파드 리소스 할당 및 제한
- resources.requests : 최소 보장
- resources.limits : 최대 제한
실습 :: resources.requests
[root@master ~/kube/06/resource]# vi nginx-resource-requests-pod.yaml
[root@master ~/kube/06/resource]# cat nginx-resource-requests-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-resources-pod
spec:
containers:
- name: nginx-container
image: nginx
ports:
- containerPort: 80
protocol: TCP
resources:
requests:
cpu: 1
memory: 500Mi
[root@master ~/kube/06/resource]# kubectl apply -f nginx-resource-requests-pod.yaml
pod/nginx-resources-pod created
[root@master ~/kube/06/resource]# kubectl describe pod nginx-resources-pod
Name: nginx-resources-pod
Namespace: default
Priority: 0
Service Account: default
Node: node2/192.168.2.62
Start Time: Sun, 09 Mar 2025 10:02:41 +0900
Labels: <none>
Annotations: cni.projectcalico.org/containerID: b7605bcf05a335e8aac685f71d0735ca092f9bbdbe40ed323988ad7ed09e5dc4
cni.projectcalico.org/podIP: 10.233.75.14/32
cni.projectcalico.org/podIPs: 10.233.75.14/32
Status: Running
IP: 10.233.75.14
IPs:
IP: 10.233.75.14
Containers:
nginx-container:
Container ID: docker://88da8e77917c0998d40c58f0e16c2a7996ccce4c9298cefb38daaec3fc624a96
Image: nginx
Image ID: docker-pullable://nginx@sha256:9d6b58feebd2dbd3c56ab5853333d627cc6e281011cfd6050fa4bcf2072c9496
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sun, 09 Mar 2025 10:02:44 +0900
Ready: True
Restart Count: 0
Requests:
cpu: 1
memory: 500Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-2jgrj (ro)
▶ pod 가 아닌 container에 적용되는 것을 확인할 수 있음
실습 :: resources.limits
[root@master ~/kube/06/resource]# vi nginx-resource-limits-pod.yaml
[root@master ~/kube/06/resource]# cat nginx-resource-limits-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-resources-pod
spec:
containers:
- name: nginx-container
image: nginx
ports:
- containerPort: 80
protocol: TCP
resources:
limits:
cpu: 1
memory: 500Mi
[root@master ~/kube/06/resource]# kubectl apply -f nginx-resource-limits-pod.yaml
pod/nginx-resources-pod created
[root@master ~/kube/06/resource]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-resources-pod 1/1 Running 0 3s
[root@master ~/kube/06/resource]# kubectl describe pod nginx-resources-pod
Name: nginx-resources-pod
Namespace: default
Priority: 0
Service Account: default
Node: node2/192.168.2.62
Start Time: Sun, 09 Mar 2025 10:08:15 +0900
Labels: <none>
Annotations: cni.projectcalico.org/containerID: 8412c33d54e348ee3756f6a4d892e2c2541db694a1e799bd553b3da8cce84940
cni.projectcalico.org/podIP: 10.233.75.15/32
cni.projectcalico.org/podIPs: 10.233.75.15/32
Status: Running
IP: 10.233.75.15
IPs:
IP: 10.233.75.15
Containers:
nginx-container:
Container ID: docker://45e8c08beec68c0c2913ac0aadb5ead1997cc6edb3c2531c47b5724243aac258
Image: nginx
Image ID: docker-pullable://nginx@sha256:9d6b58feebd2dbd3c56ab5853333d627cc6e281011cfd6050fa4bcf2072c9496
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sun, 09 Mar 2025 10:08:18 +0900
Ready: True
Restart Count: 0
Limits:
cpu: 1
memory: 500Mi
Requests:
cpu: 1
memory: 500Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tg5vx (ro)▶ resources.limits(최대 제한)만 설정했을 경우, resources.requests(최소 보장)는 자동을 limits에 맞춰서 설정됨
실습 :: requests 및 limits 설정
[root@master ~/kube/06/resource]# vi nginx-resource-limits-requests-pod.yaml
[root@master ~/kube/06/resource]# cat nginx-resource-limits-requests-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-resources-pod
spec:
containers:
- name: nginx-container
image: nginx
ports:
- containerPort: 80
protocol: TCP
resources:
requests:
cpu: 200m
memory: 250Mi
limits:
cpu: 1
memory: 1Gi
[root@master ~/kube/06/resource]# kubectl apply -f nginx-resource-limits-requests-pod.yaml
pod/nginx-resources-pod created
[root@master ~/kube/06/resource]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-resources-pod 1/1 Running 0 6s
[root@master ~/kube/06/resource]# kubectl describe pod nginx-resources-pod
Name: nginx-resources-pod
Namespace: default
Priority: 0
Service Account: default
Node: node2/192.168.2.62
Start Time: Sun, 09 Mar 2025 10:13:51 +0900
Labels: <none>
Annotations: cni.projectcalico.org/containerID: f15658dab6a023e8ce3222a13ec63642658fb60a7daaf2e4335fc7223f628243
