ•ด pvc์— ๋Œ€ํ•œ ์ œ์•ฝ๋„ ์ถ”๊ฐ€ ๊ฐ€๋Šฅ

concepts/policy/limit-range/example-conflict-with-limitrange-cpu.yaml

apiVersion: v1
kind: Pod
metadata:
  name: example-conflict-with-limitrange-cpu
spec:
  containers:
  - name: demo
    image: registry.k8s.io/pause:2.0
    resources:
      requests:
        cpu: 700m

ํ•ด๋‹น ํŒŒ๋“œ ์‹คํ–‰์‹œ ์•„๋ž˜ ์˜ค๋ฅ˜ ๋ฐœ์ƒ
Pod "example-conflict-with-limitrange-cpu" is invalid: spec.containers[0].resources.requests: Invalid value: "700m": must be less than or equal to cpu limit

concepts/policy/limit-range/example-no-conflict-with-limitrange-cpu.yaml

apiVersion: v1
kind: Pod
metadata:
  name: example-no-conflict-with-limitrange-cpu
spec:
  containers:
  - name: demo
    image: registry.k8s.io/pause:2.0
    resources:
      requests:
        cpu: 700m
      limits:
        cpu: 700m

request, limit ๋ชจ๋‘ ์„ค์ •์‹œ ๋™์ผํ•œ LimitRange ์ ์šฉ๋˜๋„ ํŒŒ๋“œ ์Šค์ผ€์ค„๋ง ์„ฑ๊ณต


ResourceQuata

https://kubernetes.io/docs/concepts/policy/resource-quotas/
์—ฌ๋Ÿฌ ์‚ฌ์šฉ์ž๋‚˜ ํŒ€์ด ์ •ํ•ด์ง„ ์ˆ˜์˜ ๋…ธ๋“œ๋กœ ํด๋Ÿฌ์Šคํ„ฐ๋ฅผ ๊ณต์œ ํ•  ๋•Œ ํ•œ ํŒ€์ด ๊ณต์ •ํ•˜๊ฒŒ ๋ถ„๋ฐฐ๋œ ๋ฆฌ์†Œ์Šค๋ณด๋‹ค ๋งŽ์€ ๋ฆฌ์†Œ์Šค๋ฅผ ์‚ฌ์šฉํ•˜๋Š” ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๊ธฐ ์œ„ํ•œ ๋„๊ตฌ

!!!๋„ค์ž„์ŠคํŽ˜์ด์Šค๋ณ„ ์ œ์•ฝ ์กฐ๊ฑด!!!
์œ ํ˜•๋ณ„๋กœ ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ๋งŒ๋“ค ์ˆ˜ ์žˆ๋Š” ์˜ค๋ธŒ์ ํŠธ ์ˆ˜์™€ ํ•ด๋‹น ๋„ค์ž„์ŠคํŽ˜์ด์Šค์˜ ๋ฆฌ์†Œ์Šค๊ฐ€ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋Š” ์ด ์ปดํ“จํŠธ ๋ฆฌ์†Œ์Šค์˜ ์–‘์„ ์ œํ•œํ•  ์ˆ˜ ์žˆ๋‹ค.

๋™์ž‘

  1. ๋‹ค๋ฅธ ํŒ€์€ ๋‹ค๋ฅธ ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ์ž‘์—…ํ•œ๋‹ค. ์ด๊ฒƒ์€ RBAC์œผ๋กœ ์„ค์ •ํ•  ์ˆ˜ ์žˆ๋‹ค.

  2. ๊ด€๋ฆฌ์ž๋Š” ๊ฐ ๋„ค์ž„์ŠคํŽ˜์ด์Šค์— ๋Œ€ํ•ด ํ•˜๋‚˜์˜ ๋ฆฌ์†Œ์Šค์ฟผํ„ฐ๋ฅผ ์ƒ์„ฑํ•œ๋‹ค.

  3. ์‚ฌ์šฉ์ž๋Š” ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ๋ฆฌ์†Œ์Šค(ํŒŒ๋“œ, ์„œ๋น„์Šค ๋“ฑ)๋ฅผ ์ƒ์„ฑํ•˜๊ณ  ์ฟผํ„ฐ ์‹œ์Šคํ…œ์€ ์‚ฌ์šฉ๋Ÿ‰์„ ์ถ”์ ํ•˜์—ฌ ๋ฆฌ์†Œ์Šค์ฟผํ„ฐ์— ์ •์˜๋œ ํ•˜๋“œ(hard) ๋ฆฌ์†Œ์Šค ์ œํ•œ์„ ์ดˆ๊ณผํ•˜์ง€ ์•Š๋„๋ก ํ•œ๋‹ค.

  4. ๋ฆฌ์†Œ์Šค๋ฅผ ์ƒ์„ฑํ•˜๊ฑฐ๋‚˜ ์—…๋ฐ์ดํŠธํ•  ๋•Œ ์ฟผํ„ฐ ์ œ์•ฝ ์กฐ๊ฑด์„ ์œ„๋ฐ˜ํ•˜๋ฉด ์œ„๋ฐ˜๋œ ์ œ์•ฝ ์กฐ๊ฑด์„ ์„ค๋ช…ํ•˜๋Š” ๋ฉ”์‹œ์ง€์™€ ํ•จ๊ป˜ HTTP ์ƒํƒœ ์ฝ”๋“œ 403 FORBIDDEN์œผ๋กœ ์š”์ฒญ์ด ์‹คํŒจํ•œ๋‹ค.

