kubernetes 如何在k8s中启用资源管理?对k8s资源配置的质疑

mi7gmzs6  于 2024-01-07  发布在  Kubernetes
关注(0)|答案(1)|浏览(223)

K8s的官方文档指出,必须在apiserver的--enable-admission-plugins中包含ResourceManager才能启用资源配额。https://kubernetes.io/docs/concepts/policy/resource-quotas/#enabling-resource-quota
在某个K8s 1.19环境中,我在--enable-admission-plugins中没有找到ResourceQuota配置,但是一旦为每个队列空间设置了resourcequota,这个resourcequota就会生效。enter image description here
此外,通过检查apiserver的源代码,(release-1.28),pkg/admission/plugin/resourcequota/admission.go中的Register方法没有被引用。在pkg/server/options/admission.go中,AdmissionOptions的register方法会检查配置中的插件是否注册,如果没有注册,则返回错误。这个register方法是从RecommendedOptions的register方法调用的,但不调用NewRecommendedOptions。
我糊涂了
如果有Maven的指导,我将不胜感激。谢谢。
我想弄清楚K8s中的ResourceSort是如何生效的。我想从源代码中找到依据。

kubernetes

1条答案

按热度按时间
edqdpe6u

edqdpe6u1#

我自己找到了这个问题的答案,vendor/k8s.io/apiserver/pkg/server/options/admission.go中AdmissionOptions的“enablePluginNames”函数就是答案。

  1. // enabledPluginNames makes use of RecommendedPluginOrder, DefaultOffPlugins,
  2. // EnablePlugins, DisablePlugins fields
  3. // to prepare a list of ordered plugin names that are enabled.
  4. func (a *AdmissionOptions) enabledPluginNames() []string {
  5.     allOffPlugins := append(a.DefaultOffPlugins.List(), a.DisablePlugins...)
  6.     disabledPlugins := sets.NewString(allOffPlugins...)
  7.     enabledPlugins := sets.NewString(a.EnablePlugins...)
  8.     disabledPlugins = disabledPlugins.Difference(enabledPlugins)
  10.     orderedPlugins := []string{}
  11.     for _, plugin := range a.RecommendedPluginOrder {
  12.         if !disabledPlugins.Has(plugin) {
  13.             orderedPlugins = append(orderedPlugins, plugin)
  14.         }
  15.     }
  17.     return orderedPlugins
  18. }

字符串
RecommendedPluginOrder中的插件只要没有被禁用,就会默认启用。
RecommendedPlugionOrder在pkg/kubeapiserver/options/admission. go中的NewAdmissionOptions方法中初始化。

  1. // NewAdmissionOptions creates a new instance of AdmissionOptions
  2. // Note:
  3. //
  4. //  In addition it calls RegisterAllAdmissionPlugins to register
  5. //  all kube-apiserver admission plugins.
  6. //
  7. //  Provides the list of RecommendedPluginOrder that holds sane values
  8. //  that can be used by servers that don't care about admission chain.
  9. //  Servers that do care can overwrite/append that field after creation.
  10. func NewAdmissionOptions() *AdmissionOptions {
  11.     options := genericoptions.NewAdmissionOptions()
  12.     // register all admission plugins
  13.     RegisterAllAdmissionPlugins(options.Plugins)
  14.     // set RecommendedPluginOrder
  15.     options.RecommendedPluginOrder = AllOrderedPlugins
  16.     // set DefaultOffPlugins
  17.     options.DefaultOffPlugins = DefaultOffAdmissionPlugins()
  19.     return &AdmissionOptions{
  20.         GenericAdmission: options,
  21.     }
  22. }


AllOrderedPlugins是这样声明的:

  1. // AllOrderedPlugins is the list of all the plugins in order.
  2. var AllOrderedPlugins = []string{
  3.     admit.PluginName,                        // AlwaysAdmit
  4.     autoprovision.PluginName,                // NamespaceAutoProvision
  5.     lifecycle.PluginName,                    // NamespaceLifecycle
  6.     exists.PluginName,                       // NamespaceExists
  7.     scdeny.PluginName,                       // SecurityContextDeny
  8.     antiaffinity.PluginName,                 // LimitPodHardAntiAffinityTopology
  9.     limitranger.PluginName,                  // LimitRanger
  10.     serviceaccount.PluginName,               // ServiceAccount
  11.     noderestriction.PluginName,              // NodeRestriction
  12.     nodetaint.PluginName,                    // TaintNodesByCondition
  13.     alwayspullimages.PluginName,             // AlwaysPullImages
  14.     imagepolicy.PluginName,                  // ImagePolicyWebhook
  15.     podsecurity.PluginName,                  // PodSecurity
  16.     podnodeselector.PluginName,              // PodNodeSelector
  17.     podpriority.PluginName,                  // Priority
  18.     defaulttolerationseconds.PluginName,     // DefaultTolerationSeconds
  19.     podtolerationrestriction.PluginName,     // PodTolerationRestriction
  20.     eventratelimit.PluginName,               // EventRateLimit
  21.     extendedresourcetoleration.PluginName,   // ExtendedResourceToleration
  22.     label.PluginName,                        // PersistentVolumeLabel
  23.     setdefault.PluginName,                   // DefaultStorageClass
  24.     storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection
  25.     gc.PluginName,                           // OwnerReferencesPermissionEnforcement
  26.     resize.PluginName,                       // PersistentVolumeClaimResize
  27.     runtimeclass.PluginName,                 // RuntimeClass
  28.     certapproval.PluginName,                 // CertificateApproval
  29.     certsigning.PluginName,                  // CertificateSigning
  30.     ctbattest.PluginName,                    // ClusterTrustBundleAttest
  31.     certsubjectrestriction.PluginName,       // CertificateSubjectRestriction
  32.     defaultingressclass.PluginName,          // DefaultIngressClass
  33.     denyserviceexternalips.PluginName,       // DenyServiceExternalIPs
  35.     // new admission plugins should generally be inserted above here
  36.     // webhook, resourcequota, and deny plugins must go at the end
  38.     mutatingwebhook.PluginName,           // MutatingAdmissionWebhook
  39.     validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy
  40.     validatingwebhook.PluginName,         // ValidatingAdmissionWebhook
  41.     resourcequota.PluginName,             // ResourceQuota
  42.     deny.PluginName,                      // AlwaysDeny
  43. }


因此,默认情况下将启用ResourcesPlugin,事件不会在--enable-admission-plugins参数中声明。

展开查看全部
赞(0)分享  回复(0)举报  2024-01-07
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com