If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
You can set both requests and limits.
The oc create quota command can be used to create a quota in a project / namespace. In this example, the quota would be limited to a specific project / namespace.
~]# oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>
resourcequota/default-quota created
The oc create clusterresourcequota command can be used to create a quota for a specifc user. In this example, quotas are set for John Doe.
oc create clusterresourcequota john-doe --project-annotation-selector openshift.io/requester=johndoe --hard=pods=10 --hard=secrets=5
The oc create clusterresourcequota command can also be used to create a quota for one or more projects / namespaces. In this example, the quota will be applied to all projects containing "foo".
oc create clusterresourcequota foo --project-label-selector=name=foo --hard=pods=10 --hard=secrets=5
The oc get clusterresourcequota command can be used to list the cluster resource quotas that have been created.
~]$ oc get clusterresourcequota
NAME AGE
foo 9s
john-doe 15s
The oc describe clusterresourcequota command can be used to display more information about a cluster resource quota.
AVOID TROUBLE
Notice 9 used secrets with a hard limit of 5 secrets. This happens when the cluster resource quota is created after the objects have already been created.
~]$ oc describe clusterresourcequota john-doe
Name: john-doe
Created: 17 seconds ago
Labels: <none>
Annotations: <none>
Namespace Selector: []
Label Selector:
AnnotationSelector: map[openshift.io/requester:johndoe]
Resource Used Hard
-------- ---- ----
pods 10 10
secrets 9 5
Or, the oc get clusterresourcequota command with the --output json or --output yaml option can be used.
~]$ oc get clusterresourcequota john-doe --output yaml
apiVersion: quota.openshift.io/v1
kind: ClusterResourceQuota
metadata:
creationTimestamp: "2022-07-20T01:50:10Z"
generation: 1
name: john-doe
resourceVersion: "438328335"
uid: 0bc0c407-7bb6-4f16-b0e3-95ace2682990
spec:
quota:
hard:
pods: "10"
secrets: "5"
selector:
annotations:
openshift.io/requester: johndoe
labels: null
If you do something that exceeds the quota, something like this should be returned.
~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: john-doe, requested: pods=1, used: pods=10, limited: pods=10