如何更改命名空间 kube-system 的 CPU 限制
How to change CPU Limit for namespace kube-system
如何在 Azure Kubernetes 中更改 CPU 命名空间 kube-system 的限制?由于命名空间 kube-system 中的一些 pods 使用了大量资源,我的 pod 无法成功部署。
您可以检查命名空间的资源配额
kubectl describe quota
kubectl get quota
When several users or teams share a cluster with a fixed number of
nodes, there is a concern that one team could use more than its fair
share of resources.
Resource quotas are a tool for administrators to address this concern.
A resource quota, defined by a ResourceQuota object, provides
constraints that limit aggregate resource consumption per namespace.
It can limit the quantity of objects that can be created in a
namespace by type, as well as the total amount of compute resources
that may be consumed by resources in that namespace.
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ResourceQuota
metadata:
name: pods-high
spec:
hard:
cpu: "1000"
memory: 200Gi
pods: "10"
scopeSelector:
matchExpressions:
- operator : In
scopeName: PriorityClass
values: ["high"]
https://kubernetes.io/docs/concepts/policy/resource-quotas/
我还建议检查 LimitRange
如果集群支持 LimitRange,它可能会将默认资源分配给 POD,但是编辑 Resourcequote 将解决您的问题。
https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/
将此作为社区 wiki 发布,不发表评论,请随意编辑和扩展
简而言之,无法更改 coreDNS 和位于 kube-system 命名空间内的其他关键资源的限制。 (从技术上讲,可以设置自定义值,但它们很快就会被覆盖,并且初始状态将恢复到预定义状态,下面是微软的回答,它是如何工作的)。
microsoft question platform 上有一个与之非常相似的问题,这是答案:
The deployment coredns runs system critical workload using the CoreDNS
project for cluster DNS management and resolution with all 1.12.x and
higher clusters. [Reference].
If you do a kubectl describe deployment -n kube-system coredns, you
will find a very interesting label
addonmanager.kubernetes.io/mode=Reconcile
Now, addons with label addonmanager.kubernetes.io/mode=Reconcile will
be periodically reconciled. Direct manipulation to these addons
through apiserver is discouraged because addon-manager will bring them
back to the original state. In particular:
Addon will be re-created if it is deleted.
Addon will be reconfigured to the state given by the supplied fields
in the template file periodically.
Addon will be deleted when its manifest file is deleted from the
$ADDON_PATH.
The $ADDON_PATH by default is set to /etc/kubernetes/addons/ on the
control plane node(s).
For more information please check this document.
Since AKS is a managed Kubernetes Service you will not be able to
access $ADDON_PATH. We strongly recommend against forcing changes to
kube-system resources as these are critical for the proper functioning
of the cluster.
OP 在评论中也证实了这一点:
just contacted MS support that we cannot change the limits form
kube-system namespace.
如何在 Azure Kubernetes 中更改 CPU 命名空间 kube-system 的限制?由于命名空间 kube-system 中的一些 pods 使用了大量资源,我的 pod 无法成功部署。
您可以检查命名空间的资源配额
kubectl describe quota
kubectl get quota
When several users or teams share a cluster with a fixed number of nodes, there is a concern that one team could use more than its fair share of resources.
Resource quotas are a tool for administrators to address this concern.
A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that namespace.
apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ResourceQuota
metadata:
name: pods-high
spec:
hard:
cpu: "1000"
memory: 200Gi
pods: "10"
scopeSelector:
matchExpressions:
- operator : In
scopeName: PriorityClass
values: ["high"]
https://kubernetes.io/docs/concepts/policy/resource-quotas/
我还建议检查 LimitRange
如果集群支持 LimitRange,它可能会将默认资源分配给 POD,但是编辑 Resourcequote 将解决您的问题。
https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/
将此作为社区 wiki 发布,不发表评论,请随意编辑和扩展
简而言之,无法更改 coreDNS 和位于 kube-system 命名空间内的其他关键资源的限制。 (从技术上讲,可以设置自定义值,但它们很快就会被覆盖,并且初始状态将恢复到预定义状态,下面是微软的回答,它是如何工作的)。
microsoft question platform 上有一个与之非常相似的问题,这是答案:
The deployment coredns runs system critical workload using the CoreDNS project for cluster DNS management and resolution with all 1.12.x and higher clusters. [Reference].
If you do a kubectl describe deployment -n kube-system coredns, you will find a very interesting label addonmanager.kubernetes.io/mode=Reconcile
Now, addons with label addonmanager.kubernetes.io/mode=Reconcile will be periodically reconciled. Direct manipulation to these addons through apiserver is discouraged because addon-manager will bring them back to the original state. In particular:
Addon will be re-created if it is deleted.
Addon will be reconfigured to the state given by the supplied fields in the template file periodically.
Addon will be deleted when its manifest file is deleted from the $ADDON_PATH.
The $ADDON_PATH by default is set to /etc/kubernetes/addons/ on the control plane node(s).
For more information please check this document.
Since AKS is a managed Kubernetes Service you will not be able to access $ADDON_PATH. We strongly recommend against forcing changes to kube-system resources as these are critical for the proper functioning of the cluster.
OP 在评论中也证实了这一点:
just contacted MS support that we cannot change the limits form kube-system namespace.