Resource Quota

When several users or teams share a cluster with a fixed number of nodes, there is a concern that one team culd use more than its fair share of resources. Resource quotas are a tool for administrators to address this concern.

A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of computing resources that may be consumed by resources in that namespace.

Resource quotas work like this:

  • Different teams work in different namespaces. Currently, this is voluntary, but support for making this mandatory via ACLs is planned.
  • The administrator creates one ResourceQuota for each namespace.
  • Users create resources (pods, services, etc.) in the namespace, and the quota system tracks usage to ensure it does not exceed hard resource limits defined in a ResourceQuota.
  • If creating or updating a resource violates a quota constraint, the request will fail with HTTP status code 403 FORBIDDEN with a message explaining the constraint that would have been violated.
  • If the quota is enabled in a namespace for compute resources like CPU and memory, users must specify requests or limits for those values; otherwise, the quota system may reject pod creation. Hint: Use the LimitRanger admission controller to force defaults for pods that make no compute resource requirements.

There are two types of quota

1- resource base

2- compute base

let's create a quota using the below example

kubectl create namespace ns1

Note- by default limit range is not set for namespace

vi quota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: myquota
spec:
  hard: pods:2
kubectl apply -f quota.yaml -namespace ns1

Compute base quota

kubectl create namespace ns2
vi computequota.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: myquota
spec:
  hard:
    request.cpu: 0.5
    request.memory: 500Mi
    limit.cpu: 1
    limit.memory: 1Gi
kubectl apply -f computequota.yaml -namespace ns2

Note-when we define compute quota it becomes mandatory to define limit in the pod definition file

apiVersion: v1
kind: Pod
metadata:
    name: firstPod
spec:
    containers:
        - image: image:latest
          name: firstcontainer
          resources
            request:
              cpu: 0.5
              memory: 250Mi
            limits:
              cpu: 1
              memory: 500Mi

if you do not specify the request then your limit will become your request and pod or any resource will be created, whereas if you did not specify limit then resource will nit be created and it will throw an error

How to delete the quota

in order to delete the recently created quota, we can use below command

kubectl delete -f quota.yaml