305-998-7702 | 415-800-2922 info@rx-m.com

LimitRanges

Learn how to put the latest open source technology into practice with hands-on training, delivered by industry experts, aligned to your desired business outcomes

Users who have control over their namespaces can also define a LimitRange, which is an API object that ensures pods maintain a minimum and maximum value for certain resources. This is enforced using a validating webhook that either rejects pods whose containers violate the set resource limits for their containers or inserts a limit into all containers of a pod that do not define any resource limits.

LimitRanges must be defined in YAML, and can ensure that either CPU or memory constraints are enforced within the namespace:

apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-limit
  namespace: limited
spec:
  limits:
  - max:
      cpu: "512m"
    min:
      cpu: "64m"
    type: Container

Once defined, the limitrange can be found within the description.

$ kubectl apply -f limitrange.yaml

limitrange/cpu-limit created

$ kubectl describe namespace limited

Name:         limited
Labels:       kubernetes.io/metadata.name=limited
Annotations:  
Status:       Active

No resource quota.

Resource Limits
 Type       Resource  Min  Max   Default Request  Default Limit  Max Limit/Request Ratio
 ----       --------  ---  ---   ---------------  -------------  -----------------------
 Container  cpu       64m  512m  512m             512m           -

Once a limitrange like the one described is in place, any pods you create will have that limit injected into their containers:

$ kubectl run -n limited --image nginx -o yaml webserver

apiVersion: v1
kind: Pod
metadata:
  annotations:
    kubernetes.io/limit-ranger: 'LimitRanger plugin set: cpu request for container
      webserver; cpu limit for container webserver'
  creationTimestamp: "2022-04-19T23:35:55Z"
  labels:
    run: webserver
  name: webserver
  namespace: limited
  resourceVersion: "105825"
  uid: f9132086-5b4d-4c05-a7e3-991cf8227360
spec:
  containers:
  - image: nginx
    imagePullPolicy: Always
    name: webserver
    resources:
      limits:
        cpu: 512m
      requests:
        cpu: 512m

...

$

Learn more about LimitRanges and how they enforce resource constraints in your namespaces.