In this post of the Kubernetes 101 Series, we will be discussing Kubernetes Resource Quotas. In the previous post, we looked at what Kubernetes Namespaces are and how do you create one in a cluster.
Now that we have a clear understanding of Namespaces, let us understand more about Kubernetes Resource Quotas. Resource Quotas are a way for Kubernetes administrators to limit resources within a particular namespace.
As we all know, resources are limited, and especially when a single Kubernetes cluster is shared by multiple teams using namespaces, it can get very difficult to manage which team gets how much resources.
In this post, we will be looking at enabling quota for compute resources on the production namespace that we created in the previous post. And whenever a quota is created for compute resources within a namespace, make sure that you specify requests or limits when creating pods, otherwise, the cluster may reject pod creation.
Like objects in Kubernetes, we will create the Resource Quota also using the below yaml file.
apiVersion: v1
kind: ResourceQuota
metadata:
name: production-comptue-quota
namespace: production
spec:
hard:
requests.cpu: "1"
requests.memory: "1Gi"
limits.cpu: "2"
limits.memory: "2Gi"
Below is the explanation for the various fields that we have used to create the resource quota:
- requests.cpu: Across all pods in a non-terminal state, the sum of CPU requests cannot exceed 1 CPU.
- requests.memory: Across all pods in a non-terminal state, the sum of memory requests cannot exceed 1 Gibibytes.
- limits.cpu: Across all pods in a non-terminal state, the sum of CPU limits cannot exceed 2 CPUs.
- limits.memory: Across all pods in a non-terminal state, the sum of memory limits cannot 2 Gibibytes.
Let us create the Resource Quota using the below command.
kubectl create -f production-comptue-quota.yaml
Once it is created, you can check the Resource Quota using the command.
kubectl get resourcequotas -n production
We can see that there are 0 requests and limits for both CPU and memory since we have not yet deployed any pods.
Let us create a pod using the below yaml file requesting for 0.5 CPU and 0.5 Gi memory and limit the CPU to 1 and memory to 1 Gi.
apiVersion: v1
kind: Pod
metadata:
name: pod-quota-1
namespace: production
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: "0.5"
memory: "0.5Gi"
limits:
cpu: "1"
memory: "1Gi"
kubectl create -f pod-quota-1.yaml
Once the pod is created, let's check the resource quota again.
kubectl get resourcequotas -n production
And this time, we can see that our newly created pod is consuming the requests and limits as defined in the yaml file.
Let us create yet another yaml file with the below config and try to deploy the pod.
apiVersion: v1
kind: Pod
metadata:
name: pod-quota-1
namespace: production
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
cpu: "0.75"
memory: "0.75Gi"
limits:
cpu: "1"
memory: "1Gi"
The only difference in this YAML file is that we have requested for more CPU and memory compared to our previous pod.
To create the pod, type below.
kubectl create -f pod-quota-2.yaml
And it immediately fails with the below error message:
adilarif@masternode01:~$ kubectl create -f pod-quota-2.yaml
Error from server (Forbidden): error when creating "pod-quota-2.yaml": pods "pod-quota-1" is forbidden: exceeded quota: production-comptue-quota, requested: requests.cpu=750m,requests.memory=768Mi, used: requests.cpu=500m,requests.memory=512Mi, limited: requests.cpu=1,requests.memory=1Gi
It clearly states that we have requested for CPU and memory which exceeds the values provided in the original resource quota for the production namespace.
Well, that's it for now. In this post, we saw how Kubernetes Resource Quotas can be used within a namespace to restrict the resources used by the pods.
I hope this has been informative and thank you for reading!
