OpenShift - List Cluster Resource Quota using the oc get clusterresourcequota command

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

  • Limits can be used to set the minimum and maxiumum amount of CPU and memory for all of the containers or pods in a project / namespace, or for a specific container in a project / namespace
  • Quotas can be used to:
    • set the maximum amount of CPU and memory that can be used in a project / namespace
    • set the the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a project / namespace
  • Cluster Resource Quotas is the same as Quotas except the maximum are associated with:
    • A user
    • One or more projects / namespaces

The oc create quota command can be used to create a quota in a project / namespace. In this example, the quota would be limited to a specific project / namespace.

~]# oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>
resourcequota/default-quota created


The oc create clusterresourcequota command can be used to create a quota for a specifc user. In this example, quotas are set for John Doe.

oc create clusterresourcequota john-doe --project-annotation-selector --hard=pods=10 --hard=secrets=5


The oc create clusterresourcequota command can also be used to create a quota for one or more project / namespace. In this example, the quota will be applied to all projects containing "foo".

oc create clusterresourcequota foo --project-label-selector=name=foo --hard=pods=10 --hard=secrets=5


The oc get clusterresourcequota command can be used to list the cluster resource quotas that have been created.

~]$ oc get clusterresourcequota
NAME       AGE
foo        9s
john-doe   15s


The oc describe clusterresourcequota command can be used to display more information about a cluster resource quota.


Notice 9 used secrets with a hard limit of 5 secrets. This happens when the cluster resource quota is created after the objects have already been created.

~]$ oc describe clusterresourcequota john-doe
Name:           john-doe
Created:        17 seconds ago
Labels:         <none>
Annotations:    <none>
Namespace Selector: []
Label Selector: 
AnnotationSelector: map[]
Resource        Used    Hard
--------        ----    ----
pods            10      10
secrets         9       5


Or, the oc get clusterresourcequota command with the --output json or --output yaml option can be used.

~]$ oc get clusterresourcequota john-doe --output yaml
kind: ClusterResourceQuota
  creationTimestamp: "2022-07-20T01:50:10Z"
  generation: 1
  name: john-doe
  resourceVersion: "438328335"
  uid: 0bc0c407-7bb6-4f16-b0e3-95ace2682990
      pods: "10"
      secrets: "5"
    annotations: johndoe
    labels: null


The --output jsonpath option can be used to print the value of a specific JSON key.

~]$ oc get clusterresourcequota john-doe --output jsonpath={.spec.quota.hard.pods}


If you do something that exceeds the quota, something like this should be returned.

~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: john-doe, requested: pods=1, used: pods=10, limited: pods=10


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 7a5a6 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |