Search code examples
kuberneteskubectl

Why doesn't the POD use the requested cpu/memory limit in K8S?

I have deployed a pod with cpu/memory limit on the spec:

resources:
            requests:
              cpu: 1
              memory: 4Gi

but the limit looks different from kubectl describe pod command:

Init Containers:
  elastic-internal-init-filesystem:
    Container ID:  docker://174be47d381c76b64ba406d1e1a80c685fca407a926074df32d8dd5689f359f2
    Image:         docker.elastic.co/elasticsearch/elasticsearch:7.15.2
    Image ID:      docker-pullable://docker.elastic.co/elasticsearch/elasticsearch@sha256:a1dce08d504b22e87adc849c94dcae53f6a0bd12648a4d99d7f9fc07bb2e8a3e
    Port:          <none>
    Host Port:     <none>
    Command:
      bash
      -c
      /mnt/elastic-internal/scripts/prepare-fs.sh
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Wed, 31 May 2023 10:42:34 +1000
      Finished:     Wed, 31 May 2023 10:42:36 +1000
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     100m
      memory:  50Mi
    Requests:
      cpu:     100m
      memory:  50Mi

The describe command returns 100m cpu and 50Mi memory. However I requested 4G memory and 1 cpu. Why doesn't it use the limit from the spec file?

The full spec file is:

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: elk
spec:
  version: 7.15.2
  serviceAccountName: docker-sa
  http:
    tls:
      selfSignedCertificate:
        disabled: true
  nodeSets:
  - name: node
    count: 2
    config:
      network.host: 0.0.0.0
      xpack.security.enabled: false
      # xpack.security.http.ssl.enabled: false
      # xpack.security.transport.ssl.enabled: false
    podTemplate:
      spec:
        initContainers:
        - name: sysctl
          securityContext:
            privileged: true
          command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
        containers:
        - name: elasticsearch
          readinessProbe:
            exec:
              command:
              - bash
              - -c
              - /mnt/elastic-internal/scripts/readiness-probe-script.sh
            failureThreshold: 3
            initialDelaySeconds: 10
            periodSeconds: 12
            successThreshold: 1
            timeoutSeconds: 12
          env:
          - name: READINESS_PROBE_TIMEOUT
            value: "120"
          resources:
            requests:
              cpu: 1
              memory: 4Gi
          volumeMounts:
          - name: elasticsearch-data
            mountPath: /usr/share/elasticsearch/data
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
      spec:
        accessModes:
          - ReadWriteOnce
        storageClassName: ebs-sc
        resources:
          requests:
            storage: 512Gi
Solution

  • Try:

    ...
podTemplate:
  spec:
    initContainers:
    - name: sysctl
      securityContext:
        privileged: true
      command: ['sh', '-c', 'sysctl -w vm.max_map_count=262144']
      resources:  # <-- Specify resources per-container
        limits:   # <-- Set the limit
          cpu: 1
          memory: 4Gi    
        requests:
          cpu: 1
          memory: 4Gi
        ...