If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
- Limits can be used to set the minimum and maxiumum amount of CPU and memory for:
- a single deployment / deployment config / replica set / replication controller / stateful set / pod
- all containers / pods in a project
- Quotas can be used to:
- set the maximum amount of CPU and memory that can be used in a project
- set the the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a project
- Cluster Resource Quotas is the same as Quotas except the maximum are associated with:
- A user
- One or more projects
You can set both requests and limits.
- requests = the amount of memory / CPU that is reserved or allocated for the container. If a container exceeds its memory limit, the container will should be terminated.
- limit = the maximum amount of memory / CPU the container can request. If a container exceeds its memory request, its pod should be evicted if the node the pod is running on runs out of memory.
This will set the combined CPU and memory limits of all of the containers or pods in a project. If you want to limit the CPU and memory for a single single deployment / container / pod in a namespace, refer to Deploy an application with CPU Memory limits using a YAML template file.
Before setting limits, you may want to view the pods Metrics in the OpenShift console to get a general idea the amount of memory and CPU being used by the pod.
A JSON or YAML file that contains key value pairs used to create an object, such as a config map, deployment, a project, a pod, a route, a secret, a service, et cetera. These files are known as templates. The oc explain command can be used to get the list of keys that can be used in the JSON or YAML template file.
oc explain limitrange
And then more details on each key can be displayed.
oc explain limitrange.spec
For example, let's say you have a YAML file named limits.yml that contains the following markup.
apiVersion: v1 kind: LimitRange metadata: name: my-limits spec: limits: - type: Pod max: cpu: 20m memory: 1Gi min: cpu: 200m memory: 6Mi - type: Container max: cpu: 2 memory: 1Gi min: cpu: 100m memory: 4Mi default: cpu: 300m memory: 200Mi defaultRequest: cpu: 200m memory: 100Mi maxLimitRequestRatio: cpu: 10m
The oc apply or oc create command with the -f or --filename option can be used to create the limits using the template JSON or YAML file.
The oc replace command can be used to replace limits using a new or updated template JSON or YAML file.
~]$ oc create --filename limits.yml limitrange/my-limits created
The oc get limits command can be used to list the limits that have been created in the current project / namespace.
~]$ oc get limits NAME CREATED AT my-limits 2022-07-26T12:25:53Z
The oc describe limits command can be used to display more details about a limit.
- requests - the minimum of CPU/memory that is reserved or allocated for the container
- limits - the maximum amount of CPU/memory that can be used by the container
~]$ oc describe limits my-limits Name: my-limits Namespace: foo Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio ---- -------- --- --- --------------- ------------- ----------------------- Pod cpu 200m 2 - - - Pod memory 6Mi 1Gi - - - Container cpu 100m 2 200m 300m 10 Container memory 4Mi 1Gi 100Mi 200Mi -
And in the OpenShift console, you should see a dotted line representing the limit. I tend to noticed that memory is never exceeded but CPU can be forgiving, where a pod may exceeded the max CPU limit.