Lokacin farawa da Kubernetes, ya zama ruwan dare a manta game da saita albarkatun kwantena. A wannan lokacin, ya isa don tabbatar da cewa hoton Docker yana aiki kuma ana iya tura shi zuwa gungu na Kubernetes.
Amma daga baya ana buƙatar shigar da aikace-aikacen a cikin gungu na samarwa tare da sauran aikace-aikacen. Don yin wannan, kuna buƙatar ware albarkatun don kwantena kuma tabbatar da cewa suna da isassun su don haɓaka aikace-aikacen, kuma sauran aikace-aikacen da ke gudana ba za su fuskanci matsala ba.
tawagar Fassara labarin game da albarkatun kwantena (CPU & MEM), buƙatun da iyakokin albarkatu. Za ku koyi fa'idodin waɗannan saitunan da abin da zai faru idan ba ku saita su ba.
albarkatun kwamfuta
Muna da albarkatu iri biyu tare da raka'a masu zuwa:
- Ƙungiyar sarrafawa ta tsakiya (CPU) - maɗaukaki;
- Ƙwaƙwalwar ajiya (MEM) - bytes.
An ƙayyade albarkatu don kowane akwati. A cikin fayil ɗin Pod YAML mai zuwa, zaku ga sashin albarkatu wanda ya ƙunshi abubuwan da ake buƙata da iyakance albarkatun:
- Abubuwan Pod da ake buƙata = jimlar albarkatun da ake buƙata na duk kwantena;
- Pod Resource Limit = Jimlar duk Iyakokin Albarkatun Pod.
apiVersion: v1
kind: Pod
metadata:
name: backend-pod-name
labels:
application: backend
spec:
containers:
— name: main-container
image: my-backend
tag: v1
ports:
— containerPort: 8080
resources:
requests:
cpu: 0.2 # REQUESTED CPU: 200m cores
memory: "1Gi" # REQUESTED MEM: 1Gi
limits:
cpu: 1 # MAX CPU USAGE: 1 core
memory: "1Gi" # MAX MEM USAGE: 1Gi
— name: other-container
image: other-app
tag: v1
ports:
— containerPort: 8000
resources:
requests:
cpu: "200m" # REQUESTED CPU: 200m cores
memory: "0.5Gi" # REQUESTED MEM: 0.5Gi
limits:
cpu: 1 # MAX CPU USAGE: 1 core
memory: "1Gi" # MAX MEM USAGE: 1GiMisalin Abubuwan Buƙatu da Iyakance
filin resources.requested daga ƙayyadaddun Pod yana ɗaya daga cikin abubuwan da ake amfani da su don nemo kumburin da ake so. Kuna iya tsara shirin tura Pod don shi. Ta yaya kuke samun kumburin da ya dace?
Kubernetes ya ƙunshi abubuwa da yawa, gami da babban kumburi ko babban kumburi (Kubernetes Control Plane). Kube-apiserver, kube-controller-manager da kube-scheduler.
Tsarin kube-scheduler yana da alhakin yin bitar sabbin kwas ɗin da aka ƙirƙira da gano yuwuwar kuɗaɗen ma'aikata waɗanda suka dace da duk buƙatun kwas, gami da adadin albarkatun da ake nema. Jerin nodes da aka samo ta kube-scheduler yana da matsayi. An tsara kwas ɗin akan kumburi tare da mafi girman maki.
A ina za a sanya Pod purple?
A cikin hoton za ku iya ganin cewa kube-scheduler ya tsara wani sabon m Pod. Tarin Kubernetes ya ƙunshi nodes guda biyu: A da B. Kamar yadda kuke gani, kube-scheduler ba zai iya tsara Pod akan kumburin A ba - albarkatun da ake da su (wanda ba a buƙata) ba su dace da buƙatun Pod mai shuɗi ba. Don haka, 1 GB na ƙwaƙwalwar da ake buƙata ta Pod mai shuɗi ba zai dace da kumburin A ba, tunda akwai ƙwaƙwalwar ajiyar 0,5 GB. Amma kumburin B yana da isassun albarkatu. A sakamakon haka, kube-scheduler ya yanke shawarar cewa makomar Pod mai ruwan hoda ita ce kumburin B.
Yanzu mun san yadda albarkatun da ake buƙata ke shafar zaɓin kumburi don gudanar da Pod. Amma menene tasirin albarkatun ƙasa?
Iyakar albarkatu iyaka ce wadda CPU/MEM ba za ta iya hayewa ba. Koyaya, albarkatun CPU suna da sassauƙa, don haka kwantena waɗanda suka isa iyakar CPU ɗinsu ba za su sa Pod ɗin ya fita ba. Madadin haka, CPU throttling zai fara. Idan an kai iyakar amfani da MEM, za a dakatar da akwati saboda OOM-Killer kuma a sake farawa idan saitin Sake kunnawa ya ba da izini.