  5. cpu, memory์™€ ๊ฐ™์€ ์ปดํ“จํŠธ ๋ฆฌ์†Œ์Šค์— ๋Œ€ํ•ด ๋„ค์ž„์ŠคํŽ˜์ด์Šค์—์„œ ์ฟผํ„ฐ๊ฐ€ ํ™œ์„ฑํ™”๋œ ๊ฒฝ์šฐ ์‚ฌ์šฉ์ž๋Š” ํ•ด๋‹น๊ฐ’์— ๋Œ€ํ•œ ์š”์ฒญ ๋˜๋Š” ์ œํ•œ์„ ์ง€์ •ํ•ด์•ผ ํ•œ๋‹ค. ๊ทธ๋ ‡์ง€ ์•Š์œผ๋ฉด ์ฟผํ„ฐ ์‹œ์Šคํ…œ์ด ํŒŒ๋“œ ์ƒ์„ฑ์„ ๊ฑฐ๋ถ€ํ•  ์ˆ˜ ์žˆ๋‹ค. -> ์ปจํ…Œ์ด๋„ˆ์— CPU, ๋ฉ”๋ชจ๋ฆฌ ์ตœ์†Œ ์š”๊ตฌ์‚ฌํ•ญ ์ œํ•œ ์„ค์ • ํ•„์š”
    (์ปดํ“จํŠธ ๋ฆฌ์†Œ์Šค ์š”๊ตฌ ์‚ฌํ•ญ์ด ์—†๋Š” ํŒŒ๋“œ๋ฅผ ๊ธฐ๋ณธ๊ฐ’์œผ๋กœ ์„ค์ •ํ•˜๋ ค๋ฉด LimitRanger ์–ด๋“œ๋ฏธ์…˜ ์ปจํŠธ๋กค๋Ÿฌ๋ฅผ ์‚ฌ์šฉํ•˜์ž.)

yaml

https://kubernetes.io/ko/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/

apiVersion: v1
kind: ResourceQuota
metadata:
  name: mem-cpu-demo
spec:
  hard:
    requests.cpu: "1"
    requests.memory: 1Gi
    limits.cpu: "2"
    limits.memory: 2Gi

์‹คํ–‰

kubectl create namespace quota-mem-cpu-example
kubectl apply -f https://k8s.io/examples/admin/resource/quota-mem-cpu.yaml --namespace=quota-mem-cpu-example

kubectl describe resourcequotas -n quota-mem-cpu-example

ํŒŒ๋“œ ์‹คํ–‰

์ฒซ๋ฒˆ์จฐ ํŒŒ๋“œ

admin/resource/quota-mem-cpu-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: quota-mem-cpu-demo
spec:
  containers:
  - name: quota-mem-cpu-demo-ctr
    image: nginx
    resources:
      limits:
        memory: "800Mi"
        cpu: "800m"
      requests:
        memory: "600Mi"
        cpu: "400m"

kubectl apply -f https://k8s.io/examples/admin/resource/quota-mem-cpu-pod.yaml --namespace=quota-mem-cpu-example
kubectl get pod quota-mem-cpu-demo --namespace=quota-mem-cpu-example

๋‘๋ฒˆ์จฐ ํŒŒ๋“œ

admin/resource/quota-mem-cpu-pod-2.yaml

apiVersion: v1
kind: Pod
metadata:
  name: quota-mem-cpu-demo-2
spec:
  containers:
  - name: quota-mem-cpu-demo-2-ctr
    image: redis
    resources:
      limits:
        memory: "1Gi"
        cpu: "800m"
      requests:
        memory: "700Mi"
        cpu: "400m"

kubectl apply -f https://k8s.io/examples/admin/resource/quota-mem-cpu-pod-2.yaml --namespace=quota-mem-cpu-example

  • ์—๋Ÿฌ๋ฐœ์ƒ
    • ๋‘ ๋ฒˆ์งธ ํŒŒ๋“œ๋ฅผ ์ƒ์„ฑํ•˜๋ฉด ๋ฉ”๋ชจ๋ฆฌ ์š”์ฒญ๋Ÿ‰์˜ ์ด ํ•ฉ๊ณ„๊ฐ€ ๋ฉ”๋ชจ๋ฆฌ ์š”์ฒญ๋Ÿ‰ ์ฟผํ„ฐ๋ฅผ ์ดˆ๊ณผํ•จ์„ ๋ณด์—ฌ์ค€๋‹ค.
Error from server (Forbidden): error when creating "https://k8s.io/examples/admin/resource/quota-mem-cpu-pod-2.yaml": pods "quota-mem-cpu-demo-2" is forbidden: exceeded quota: mem-cpu-demo, requested: requests.memory=700Mi, used: requests.memory=600Mi, limited: requests.memory=1Gi

0๊ฐœ์˜ ๋Œ“๊ธ€