305-998-7702 | 415-800-2922 info@rx-m.com

Namespace Quotas

Learn how to put the latest open source technology into practice with hands-on training, delivered by industry experts, aligned to your desired business outcomes

In addition to limiting resources for containers in pods, users also have options to control the resources on the Kubernetes namespace level.

Namespace quotas are API objects that place limits on:

  • The number of certain resources, like pods or services, inside a namespace
  • The total utilization of certain machine resources, like cpu or memory, by containers within pods of the namespace

Quotas are enforced in two different ways:

  • Soft – where a warning is presented to the client if a request that violates the quota is made
  • Hard – where a request that violates the quota is rejected

Quotas can be placed by defining a specification for the quota inside a given namespace, which can be done using kubectl create quota:

$ kubectl create quota --hard pods=3 pod-limit

resourcequota/pod-limit created

$ kubectl describe namespace default

Name:         default
Labels:       kubernetes.io/metadata.name=default
Annotations:  
Status:       Active

Resource Quotas
  Name:     pod-limit
  Resource  Used  Hard
  --------  ---   ---
  pods      5     3

No LimitRange resource.

$

Once create, quotas are visible in the describe output for a given namespace.

As this quota has hard enforcement, any requests that would violate a quota in a namespace is rejected, generating an error:

$ kubectl get pods

No resources found in default namespace.

$ kubectl create deploy webserver --replicas=3 --image nginx

deployment.apps/webserver created

$ kubectl run webserver-new --image httpd

Error from server (Forbidden): pods "webserver-new" is forbidden: exceeded quota: pod-limit, requested: pods=1, used: pods=3, limited: pods=3

$

Quotas are a great way of limiting the resource pools within namespaces.

Learn more about resource quotas for namespaces.