An nema da iyakar albarkatun daki-daki
Sadarwar albarkatu tsakanin Docker da Kubernetes
Hanya mafi kyau don bayyana yadda buƙatun albarkatu da iyakokin albarkatu ke aiki shine gabatar da alaƙa tsakanin Kubernetes da Docker. A cikin hoton da ke sama zaku iya ganin yadda filayen Kubernetes da tutocin farawa Docker ke da alaƙa.
Ƙwaƙwalwar ajiya: buƙata da iyakancewa
containers:
...
resources:
requests:
memory: "0.5Gi"
limits:
memory: "1Gi"
Kamar yadda aka ambata a sama, ana auna ƙwaƙwalwar ajiya a cikin bytes. Bisa ga , za mu iya ƙayyade ƙwaƙwalwar ajiya azaman lamba. Yawanci lamba ce, misali 2678 - wato 2678 bytes. Hakanan zaka iya amfani da suffixes G и Gi, Babban abu shine a tuna cewa ba daidai ba ne. Na farko shi ne decimal, na biyu kuma binary. Kamar misalin da aka ambata a cikin takaddun k8s: 128974848, 129e6, 129M, 123Mi - a zahiri sun yi daidai.
Zaɓin Kubernetes limits.memory yayi daidai da tuta --memory daga Docker. Idan akwai request.memory Babu kibiya don Docker saboda Docker baya amfani da wannan filin. Kuna iya tambaya, shin wannan ma ya zama dole? Ee bukata. Kamar yadda na fada a baya, filin yana da mahimmanci ga Kubernetes. Dangane da bayanin daga gare ta, kube-scheduler yana yanke shawara akan kodin da zai tsara Pod.
Me zai faru idan kun saita ƙarancin ƙwaƙwalwar ajiya don buƙata?
Idan akwati ya kai iyakar ƙwaƙwalwar da ake buƙata, to ana sanya Pod a cikin rukunin Pods wanda ke tsayawa lokacin da babu isasshen ƙwaƙwalwar ajiya a cikin kumburi.
Me zai faru idan kun saita iyakar ƙwaƙwalwar ajiya da ƙasa sosai?
Idan kwandon ya wuce iyakar ƙwaƙwalwar ajiya, za a ƙare saboda OOM-Killed. Kuma zai sake farawa idan zai yiwu dangane da RestartPolicy inda ƙimar tsoho take Always.
Me zai faru idan ba ka saka memorin da aka nema ba?
Kubernetes zai ɗauki ƙimar iyaka kuma saita shi azaman ƙimar tsoho.
Menene zai iya faruwa idan ba ku ƙayyade iyakar ƙwaƙwalwar ajiya ba?
Akwatin ba shi da hani; yana iya amfani da ƙwaƙwalwar ajiya gwargwadon yadda yake so. Idan ya fara amfani da duk abin da ke cikin ƙwaƙwalwar ƙwayar cuta, to OOM zai kashe shi. Daga nan za a sake kunna akwati idan zai yiwu bisa RestartPolicy.
Me zai faru idan ba ku ƙayyade iyakokin ƙwaƙwalwar ajiya ba?
Wannan shine mafi munin yanayi: mai tsara tsarin bai san adadin albarkatun da kwantena ke buƙata ba, kuma wannan na iya haifar da matsala mai tsanani akan kumburi. A wannan yanayin, zai yi kyau a sami iyakoki na asali akan sararin suna (LimitRange ya saita). Babu iyakoki na asali - Pod ba shi da iyaka, yana iya amfani da ƙwaƙwalwar ajiya gwargwadon yadda yake so.
Idan žwažwalwar ajiyar da aka nema ya wuce abin da kumburin zai iya bayarwa, ba za a tsara Pod ɗin ba. Yana da mahimmanci a tuna da hakan Requests.memory - ba ƙaramin ƙima ba. Wannan bayanin shine adadin adadin ƙwaƙwalwar ajiyar da ya isa don kiyaye kwandon yana ci gaba da gudana.
Yawancin lokaci ana ba da shawarar saita ƙimar iri ɗaya don request.memory и limit.memory. Wannan yana tabbatar da cewa Kubernetes ba zai tsara Pod akan kumburin da ke da isasshen ƙwaƙwalwar ajiya don gudanar da Pod ɗin ba amma bai isa ya tafiyar da shi ba. Ka tuna: Kubernetes Pod Shirye-shiryen yana yin la'akari ne kawai requests.memoryda kuma limits.memory baya la'akari.
