diff --git a/docs/admin/admission-controllers.md b/docs/admin/admission-controllers.md index 9a4bfe41e57..342d1de4993 100644 --- a/docs/admin/admission-controllers.md +++ b/docs/admin/admission-controllers.md @@ -114,7 +114,7 @@ This plug-in will observe the incoming request and ensure that it does not viola enumerated in the `ResourceQuota` object in a `Namespace`. If you are using `ResourceQuota` objects in your Kubernetes deployment, you MUST use this plug-in to enforce quota constraints. -See the [resourceQuota design doc](../design/admission_control_resource_quota.md) and the [example of Resource Quota](../user-guide/resourcequota/) for more details. +See the [resourceQuota design doc](../design/admission_control_resource_quota.md) and the [example of Resource Quota](resourcequota/) for more details. It is strongly encouraged that this plug-in is configured last in the sequence of admission control plug-ins. This is so that quota is not prematurely incremented only for the request to be rejected later in admission control. diff --git a/docs/admin/resource-quota.md b/docs/admin/resource-quota.md index 22d9b0eca27..284fe8b8e6a 100644 --- a/docs/admin/resource-quota.md +++ b/docs/admin/resource-quota.md @@ -167,7 +167,7 @@ restrictions around nodes: pods from several namespaces may run on the same node ## Example -See a [detailed example for how to use resource quota](../user-guide/resourcequota/). +See a [detailed example for how to use resource quota](resourcequota/).. ## Read More diff --git a/docs/admin/resourcequota/README.md b/docs/admin/resourcequota/README.md new file mode 100644 index 00000000000..edba9dfa053 --- /dev/null +++ b/docs/admin/resourcequota/README.md @@ -0,0 +1,191 @@ + + + + +WARNING +WARNING +WARNING +WARNING +WARNING + +

PLEASE NOTE: This document applies to the HEAD of the source tree

+ +If you are using a released version of Kubernetes, you should +refer to the docs that go with that version. + + +The latest 1.0.x release of this document can be found +[here](http://releases.k8s.io/release-1.0/docs/admin/resourcequota/README.md). + +Documentation for other releases can be found at +[releases.k8s.io](http://releases.k8s.io). + +-- + + + + +Resource Quota +======================================== +This example demonstrates how [resource quota](../../admin/admission-controllers.md#resourcequota) and [limits](../../admin/admission-controllers.md#limitranger) can be applied to a Kubernetes namespace. See [ResourceQuota design doc](../../design/admission_control_resource_quota.md) for more information. + +This example assumes you have a functional Kubernetes setup. + +Step 1: Create a namespace +----------------------------------------- +This example will work in a custom namespace to demonstrate the concepts involved. + +Let's create a new namespace called quota-example: + +```console +$ kubectl create -f docs/admin/resourcequota/namespace.yaml +$ kubectl get namespaces +NAME LABELS STATUS +default Active +quota-example Active +``` + +Step 2: Apply a quota to the namespace +----------------------------------------- +By default, a pod will run with unbounded CPU and memory limits. This means that any pod in the +system will be able to consume as much CPU and memory on the node that executes the pod. + +Users may want to restrict how much of the cluster resources a given namespace may consume +across all of its pods in order to manage cluster usage. To do this, a user applies a quota to +a namespace. A quota lets the user set hard limits on the total amount of node resources (cpu, memory) +and API resources (pods, services, etc.) that a namespace may consume. + +Let's create a simple quota in our namespace: + +```console +$ kubectl create -f docs/admin/resourcequota/quota.yaml --namespace=quota-example +``` + +Once your quota is applied to a namespace, the system will restrict any creation of content +in the namespace until the quota usage has been calculated. This should happen quickly. + +You can describe your current quota usage to see what resources are being consumed in your +namespace. + +```console +$ kubectl describe quota quota --namespace=quota-example +Name: quota +Namespace: quota-example +Resource Used Hard +-------- ---- ---- +cpu 0 20 +memory 0 1Gi +persistentvolumeclaims 0 10 +pods 0 10 +replicationcontrollers 0 20 +resourcequotas 1 1 +secrets 1 10 +services 0 5 +``` + +Step 3: Applying default resource limits +----------------------------------------- +Pod authors rarely specify resource limits for their pods. + +Since we applied a quota to our project, let's see what happens when an end-user creates a pod that has unbounded +cpu and memory by creating an nginx container. + +To demonstrate, lets create a replication controller that runs nginx: + +```console +$ kubectl run nginx --image=nginx --replicas=1 --namespace=quota-example +CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS +nginx nginx nginx run=nginx 1 +``` + +Now let's look at the pods that were created. + +```console +$ kubectl get pods --namespace=quota-example +NAME READY STATUS RESTARTS AGE +``` + +What happened? I have no pods! Let's describe the replication controller to get a view of what is happening. + +```console +kubectl describe rc nginx --namespace=quota-example +Name: nginx +Image(s): nginx +Selector: run=nginx +Labels: run=nginx +Replicas: 0 current / 1 desired +Pods Status: 0 Running / 0 Waiting / 0 Succeeded / 0 Failed +Events: + FirstSeen LastSeen Count From SubobjectPath Reason Message + Mon, 01 Jun 2015 22:49:31 -0400 Mon, 01 Jun 2015 22:52:22 -0400 7 {replication-controller } failedCreate Error creating: Pod "nginx-" is forbidden: Limited to 1Gi memory, but pod has no specified memory limit +``` + +The Kubernetes API server is rejecting the replication controllers requests to create a pod because our pods +do not specify any memory usage. + +So let's set some default limits for the amount of cpu and memory a pod can consume: + +```console +$ kubectl create -f docs/admin/resourcequota/limits.yaml --namespace=quota-example +limitranges/limits +$ kubectl describe limits limits --namespace=quota-example +Name: limits +Namespace: quota-example +Type Resource Min Max Default +---- -------- --- --- --- +Container memory - - 512Mi +Container cpu - - 100m +``` + +Now any time a pod is created in this namespace, if it has not specified any resource limits, the default +amount of cpu and memory per container will be applied as part of admission control. + +Now that we have applied default limits for our namespace, our replication controller should be able to +create its pods. + +```console +$ kubectl get pods --namespace=quota-example +NAME READY STATUS RESTARTS AGE +nginx-t9cap 1/1 Running 0 49s +``` + +And if we print out our quota usage in the namespace: + +```console +$ kubectl describe quota quota --namespace=quota-example +Name: quota +Namespace: default +Resource Used Hard +-------- ---- ---- +cpu 100m 20 +memory 536870912 1Gi +persistentvolumeclaims 0 10 +pods 1 10 +replicationcontrollers 1 20 +resourcequotas 1 1 +secrets 1 10 +services 0 5 +``` + +You can now see the pod that was created is consuming explicit amounts of resources, and the usage is being +tracked by the Kubernetes system properly. + +Summary +---------------------------- +Actions that consume node resources for cpu and memory can be subject to hard quota limits defined +by the namespace quota. + +Any action that consumes those resources can be tweaked, or can pick up namespace level defaults to +meet your end goal. + + + + + +[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/admin/resourcequota/README.md?pixel)]() + diff --git a/docs/user-guide/resourcequota/limits.yaml b/docs/admin/resourcequota/limits.yaml similarity index 100% rename from docs/user-guide/resourcequota/limits.yaml rename to docs/admin/resourcequota/limits.yaml diff --git a/docs/user-guide/resourcequota/namespace.yaml b/docs/admin/resourcequota/namespace.yaml similarity index 100% rename from docs/user-guide/resourcequota/namespace.yaml rename to docs/admin/resourcequota/namespace.yaml diff --git a/docs/user-guide/resourcequota/quota.yaml b/docs/admin/resourcequota/quota.yaml similarity index 100% rename from docs/user-guide/resourcequota/quota.yaml rename to docs/admin/resourcequota/quota.yaml diff --git a/docs/design/admission_control_resource_quota.md b/docs/design/admission_control_resource_quota.md index 4b417ead406..a9de7a9c49b 100644 --- a/docs/design/admission_control_resource_quota.md +++ b/docs/design/admission_control_resource_quota.md @@ -201,9 +201,9 @@ kubectl is modified to support the **ResourceQuota** resource. For example, ```console -$ kubectl create -f docs/user-guide/resourcequota/namespace.yaml +$ kubectl create -f docs/admin/resourcequota/namespace.yaml namespace "quota-example" created -$ kubectl create -f docs/user-guide/resourcequota/quota.yaml --namespace=quota-example +$ kubectl create -f docs/admin/resourcequota/quota.yaml --namespace=quota-example resourcequota "quota" created $ kubectl describe quota quota --namespace=quota-example Name: quota @@ -222,8 +222,7 @@ services 0 5 ## More information -See [resource quota document](../admin/resource-quota.md) and the [example of Resource Quota](../user-guide/resourcequota/) for more information. - +See [resource quota document](../admin/resource-quota.md) and the [example of Resource Quota](../admin/resourcequota/) for more information. [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/design/admission_control_resource_quota.md?pixel)]() diff --git a/docs/user-guide/resourcequota/README.md b/docs/user-guide/resourcequota/README.md index 9fc6e3d1bb3..32a360c4a53 100644 --- a/docs/user-guide/resourcequota/README.md +++ b/docs/user-guide/resourcequota/README.md @@ -30,159 +30,10 @@ Documentation for other releases can be found at + Resource Quota ======================================== -This example demonstrates how [resource quota](../../admin/admission-controllers.md#resourcequota) and [limits](../../admin/admission-controllers.md#limitranger) can be applied to a Kubernetes namespace. See [ResourceQuota design doc](../../design/admission_control_resource_quota.md) for more information. - -This example assumes you have a functional Kubernetes setup. - -Step 1: Create a namespace ------------------------------------------ -This example will work in a custom namespace to demonstrate the concepts involved. - -Let's create a new namespace called quota-example: - -```console -$ kubectl create -f docs/user-guide/resourcequota/namespace.yaml -$ kubectl get namespaces -NAME LABELS STATUS -default Active -quota-example Active -``` - -Step 2: Apply a quota to the namespace ------------------------------------------ -By default, a pod will run with unbounded CPU and memory limits. This means that any pod in the -system will be able to consume as much CPU and memory on the node that executes the pod. - -Users may want to restrict how much of the cluster resources a given namespace may consume -across all of its pods in order to manage cluster usage. To do this, a user applies a quota to -a namespace. A quota lets the user set hard limits on the total amount of node resources (cpu, memory) -and API resources (pods, services, etc.) that a namespace may consume. - -Let's create a simple quota in our namespace: - -```console -$ kubectl create -f docs/user-guide/resourcequota/quota.yaml --namespace=quota-example -``` - -Once your quota is applied to a namespace, the system will restrict any creation of content -in the namespace until the quota usage has been calculated. This should happen quickly. - -You can describe your current quota usage to see what resources are being consumed in your -namespace. - -```console -$ kubectl describe quota quota --namespace=quota-example -Name: quota -Namespace: quota-example -Resource Used Hard --------- ---- ---- -cpu 0 20 -memory 0 1Gi -persistentvolumeclaims 0 10 -pods 0 10 -replicationcontrollers 0 20 -resourcequotas 1 1 -secrets 1 10 -services 0 5 -``` - -Step 3: Applying default resource limits ------------------------------------------ -Pod authors rarely specify resource limits for their pods. - -Since we applied a quota to our project, let's see what happens when an end-user creates a pod that has unbounded -cpu and memory by creating an nginx container. - -To demonstrate, lets create a replication controller that runs nginx: - -```console -$ kubectl run nginx --image=nginx --replicas=1 --namespace=quota-example -CONTROLLER CONTAINER(S) IMAGE(S) SELECTOR REPLICAS -nginx nginx nginx run=nginx 1 -``` - -Now let's look at the pods that were created. - -```console -$ kubectl get pods --namespace=quota-example -NAME READY STATUS RESTARTS AGE -``` - -What happened? I have no pods! Let's describe the replication controller to get a view of what is happening. - -```console -kubectl describe rc nginx --namespace=quota-example -Name: nginx -Image(s): nginx -Selector: run=nginx -Labels: run=nginx -Replicas: 0 current / 1 desired -Pods Status: 0 Running / 0 Waiting / 0 Succeeded / 0 Failed -Events: - FirstSeen LastSeen Count From SubobjectPath Reason Message - Mon, 01 Jun 2015 22:49:31 -0400 Mon, 01 Jun 2015 22:52:22 -0400 7 {replication-controller } failedCreate Error creating: Pod "nginx-" is forbidden: Limited to 1Gi memory, but pod has no specified memory limit -``` - -The Kubernetes API server is rejecting the replication controllers requests to create a pod because our pods -do not specify any memory usage. - -So let's set some default limits for the amount of cpu and memory a pod can consume: - -```console -$ kubectl create -f docs/user-guide/resourcequota/limits.yaml --namespace=quota-example -limitranges/limits -$ kubectl describe limits limits --namespace=quota-example -Name: limits -Namespace: quota-example -Type Resource Min Max Default ----- -------- --- --- --- -Container memory - - 512Mi -Container cpu - - 100m -``` - -Now any time a pod is created in this namespace, if it has not specified any resource limits, the default -amount of cpu and memory per container will be applied as part of admission control. - -Now that we have applied default limits for our namespace, our replication controller should be able to -create its pods. - -```console -$ kubectl get pods --namespace=quota-example -NAME READY STATUS RESTARTS AGE -nginx-t9cap 1/1 Running 0 49s -``` - -And if we print out our quota usage in the namespace: - -```console -$ kubectl describe quota quota --namespace=quota-example -Name: quota -Namespace: default -Resource Used Hard --------- ---- ---- -cpu 100m 20 -memory 536870912 1Gi -persistentvolumeclaims 0 10 -pods 1 10 -replicationcontrollers 1 20 -resourcequotas 1 1 -secrets 1 10 -services 0 5 -``` - -You can now see the pod that was created is consuming explicit amounts of resources, and the usage is being -tracked by the Kubernetes system properly. - -Summary ----------------------------- -Actions that consume node resources for cpu and memory can be subject to hard quota limits defined -by the namespace quota. - -Any action that consumes those resources can be tweaked, or can pick up namespace level defaults to -meet your end goal. - +This page has been moved to [here](../../admin/resourcequota/README.md) [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/docs/user-guide/resourcequota/README.md?pixel)]() diff --git a/examples/examples_test.go b/examples/examples_test.go index 3a43c1dbc58..84f74af3ba0 100644 --- a/examples/examples_test.go +++ b/examples/examples_test.go @@ -308,7 +308,7 @@ func TestExampleObjectSchemas(t *testing.T) { "redis-sentinel-controller": &api.ReplicationController{}, "redis-sentinel-service": &api.Service{}, }, - "../docs/user-guide/resourcequota": { + "../docs/admin/resourcequota": { "namespace": &api.Namespace{}, "limits": &api.LimitRange{}, "quota": &api.ResourceQuota{},