When several users or teams share a cluster with a fixed number of nodes, there is a concern that one team could use more than its fair share of resources.
Resource quotas are a tool for administrators to address this concern.
A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of computing resources that may be consumed by resources in that namespace.
Resource quotas work like this:
- Different teams work in different namespaces. Currently, this is voluntary, but support for making this mandatory via ACLs is planned.
- The administrator creates one ResourceQuota for each namespace.
- Users create resources (pods, services, etc.) in the namespace, and the quota system tracks usage to ensure it does not exceed hard resource limits defined in a ResourceQuota.
- If creating or updating a resource violates a quota constraint, the request will fail with HTTP status code 403 FORBIDDEN with a message explaining the constraint that would have been violated.
- If the quota is enabled in a namespace for compute resources like CPU and memory, users must specify requests or limits for those values; otherwise, the quota system may reject pod creation. Hint: Use the LimitRanger admission controller to force defaults for pods that make no compute resource requirements.
There are two types of quota
1- resource base
2- compute base
let's create a quota using the below example
kubectl create namespace ns1
Note- by default limit range is not set for namespace
apiVersion: v1 kind: ResourceQuota metadata: name: myquota spec: hard: pods:2
kubectl apply -f quota.yaml -namespace ns1
Compute base quota
kubectl create namespace ns2
apiVersion: v1 kind: ResourceQuota metadata: name: myquota spec: hard: request.cpu: 0.5 request.memory: 500Mi limit.cpu: 1 limit.memory: 1Gi
kubectl apply -f computequota.yaml -namespace ns2
Note-when we define compute quota it becomes mandatory to define limit in the pod definition file
apiVersion: v1 kind: Pod metadata: name: firstPod spec: containers: - image: image:latest name: firstcontainer resources request: cpu: 0.5 memory: 250Mi limits: cpu: 1 memory: 500Mi
if you do not specify the request then your limit will become your request and pod or any resource will be created, whereas if you did not specify limit then resource will nit be created and it will throw an error
How to delete the quota
in order to delete the recently created quota, we can use below command
kubectl delete -f quota.yaml