Node Allocatable

Capacity:
cpu: 4
ephemeral-storage: 50824704Ki
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 8123340Ki
pods: 110
Allocatable:
cpu: 4
ephemeral-storage: 49442272013
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 8123340Ki
pods: 110

• Kubelet Node Allocatable 用来为 Kube 组件和 System 进程预留资源，从而保证当节点出现满负荷时也能保证 Kube 和 System 进程有足够的资源。
• 目前支持 cpu, memory, ephemeral-storage 三种资源预留。
• Node Capacity 是节点的所有硬件资源，kube-reserved 是给 kube 组件预留的资源，system-reserved 是给系统进程预留的资源，eviction-threshold 是 kubelet 驱逐的阈值设定，allocatable 才是真正调度器调度 Pod 时的参考值（保证节点上所有 Pods 的 request 资源不超过 Allocatable）。

Node Allocatable Resource = Node Capacity - Kube-reserved - system-reserved - eviction-threshold

使用 CLI参数

--enforce-node-allocatable=pods
--kube-reserved=memory=...
--system-reserved=memory=...
--eviction-hard=...

使用配置文件

/var/lib/kubelet/config.yaml

apiVersion: kubelet.config.k8s.io/v1beta1
......
enforceNodeAllocatable:
- pods
kubeReserved:  # 配置 kube 资源预留
  cpu: 500m
  memory: 1Gi
  ephemeral-storage: 1Gi
systemReserved:  # 配置系统资源预留
  memory: 1Gi
evictionHard:  # 配置硬驱逐阈值
  memory.available: "300Mi"
  nodefs.available: "10%"

rke1的情况

nodes:
  - address: 10.10.10.1
    user: rke
    role: [controlplane,etcd]
  - address: 10.10.10.2
    user: rke
    role: [controlplane,etcd,worker]
  - address: 10.10.10.3
    user: rke
    role: [worker]
system_images:
    kubernetes: rancher/hyperkube:v1.13.5-rancher1
services:
  etcd:
    backup_config:
      enabled: true 
      interval_hours: 6
      retention: 12
    extra_args:
      quota-backend-bytes: '4294967296'
  kubelet:
    cluster_domain: cluster.local
    cluster_dns_server: 10.43.0.10
    fail_swap_on: true
    extra_args:
      max-pods: 20
      enforce-node-allocatable: 'pods'
      system-reserved: 'cpu=1,memory=2000Mi'
      kube-reserved: 'cpu=1.5,memory=3000Mi'
  kube-controller:
    cluster_cidr: 10.42.0.0/16
    service_cluster_ip_range: 10.43.0.0/16
    extra_args:
      node-cidr-mask-size: '24'
      node-monitor-period: '5s'
      node-monitor-grace-period: '10s'
      node-startup-grace-period: '20s'
      pod-eviction-timeout: '10s'
  kube-api:
    service_cluster_ip_range: 10.43.0.0/16
    service_node_port_range: 30000-32767
    pod_security_policy: false
    always_pull_images: false
dns:
  provider: coredns

rke2的情况

microk8s的情况

它的kubelet 启动程序是

/snap/microk8s/2407/kubelite

它的参数文件

/var/snap/microk8s/2407/args/kubelet

修改/var/snap/microk8s/2407/args/kubelet,追加以下内容

--enforce-node-allocatable=pods
--kube-reserved=cpu=500m
--kube-reserved=memory=1Gi
--system-reserved=cpu=500m
--system-reserved=memory=1Gi
--eviction-hard=10%