If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
- Limits can be used to set the minimum and maximum amount of CPU/memory/storage for:
- a single deployment related asset (e.g. container / pod) in a namespace and is typically defined in deployment YAML or deployment config YAML
- all deployment related assets (e.g. containers / pods) in a namespace
- Quotas can be used to:
- set the maximum amount of CPU and memory that can be used in a namespace
- set the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a namespace
- Cluster Resource Quotas is the same as Quotas except the minimum and maximum are associated with:
- A user
- One or more namespaces
You can set both requests and limits.
- requests
- the amount of memory / CPU that is reserved or allocated for the container.
- limit
- the maximum amount of memory / CPU a container can use
- if a container reaches the CPU limit, the container will be throttled (won’t let it consume any more CPU)
- if a container reaches the memory limit, Out Of Memory (OOM) should occur and the pod should be killed
- if a container reaches the storage limit, the pod should be evicted
The oc create quota command can be used to create a quota in a project / namespace. In this example, the quota would be limited to a specific project / namespace.
~]# oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>
resourcequota/default-quota created
The oc create clusterresourcequota command can be used to create a quota for a specifc user. In this example, quotas are set for John Doe.
oc create clusterresourcequota john-doe --project-annotation-selector openshift.io/requester=johndoe --hard=pods=10 --hard=secrets=5
The oc create clusterresourcequota command can also be used to create a quota for one or more project / namespace. In this example, the quota will be applied to all projects containing "foo".
oc create clusterresourcequota foo --project-label-selector=name=foo --hard=pods=10 --hard=secrets=5
The oc get clusterresourcequota command can be used to list the cluster resource quotas that have been created.
~]$ oc get clusterresourcequota
NAME AGE
foo 9s
john-doe 15s
The oc describe clusterresourcequota command can be used to display more information about a cluster resource quota.
AVOID TROUBLE
Notice 9 used secrets with a hard limit of 5 secrets. This happens when the cluster resource quota is created after the objects have already been created.
~]$ oc describe clusterresourcequota john-doe
Name: john-doe
Created: 17 seconds ago
Labels: <none>
Annotations: <none>
Namespace Selector: []
Label Selector:
AnnotationSelector: map[openshift.io/requester:johndoe]
Resource Used Hard
-------- ---- ----
pods 10 10
secrets 9 5
Or, the oc get clusterresourcequota command with the --output json or --output yaml option can be used.
~]$ oc get clusterresourcequota john-doe --output yaml
apiVersion: quota.openshift.io/v1
kind: ClusterResourceQuota
metadata:
creationTimestamp: "2022-07-20T01:50:10Z"
generation: 1
name: john-doe
resourceVersion: "438328335"
uid: 0bc0c407-7bb6-4f16-b0e3-95ace2682990
spec:
quota:
hard:
pods: "10"
secrets: "5"
selector:
annotations:
openshift.io/requester: johndoe
labels: null
The --output jsonpath option can be used to print the value of a specific JSON key.
~]$ oc get clusterresourcequota john-doe --output jsonpath={.spec.quota.hard.pods}
10
If you do something that exceeds the quota, something like this should be returned.
~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: john-doe, requested: pods=1, used: pods=10, limited: pods=10
Did you find this article helpful?
If so, consider buying me a coffee over at