github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-11-03 23:40:03 +00:00
Code Issues Projects Releases Wiki Activity
Files
a8fdf3d78b84679e646ef7aa1c9b51ff539a9a41
kubernetes/docs/resource_quota_admin.md

3.4 KiB
Raw Blame History

Administering Resource Quotas

Kubernetes can limit the both number of objects created in a namespace, and the total amount of resources requested by pods in a namespace. This facilitates sharing of a single Kubernetes cluster by several teams or tenants, each in a namespace.

Enabling Resource Quota

Resource Quota support is enabled by default for many kubernetes distributions. It is enabled when the apiserver --admission_control= flag has ResourceQuota as one of its arguments.

Resource Quota is enforced in a particular namespace when there is a ResourceQuota object in that namespace. There should be at most one ResourceQuota object in a namespace.

Object Count Quota

The number of objects of a given type can be restricted. The following types are supported:

ResourceName Description
pods Total number of pods
services Total number of services
replicationcontrollers Total number of replication controllers
resourcequotas Total number of resource quotas
secrets Total number of secrets
persistentvolumeclaims Total number of persistent volume claims

For example, pods quota counts and enforces a maximum on the number of pods created in a single namespace.

Compute Resource Quota

The total number of objects of a given type can be restricted. The following types are supported:

ResourceName Description
cpu Total cpu limits of containers
memory Total memory usage limits of containers
example.com/customresource Total of resources.limits."example.com/customresource" of containers

For example, cpu quota sums up the resources.limits.cpu fields of every container of every pod in the namespace, and enforces a maximum on that sum.

Any resource that is not part of core Kubernetes must follow the resource naming convention prescribed by Kubernetes.

This means the resource must have a fully-qualified name (i.e. mycompany.org/shinynewresource)

Viewing and Setting Quotas

Kubectl supports creating, updating, and viewing quotas

$ kubectl namespace myspace
$ cat <<EOF > quota.json
{
  "apiVersion": "v1beta3",
  "kind": "ResourceQuota",
  "metadata": {
    "name": "quota",
  },
  "spec": {
    "hard": {
      "memory": "1Gi",
      "cpu": "20",
      "pods": "10",
      "services": "5",
      "replicationcontrollers":"20",
      "resourcequotas":"1",
    },
  }
}
EOF
$ kubectl create -f quota.json
$ kubectl get quota
NAME
quota
$ kubectl describe quota quota
Name:                   quota
Resource                Used    Hard
--------                ----    ----
cpu                     0m      20
memory                  0       1Gi
pods                    5       10
replicationcontrollers  5       20
resourcequotas          1       1
services                3       5

Quota and Cluster Capacity

Resource Quota objects are independent of the Cluster Capacity. They are expressed in absolute units.

Sometimes more complex policies may be desired, such as:

  • proportionally divide total cluster resources among several teams.
  • allow each tenant to grow resource usage as needed, but have a generous limit to prevent accidental resource exhaustion.

Such policies could be implemented using ResourceQuota as a building-block, by writing a controller which watches the quota usage and adjusts the quota hard limits of each namespace.