CPU: buƙatar da iyaka
containers:
...
resources:
requests:
cpu: 1
limits:
cpu: "1200m"
Tare da CPU komai yana da ɗan rikitarwa. Komawa ga hoton dangantakar dake tsakanin Kubernetes da Docker, zaku iya ganin hakan request.cpu соответствует --cpu-shares, alhali kuwa limit.cpu yayi daidai da tuta cpus in Docker.
An ninka CPU ɗin da Kubernetes ke buƙata ta 1024, adadin kewayon CPU. Idan kana son buƙatun cikakken cibiya 1, dole ne ka ƙara cpu: 1kamar yadda aka nuna a sama.
Neman cikakken kwaya (matsayi = 1024) ba yana nufin kwandon ku zai karɓi shi ba. Idan injin mai masaukin ku yana da cibiya ɗaya kawai kuma kuna gudana fiye da ganga ɗaya, to duk kwantena dole ne su raba CPU ɗin da ke akwai tsakanin su. Ta yaya hakan ke faruwa? Bari mu kalli hoton.
Buƙatar CPU - Tsarin Maɗaukaki ɗaya
Bari mu yi tunanin cewa kuna da tsarin runduna guda ɗaya da ke gudana kwantena. Inna (Kubernetes) ta gasa kek (CPU) kuma tana son raba shi tsakanin yara (kwantena). Yara uku suna son cikakken kek (kashi = 1024), wani yaro yana son rabin kek (512). Mama tana son yin adalci kuma ta yi lissafi mai sauƙi.
# Сколько пирогов хотят дети?
# 3 ребенка хотят по целому пирогу и еще один хочет половину пирога
cakesNumberKidsWant = (3 * 1) + (1 * 0.5) = 3.5
# Выражение получается так:
3 (ребенка/контейнера) * 1 (целый пирог/полное ядро) + 1 (ребенок/контейнер) * 0.5 (половина пирога/половина ядра)
# Сколько пирогов испечено?
availableCakesNumber = 1
# Сколько пирога (максимально) дети реально могут получить?
newMaxRequest = 1 / 3.5 =~ 28%Dangane da lissafin, yara uku za su karbi kashi 28% na ainihin, kuma ba duka ba. Yaro na huɗu zai sami kashi 14% na cikakken kwaya, ba rabi ba. Amma abubuwa zasu bambanta idan kuna da tsarin multi-core.
Buƙatar CPU - Tsarin Multi-Core (4).
A cikin hoton da ke sama za ku ga cewa yara uku suna son cikakken kek, ɗayan kuma yana son rabi. Tunda inna ta toya kuli-kuli hudu kowacce 'ya'yanta zasu samu yadda suke so. A cikin tsarin multi-core, ana rarraba albarkatun sarrafawa a cikin duk abubuwan da aka samo asali. Idan kwantena ya iyakance zuwa ƙasa da cikakken cikakken CPU guda ɗaya, har yanzu yana iya amfani da shi a 100%.
An sauƙaƙe lissafin da ke sama don fahimtar yadda ake rarraba CPU tsakanin kwantena. Tabbas, ban da kwantena da kansu, akwai wasu hanyoyin da su ma suke amfani da albarkatun CPU. Lokacin da matakai a cikin akwati ɗaya ba su da aiki, wasu na iya amfani da albarkatun sa. CPU: "200m" соответствует CPU: 0,2, wanda ke nufin kusan kashi 20% na cibiya ɗaya.
Yanzu bari muyi magana akai limit.cpu. CPU wanda Kubernetes ya iyakance yana ninka ta 100. Sakamakon shine adadin lokacin da akwati zai iya amfani da shi kowane 100 µs (cpu-period).
limit.cpu yayi daidai da tutar Docker --cpus. Wannan sabon hade ne na tsoho --cpu-period и --cpu-quota. Ta hanyar saita shi, muna nuna adadin albarkatun CPU da kwandon zai iya amfani da shi sosai kafin farawa:
- cpus - hade
cpu-periodиcpu-quota. cpus = 1.5daidai da saitincpu-period = 100000иcpu-quota = 150000; - CPU-lokaci - lokaci , tsoho 100 micro seconds;
- cpu-kwata - adadin micro seconds a ciki
cpu-period, wanda aka daure da kwantena.
Me zai faru idan kun shigar da ƙarancin CPU da ake buƙata?
Idan kwandon yana buƙatar fiye da yadda aka shigar, zai saci CPU daga wasu matakai.
Me zai faru idan kun saita iyakar CPU yayi ƙasa sosai?
Tunda kayan aikin CPU yana daidaitacce, zazzagewa zai kunna.
Me zai faru idan ba ku ƙayyade buƙatar CPU ba?
Kamar yadda yake tare da ƙwaƙwalwar ajiya, ƙimar buƙatun daidai yake da iyaka.
