If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

• Limits can be used to set the minimum and maximum amount of CPU/memory/storage for:
  • a single deployment related asset (e.g. container / pod) in a namespace and is typically defined in deployment YAML or deployment config YAML
  • all deployment related assets (e.g. containers / pods) in a namespace
• Quotas can be used to:
  • set the maximum amount of CPU and memory that can be used in a namespace
  • set the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a namespace
• Cluster Resource Quotas is the same as Quotas except the minimum and maximum are associated with:
  • A user
  • One or more namespaces

You can set both requests and limits.

• requests
  • ​the amount of memory / CPU that is reserved or allocated for the container.
• limit
  • ​the maximum amount of memory / CPU a container can use
  • if a container reaches the CPU limit, the container will be throttled (won’t let it consume any more CPU)
  • if a container reaches the memory limit, Out Of Memory (OOM) should occur and the pod should be killed
  • if a container reaches the storage limit, the pod should be evicted

The oc create clusterresourcequota command can be used to create a quota for a specifc user. In this example, quotas are set for John Doe.

oc create clusterresourcequota john-doe-cluster-resource-quota --project-annotation-selector openshift.io/requester=johndoe --hard pods=10 --hard secrets=5

The oc create clusterresourcequota command can also be used to create a quota for one or more projects / namespaces. In this example, the quota will be applied to all projects containing "foo".

oc create clusterresourcequota my-cluster-resource-quota --project-label-selector kubernetes.io/metadata.name=foo --hard pods=10 --hard secrets=5

Or, a JSON or YAML file can be used to create a quota.  Notice "kind: ClusterResourceQuota", which means this YAML file will be used to create a cluster resource quota.

apiVersion: quota.openshift.io/v1
kind: ClusterResourceQuota
metadata:
  name: my-cluster-resource-quota
spec:
  quota:
    hard:
      pods: "10"
  selector:
    labels:
      matchLabels:
        kubernetes.io/metadata.name: foo

The oc apply or oc create command with the -f or --filename option can be used to create the cluster resource quota using the template JSON or YAML file.

The oc replace command can be used to replace a cluster resource quota using a new or updated template JSON or YAML file.

The oc edit command can be used to update a cluster resource quota template YAML file

~]$ oc create --filename clusterresourcequota.yml 
clusterresourcequota/my-cluster-resource-quota created

The oc get clusterresourcequota command can be used to list the cluster resource quotas that have been created.

~]$ oc get clusterresourcequota
NAME                              AGE
my-cluster-resource-quota         9s
john-doe-cluster-resource-quota   15s

The oc describe clusterresourcequota command can be used to display more information about a cluster resource quota.

AVOID TROUBLE

Notice 9 used secrets with a hard limit of 5 secrets. This happens when the cluster resource quota is created after the objects have already been created.

~]$ oc describe clusterresourcequota john-doe-cluster-resource-quota
Name:           john-doe-cluster-resource-quota
Created:        17 seconds ago
Labels:         <none>
Annotations:    <none>
Namespace Selector: []
Label Selector: 
AnnotationSelector: map[openshift.io/requester:johndoe]
Resource        Used    Hard
--------        ----    ----
pods            10      10
secrets         9       5

Something like this should be returned for cluster resource quota that matches one or more projects (the foo project in this example).

~]$ oc describe clusterresourcequota my-cluster-resource-quota
Name:           my-cluster-resource-quota
Created:        2 minutes ago
Labels:         <none>
Annotations:    <none>
Namespace Selector: ["foo"]
Label Selector: kubernetes.io/metadata.name=foo
AnnotationSelector: map[]
Resource        Used    Hard
--------        ----    ----
pods            8       10

If you do something that exceeds the quota, something like this should be returned.

~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: john-doe, requested: pods=1, used: pods=10, limited: pods=10