OpenShift - Create Cluster Resource Quota

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

  • Limits can be used to set the minimum and maxiumum amount of CPU and memory for:
    • a single deployment / deployment config / replica set / replication controller / stateful set / pod
    • all containers / pods in a project
  • Quotas can be used to:
    • set the maximum amount of CPU and memory that can be used in a project
    • set the the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a project
  • Cluster Resource Quotas is the same as Quotas except the maximum are associated with:
    • A user
    • One or more projects

You can set both requests and limits.

  • requests = the amount of memory / CPU that is reserved or allocated for the container. If a container exceeds its memory limit, the container will should be terminated.
  • limit = the maximum amount of memory / CPU the container can request. If a container exceeds its memory request, its pod should be evicted if the node the pod is running on runs out of memory.

The oc create quota command can be used to create a quota in a project / namespace. In this example, the quota would be limited to a specific project / namespace.

~]# oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>
resourcequota/default-quota created


The oc create clusterresourcequota command can be used to create a quota for a specifc user. In this example, quotas are set for John Doe.

oc create clusterresourcequota john-doe --project-annotation-selector --hard=pods=10 --hard=secrets=5


The oc create clusterresourcequota command can also be used to create a quota for one or more projects / namespaces. In this example, the quota will be applied to all projects containing "foo".

oc create clusterresourcequota foo --project-label-selector=name=foo --hard=pods=10 --hard=secrets=5


The oc get clusterresourcequota command can be used to list the cluster resource quotas that have been created.

~]$ oc get clusterresourcequota
NAME       AGE
foo        9s
john-doe   15s


The oc describe clusterresourcequota command can be used to display more information about a cluster resource quota.


Notice 9 used secrets with a hard limit of 5 secrets. This happens when the cluster resource quota is created after the objects have already been created.

~]$ oc describe clusterresourcequota john-doe
Name:           john-doe
Created:        17 seconds ago
Labels:         <none>
Annotations:    <none>
Namespace Selector: []
Label Selector: 
AnnotationSelector: map[]
Resource        Used    Hard
--------        ----    ----
pods            10      10
secrets         9       5


Or, the oc get clusterresourcequota command with the --output json or --output yaml option can be used.

~]$ oc get clusterresourcequota john-doe --output yaml
kind: ClusterResourceQuota
  creationTimestamp: "2022-07-20T01:50:10Z"
  generation: 1
  name: john-doe
  resourceVersion: "438328335"
  uid: 0bc0c407-7bb6-4f16-b0e3-95ace2682990
      pods: "10"
      secrets: "5"
    annotations: johndoe
    labels: null


If you do something that exceeds the quota, something like this should be returned.

~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: john-doe, requested: pods=1, used: pods=10, limited: pods=10


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 5c69d in the box below so that we can be sure you are a human.