为k8s etcd pod配置pod资源请求

Configure pod resource request for k8s etcd pod

当 运行 k8s 1.18 与默认的“集群上”etcd pod 部署一起使用时,分配资源 (CPU/memory) 请求或影响 etcd 的 pod 规范的方式是什么容器?

默认配置不提供任何资源请求或限制。

  Namespace                   Name                                                     CPU Requests  CPU Limits  Memory Requests  Memory Limits  AGE
  ---------                   ----                                                     ------------  ----------  ---------------  -------------  ---
 kube-system                 etcd-172-25-87-82-hybrid.com                       0 (0%)        0 (0%)      0 (0%)           0 (0%)         77m

我知道如何通过 kubeadm extraArgs 配置将额外的参数传递给 etcd,但这些不包括 etcd pod 资源。

etcd:
  local:
    extraArgs:
      heartbeat-interval: "1000"
      election-timeout: "5000"

问题可以扩展到 kube-system 命名空间中的其他资源,例如 coredns 等

init cluster之后,可以发现生成了/etc/kubernetes/manifests/etcd.yaml。试图编辑它? kubelet 应该选择更改并重新启动 etcd 实例。

root@kube-1:~# cat /etc/kubernetes/manifests/etcd.yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubeadm.kubernetes.io/etcd.advertise-client-urls: https://10.154.0.33:2379
  creationTimestamp: null
  labels:
    component: etcd
    tier: control-plane
  name: etcd
  namespace: kube-system
spec:
  containers:
  - command:
    - etcd
    - --advertise-client-urls=https://10.154.0.33:2379
    - --cert-file=/etc/kubernetes/pki/etcd/server.crt
    - --client-cert-auth=true
    - --data-dir=/var/lib/etcd
    - --initial-advertise-peer-urls=https://10.154.0.33:2380
    - --initial-cluster=kube-1=https://10.154.0.33:2380
    - --key-file=/etc/kubernetes/pki/etcd/server.key
    - --listen-client-urls=https://127.0.0.1:2379,https://10.154.0.33:2379
    - --listen-metrics-urls=http://127.0.0.1:2381
    - --listen-peer-urls=https://10.154.0.33:2380
    - --name=kube-1
    - --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
    - --peer-client-cert-auth=true
    - --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
    - --peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
    - --snapshot-count=10000
    - --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
    image: k8s.gcr.io/etcd:3.4.13-0
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 8
      httpGet:
        host: 127.0.0.1
        path: /health
        port: 2381
        scheme: HTTP
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    name: etcd
    resources: {}
    startupProbe:
      failureThreshold: 24
      httpGet:
        host: 127.0.0.1
        path: /health
        port: 2381
        scheme: HTTP
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    volumeMounts:
    - mountPath: /var/lib/etcd
      name: etcd-data
    - mountPath: /etc/kubernetes/pki/etcd
      name: etcd-certs
  hostNetwork: true
  priorityClassName: system-node-critical
  volumes:
  - hostPath:
      path: /etc/kubernetes/pki/etcd
      type: DirectoryOrCreate
    name: etcd-certs
  - hostPath:
      path: /var/lib/etcd
      type: DirectoryOrCreate
    name: etcd-data
status: {}