Me zai faru idan ba ku ƙayyade iyakar CPU ba?
Kwandon zai yi amfani da CPU mai yawa kamar yadda yake buƙata. Idan an ayyana tsohuwar manufar CPU (LimitRange) a cikin sararin suna, to ana amfani da wannan iyaka don akwati.
Me zai faru idan ba ku ƙididdige ko dai buƙatu ko iyakar CPU ba?
Kamar yadda yake tare da ƙwaƙwalwar ajiya, wannan shine mafi munin yanayi. Mai tsara jadawalin bai san adadin albarkatun da kwandon ku ke buƙata ba, kuma wannan na iya haifar da babbar matsala akan kumburi. Don guje wa wannan, kuna buƙatar saita iyakokin tsoho don wuraren suna (LimitRange).
Ka tuna: idan ka nemi ƙarin CPU fiye da nodes ɗin da za a iya bayarwa, ba za a tsara Pod ɗin ba. Requests.cpu - ba ƙaramin ƙima ba, amma ƙimar da ta isa don fara Pod da aiki ba tare da gazawa ba. Idan aikace-aikacen ba ya yin lissafin hadaddun, zaɓi mafi kyau shine shigar request.cpu <= 1 da kaddamar da kwafi da yawa kamar yadda ake buƙata.
Madaidaicin adadin albarkatun da ake buƙata ko iyakacin albarkatu
Mun koyi game da iyakancewar albarkatun kwamfuta. Yanzu lokaci ya yi da za a amsa tambayar: "Nawa albarkatun Pod nawa ke buƙata don gudanar da aikace-aikacen ba tare da wata matsala ba? Menene madaidaicin adadin?
Abin takaici, babu cikakkun amsoshi ga waɗannan tambayoyin. Idan ba ku san yadda aikace-aikacenku ke aiki ba ko nawa CPU ko ƙwaƙwalwar ajiya yake buƙata, mafi kyawun zaɓi shine ba wa aikace-aikacen ƙwaƙwalwar ajiya mai yawa da CPU sannan ku gudanar da gwaje-gwajen aiki.
Baya ga gwaje-gwajen aiki, saka idanu akan halayen aikace-aikacen a cikin sa ido na mako guda. Idan jadawali ya nuna cewa aikace-aikacenku yana cin albarkatun ƙasa fiye da yadda kuka nema, zaku iya rage adadin CPU ko ƙwaƙwalwar da ake nema.
A matsayin misali ga wannan . Yana nuna bambanci tsakanin albarkatun da ake buƙata ko iyakacin albarkatu da amfanin albarkatun yanzu.
ƙarshe
Nemi da iyakance albarkatu yana taimakawa tarin Kubernetes ɗinku lafiya. Daidaitaccen ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun farashi kuma yana sa aikace-aikacen su gudana a kowane lokaci.
A taƙaice, akwai ƴan abubuwan da ya kamata ku kiyaye:
- Abubuwan da ake buƙata sune ƙayyadaddun tsari wanda aka yi la'akari da lokacin farawa (lokacin da Kubernetes ke shirin ɗaukar aikace-aikacen). Sabanin haka, iyakance albarkatun yana da mahimmanci a lokacin aiki-lokacin da aikace-aikacen ya riga ya gudana akan kumburi.
- Idan aka kwatanta da ƙwaƙwalwar ajiya, CPU kayan aiki ne kayyade. Idan babu isasshen CPU, Pod ɗinku ba zai rufe ba kuma injin ɗin zai kunna.
- Abubuwan da ake buƙata da iyakacin albarkatu ba ƙaramin ƙima ba ne kuma mafi girman ƙima! Ta hanyar ayyana albarkatun da ake buƙata, kuna tabbatar da cewa aikace-aikacen zai gudana ba tare da matsala ba.
- Kyakkyawan aiki shine saita buƙatar ƙwaƙwalwar ajiya daidai da iyakar ƙwaƙwalwar ajiya.
- Ok an nema shigarwa
CPU <=1, idan aikace-aikacen ba ya yin lissafin hadaddun. - Idan kuna buƙatar ƙarin albarkatu fiye da samuwa akan kumburi, ba za a taɓa tsara Pod ɗin zuwa wannan kumburin ba.
- Don ƙayyade madaidaicin adadin albarkatu/ iyakoki na albarkatu da ake buƙata, yi amfani da gwajin nauyi da saka idanu.
Ina fatan wannan labarin ya taimaka muku fahimtar ainihin manufar iyakance albarkatun. Kuma za ku iya amfani da wannan ilimin a cikin aikinku.
Nasara!
Me kuma za a karanta:
- .
- .
- .
source: www.habr.com