cni.projectcalico.org/podIP: 10.233.75.16/32
cni.projectcalico.org/podIPs: 10.233.75.16/32
Status: Running
IP: 10.233.75.16
IPs:
IP: 10.233.75.16
Containers:
nginx-container:
Container ID: docker://7c8d0f42fa3928a0d82da03eb39fb5fc5ac9847958263b348964534213086fcb
Image: nginx
Image ID: docker-pullable://nginx@sha256:9d6b58feebd2dbd3c56ab5853333d627cc6e281011cfd6050fa4bcf2072c9496
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sun, 09 Mar 2025 10:13:54 +0900
Ready: True
Restart Count: 0
Limits:
cpu: 1
memory: 1Gi
Requests:
cpu: 200m
memory: 250Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-m2r48 (ro)▶ stress package로 test
[root@master ~/kube/06/resource]# kubectl exec -it nginx-resources-pod -- bash
root@nginx-resources-pod:/# apt-get update
Get:1 <http://deb.debian.org/debian> bookworm InRelease [151 kB]
Get:2 <http://deb.debian.org/debian> bookworm-updates InRelease [55.4 kB]
Get:3 <http://deb.debian.org/debian-security> bookworm-security InRelease [48.0 kB]
Get:4 <http://deb.debian.org/debian> bookworm/main amd64 Packages [8792 kB]
Get:5 <http://deb.debian.org/debian> bookworm-updates/main amd64 Packages [13.5 kB]
Get:6 <http://deb.debian.org/debian-security> bookworm-security/main amd64 Packages [246 kB]
Fetched 9306 kB in 1s (6894 kB/s)
Reading package lists... Done
root@nginx-resources-pod:/# apt-get -y install stress
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
stress
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 21.9 kB of archives.
After this operation, 57.3 kB of additional disk space will be used.
Get:1 <http://deb.debian.org/debian> bookworm/main amd64 stress amd64 1.0.7-1 [21.9 kB]
Fetched 21.9 kB in 0s (920 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package stress.
(Reading database ... 7580 files and directories currently installed.)
Preparing to unpack .../stress_1.0.7-1_amd64.deb ...
Unpacking stress (1.0.7-1) ...
Setting up stress (1.0.7-1) ...
root@nginx-resources-pod:/# exit
exit
▶ 메모리 테스트
[root@master ~/kube/06/resource]# time kubectl exec nginx-resources-pod -- stress --vm 1 --vm-bytes 800m -t 5s
stress: info: [175] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
stress: info: [175] successful run completed in 5s
real 0m5.218s
user 0m0.044s
sys 0m0.032s
[root@master ~/kube/06/resource]# time kubectl exec nginx-resources-pod -- stress --vm 1 --vm-bytes 2g -t 5s
stress: info: [182] dispatching hogs: 0 cpu, 0 io, 1 vm, 0 hdd
stress: FAIL: [182] (425) <-- worker 188 got signal 9
stress: WARN: [182] (427) now reaping child worker processes
stress: FAIL: [182] (461) failed run completed in 1s
command terminated with exit code 1
real 0m0.950s
user 0m0.042s
sys 0m0.024s▶ CPU 테스트
pod 가 구동중인 노드 확인 및 해당 노드에 epel-release 및 htop 설치
[root@master ~/kube/06/resource]# kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-resources-pod 1/1 Running 0 8m58s 10.233.75.16 node2 <none> <none>
---
[root@node2 /root]# yum -y install epel-release
마지막 메타자료 만료확인(0:04:08 이전): 2025년 03월 09일 (일) 오전 10시 19분 43초.
꾸러미 epel-release-9-9.el9.noarch가 이미 설치되어 있습니다.
종속성이 해결되었습니다.
처리가 필요하지 않습니다.
완료되었습니다!
[root@node2 /root]# yum -y install htop
마지막 메타자료 만료확인(0:04:57 이전): 2025년 03월 09일 (일) 오전 10시 19분 43초.
종속성이 해결되었습니다.
================================================================================================================================
꾸러미 구조 버전 저장소 크기
================================================================================================================================
설치 중:
htop x86_64 3.3.0-1.el9 epel 198 k
종속 꾸러미 설치 중:
hwloc-libs x86_64 2.4.1-5.el9 baseos 2.1 M
연결 요약
================================================================================================================================
설치 2 꾸러미
전체 내려받기 크기: 2.3 M
설치된 크기 : 3.5 M
꾸러미 내려받기 중:
(1/2): htop-3.3.0-1.el9.x86_64.rpm 3.0 MB/s | 198 kB 00:00
(2/2): hwloc-libs-2.4.1-5.el9.x86_64.rpm 16 MB/s | 2.1 MB 00:00
--------------------------------------------------------------------------------------------------------------------------------
합계 1.9 MB/s | 2.3 MB 00:01
연결 확인 실행 중
연결 확인에 성공했습니다.
