使用动态MPAM隔离功能
当需要动态调整某些离线业务的资源使用量时可以使用动态MPAM隔离功能。
(可选)配置动态MPAM隔离参数
插件提供了默认配置,如果不配置configMap同样可以使用动态MPAM隔离功能。MPAM动态隔离参数通过json文件配置,参数含义请参见表1。如果需要手动更改配置参考下面内容进行配置。
{
"mpamConfig":{
"adjustInterval": 5000,
"perfDuration": 3000,
"l3Percent": {
"low": 20,
"high": 50
},
"memBandPercent": {
"low": 10,
"high": 50
},
"cacheMiss": {
"minMiss": 10,
"maxMiss": 50
}
}
}
|
参数名 |
参数含义 |
|---|---|
|
adjustInterval |
每次动态调整之间的间隔,比如设置值为1000就是每隔1s执行一次动态调整。 |
|
perfDuration |
perf采集指标的时间,比如设置1000就是每次perf采集就采集1s的数据。 |
|
l3Percent |
动态调整过程中离线业务可以使用的L3Cache的最大值和最小值。比如设置low=20,high=50,那么在动态调整过程中离线业务最少可以使用20%的L3 CacheWay,最多可以使用50%的L3 CacheWay。 |
|
memBandPercent |
动态调整过程中离线业务可以使用的内存带宽的最大值和最小值。比如设置low=10,high=50,那么在动态调整过程中离线业务最少可以使用10%的内存带宽,最多可以使用50%的内存带宽。 |
|
cacheMiss |
是否进行动态调整的判别依据。比如设置minMiss=10,maxMiss=50,那么当在线业务的Cache Miss率大于50%时就降低离线业务的可用资源量,当在线业务的Cache Miss率小于10%时就增加离线业务的可用资源量。 |
json文件通过configMap的形式进行配置,在k8s-mpam-controller.yaml文件中配置,完整的yaml文件如下。
apiVersion: v1
kind: ServiceAccount
metadata:
name: mpam-controller-agent
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mpam-controller-agent
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mpam-controller-agent
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: mpam-controller-agent
subjects:
- kind: ServiceAccount
name: mpam-controller-agent
namespace: default
---
apiVersion: v1
kind: ConfigMap
metadata:
name: mpam-config
data:
config.json: |
{
"mpamConfig":{
"adjustInterval": 10000,
"perfDuration": 3000,
"l3Percent": {
"low": 20,
"high": 50
},
"memBandPercent": {
"low": 10,
"high": 50
},
"cacheMiss": {
"minMiss": 10,
"maxMiss": 30
}
}
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: mpam-controller-daemonset-agent
spec:
selector:
matchLabels:
app: k8s-mpam-controller-agent
template:
metadata:
labels:
app: k8s-mpam-controller-agent
spec:
serviceAccountName: mpam-controller-agent
hostPID: true
hostIPC: true
containers:
- name: k8s-mpam-controller-agent
image: k8s-mpam-controller:0.1
securityContext:
privileged: true
command: ["/usr/bin/agent"]
args: ["-direct"]
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: resctrl
mountPath: /sys/fs/resctrl/
- name: hostname
mountPath: /etc/hostname
- name: sysfs
mountPath: /sys/fs/cgroup/
- name: config-volume
mountPath: /var/lib/mpam-config
volumes:
- name: resctrl
hostPath:
path: /sys/fs/resctrl/
- name: hostname
hostPath:
path: /etc/hostname
- name: sysfs
hostPath:
path: /sys/fs/cgroup/
- name: config-volume
configMap:
name: mpam-config
items:
- key: config.json
path: config.json
使用动态MPAM隔离功能后插件会在目录下创建mpam-controller_dynamic目录,如下图所示。
部署离线业务
- 在Pod的yaml文件中添加注解kunpeng.com/offline: "true",标记该Pod为离线业务,方便插件对其进行限制,示例bw-mem.yaml文件如下。
apiVersion: v1 kind: Pod metadata: name: bw-mem annotations: kunpeng.com/offline: "true" spec: containers: - name: bw-mem image: bw-mem:latest imagePullPolicy: IfNotPresent command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 300000; done;" ] securityContext: capabilities: add: ["ALL"] resources: requests: cpu: "9.6" limits: cpu: "9.6" - 部署要进行限制的离线业务。
kubectl apply -f bw-mem.yaml
部署成功后离线业务的pid会被加入到mpam-controller_dynamic控制组中的tasks。
- 通过以下命令查看被限制的离线业务的pid。
cd /sys/fs/resctrl/mpam-controller_dynamic cat tasks