In addition to limiting resources for containers in pods, users also have options to control the resources on the Kubernetes namespace level.
Namespace quotas are API objects that place limits on:
- The number of certain resources, like pods or services, inside a namespace
- The total utilization of certain machine resources, like cpu or memory, by containers within pods of the namespace
Quotas are enforced in two different ways:
- Soft – where a warning is presented to the client if a request that violates the quota is made
- Hard – where a request that violates the quota is rejected
Quotas can be placed by defining a specification for the quota inside a given namespace, which can be done using
kubectl create quota:
$ kubectl create quota --hard pods=3 pod-limit resourcequota/pod-limit created $ kubectl describe namespace default Name: default Labels: kubernetes.io/metadata.name=default Annotations: Status: Active Resource Quotas Name: pod-limit Resource Used Hard -------- --- --- pods 5 3 No LimitRange resource. $
Once create, quotas are visible in the describe output for a given namespace.
As this quota has hard enforcement, any requests that would violate a quota in a namespace is rejected, generating an error:
$ kubectl get pods No resources found in default namespace. $ kubectl create deploy webserver --replicas=3 --image nginx deployment.apps/webserver created $ kubectl run webserver-new --image httpd Error from server (Forbidden): pods "webserver-new" is forbidden: exceeded quota: pod-limit, requested: pods=1, used: pods=3, limited: pods=3 $
Quotas are a great way of limiting the resource pools within namespaces.
Learn more about resource quotas for namespaces.