연결 시험 실행 중
연결 시험에 성공했습니다.
연결 실행 중
준비 중 : 1/1
설치 중 : hwloc-libs-2.4.1-5.el9.x86_64 1/2
설치 중 : htop-3.3.0-1.el9.x86_64 2/2
구현 중 : htop-3.3.0-1.el9.x86_64 2/2
확인 중 : hwloc-libs-2.4.1-5.el9.x86_64 1/2
확인 중 : htop-3.3.0-1.el9.x86_64 2/2
설치되었습니다:
htop-3.3.0-1.el9.x86_64 hwloc-libs-2.4.1-5.el9.x86_64
완료되었습니다!
[root@node2 /root]# htop
마스터에서 stress로 부하준 후 node2에서 htop으로 모니터링
[root@master ~/kube/06/resource]# kubectl exec nginx-resources-pod -- stress --cpu 1
stress: info: [202] dispatching hogs: 1 cpu, 0 io, 0 vm, 0 hdd
[root@master ~/kube/06/resource]# kubectl exec nginx-resources-pod -- stress --cpu 2
stress: info: [209] dispatching hogs: 2 cpu, 0 io, 0 vm, 0 hdd
실습 :: requests overcpu 테스트
노드 cpu 확인(master 및 모든 worker노드 조건 동일)
[root@master ~/kube/06/resource]# lscpu | head
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 45 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: GenuineIntel
BIOS Vendor ID: GenuineIntel
Model name: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
BIOS Model name: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz노드가 보유한 cpu보다 높게 requests cpu 설정
[root@master ~/kube/06/resource]# vi nginx-resource-requests-overcpu-pod.yaml
[root@master ~/kube/06/resource]# cat nginx-resource-requests-overcpu-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-resources-pod
spec:
containers:
- name: nginx-container
image: nginx
ports:
- containerPort: 80
protocol: TCP
resources:
requests:
cpu: 6
memory: 250Mi
[root@master ~/kube/06/resource]# kubectl apply -f nginx-resource-requests-overcpu-pod.yaml
pod/nginx-resources-pod created
[root@master ~/kube/06/resource]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-resources-pod 0/1 Pending 0 3s
[root@master ~/kube/06/resource]# kubectl describe pod nginx-resources-pod
Name: nginx-resources-pod
Namespace: default
Priority: 0
Service Account: default
Node: <none>
Labels: <none>
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Containers:
nginx-container:
Image: nginx
Port: 80/TCP
Host Port: 0/TCP
Requests:
cpu: 6
memory: 250Mi
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-ndk2z (ro)
···
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 44s default-scheduler 0/4 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }, 3 Insufficient cpu. preemption: 0/4 nodes are available: 1 Preemption is not helpful for scheduling, 3 No preemption victims found for incoming pod..▶ 특정 노드에 할당할 수 없어 pending 상태
실습 :: requests overmem 테스트
노드 mem 확인(master를 제외한 모든 worker노드 조건 동일) :: 2G
[root@node3 /root]# lsmem
RANGE SIZE STATE REMOVABLE BLOCK
0x0000000000000000-0x000000007fffffff 2G online yes 0-15
Memory block size: 128M
Total online memory: 2G
Total offline memory: 0B
[root@master ~/kube/06/resource]# vi nginx-resource-requests-overmem-pod.yaml
[root@master ~/kube/06/resource]# cat nginx-resource-requests-overmem-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-resources-pod
spec:
containers:
- name: nginx-container
image: nginx
ports:
- containerPort: 80
protocol: TCP
resources:
requests:
cpu: 1
memory: 6Gi
[root@master ~/kube/06/resource]# kubectl apply -f nginx-resource-requests-overmem-pod.yaml
pod/nginx-resources-pod created
[root@master ~/kube/06/resource]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-resources-pod 0/1 Pending 0 3s
[root@master ~/kube/06/resource]# kubectl describe pod nginx-resources-pod
Name: nginx-resources-pod
Namespace: default
Priority: 0
Service Account: default
Node: <none>
Labels: <none>
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Containers:
nginx-container:
Image: nginx
Port: 80/TCP
Host Port: 0/TCP
Requests:
cpu: 1
memory: 6G
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-qbwq9 (ro)
Conditions:
Type Status
PodScheduled False
Volumes:
kube-api-access-qbwq9:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning FailedScheduling 11s default-scheduler 0/4 nodes are available: 1 node(s) had untolerated taint {node-role.kubernetes.io/control-plane: }, 3 Insufficient memory. preemption: 0/4 nodes are available: 1 Preemption is not helpful for scheduling, 3 No preemption victims found for incoming pod..▶ 특정 노드에 할당할 수 없어 pending 상태
