namespace的配额
代码语言:txt复制cat quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: object-counts
namespace: default
spec:
hard:
configmaps: "10" ## 最多10个 ConfigMap
secrets: "10" ## 最多10个 secret
services: "10" ## 最多10个 service
services.loadbalancers: "2" ## 最多2个 Loadbanlacer 模式的 service
cpu: "1000" ## 该 Namespaces 下最多使用1000个 CPU 的资源
memory: 200Gi ## 该 Namespaces 下最多使用200Gi的内存
kubectl apply -f quota.yaml简单测试configmaps的数量限制,可以看到现在10个
代码语言:txt复制for i in {1..11};do kubectl create configmap test-config-$i --from-literal=key1=config1;done
configmap/test-config-1 created
configmap/test-config-2 created
configmap/test-config-3 created
configmap/test-config-4 created
configmap/test-config-5 created
configmap/test-config-6 created
configmap/test-config-7 created
configmap/test-config-8 created
configmap/test-config-9 created
configmap/test-config-10 created
Error from server (Forbidden): configmaps "test-config-11" is forbidden: exceeded quota: object-counts, requested: configmaps=1, used: configmaps=10, limited: configmaps=10限制namespaces之间的网络访问
需要部署kube-router,cni没有提供
网络策略实践
namespaceTKE官网
