Setup quota and limits on k8s namespace
In kubernetes (as known as k8s) we can create namespaces for different projects. The command is as simple as:
$ kubectl create namespace mytest
We want to setup the quota for a namespace, for instance, how many pods can be run in the namespace. The yaml file could look like follows.
apiVersion: v1
kind: ResourceQuota
metadata:
name: demo-resourcequota
spec:
hard:
pods: "100"
Please note it's going with "ResourceQuota" kind. Now apply this configuration to mytest namespace.
$ kubectl apply --namespace mytest -f proj/quota.yaml
And, we may want to setup the default limits for containers running in that namespace, by providing a yaml file like follows.
apiVersion: v1
kind: LimitRange
metadata:
name: demo-limitrange
spec:
limits:
- default:
cpu: "500m"
memory: "256Mi"
defaultRequest:
cpu: "200m"
memory: "128Mi"
type: Container
Please note the kind is "LimitRange" and it's assigned to "Container" type. Also apply this configuration to the namespace.
$ kubectl apply --namespace mytest -f proj/limits.yaml
Let's check the namespace's options.
$ kubectl describe namespace/mytest
Name: mytest
Labels: kubernetes.io/metadata.name=mytest
Annotations: <none>
Status: Active
Resource Quotas
Name: demo-resourcequota
Resource Used Hard
-------- --- ---
pods 0 100
Resource Limits
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Container cpu - - 200m 500m -
Container memory - - 128Mi 256Mi -
Here are the best practices for namespace setup,
- Use ResourceQuotas in each namespace to enforce a limit on the number of Pods that can run in the namespace.
- Use LimitRanges in each namespace to set default resource requests and limits for containers, but don’t rely on them; treat them as a backstop. Always specify explicit requests and limits in the container spec itself.