If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

• Limits can be used to set the minimum and maxiumum amount of CPU and memory for:
  • a single deployment / deployment config / replica set / replication controller / stateful set / pod
  • all containers / pods in a project
• Quotas can be used to:
  • set the maximum amount of CPU and memory that can be used in a project
  • set the the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a project
• Cluster Resource Quotas is the same as Quotas except the maximum are associated with:
  • A user
  • One or more projects

You can set both requests and limits.

• requests = the amount of memory / CPU that is reserved or allocated for the container. If a container exceeds its memory limit, the container will should be terminated.
• limit = the maximum amount of memory / CPU the container can request. If a container exceeds its memory request, its pod should be evicted if the node the pod is running on runs out of memory.

The oc create quota command can be used to create a quota. In this example, the quota would be limited to a specific project / namespace.

oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>

The oc create clusterresourcequota command can be used to create a quota for the entire cluster.

oc create clusterresourcequota onehundredpods --hard=pods=100

The oc get quota command can be used to list the quotas that have been created in the currently selected project / namespace.

TIP

The -A or --all-namespaces flag can be used to list the quotas in every project / namespace.

The -n or --namespace flag can be used to list the quotas in a certain project / namespace.

~]$ oc get quota
NAME            AGE   REQUEST                                           LIMIT
default-quota   21s   cpu: 0/1, memory: 0/1G, pods: 5/2, secrets: 9/1

The oc describe quota command can be used to display a bit of an easier to read output.

AVOID TROUBLE

Notice 9 used secrets with a hard limit of 1 secret, or 5 used pods with a hard limit of 2 pods. This happens when the quota is created after the objects have already been created.

~]$ oc describe quota default-quota
Name:       default-quota
Namespace:  foo
Resource    Used  Hard
--------    ----  ----
cpu         0     1
memory      0     1G
pods        5     2
secrets     9     1

Or, the oc get quota command with the --output json or --output yaml option can be used.

~]$ oc get quota default-quota --output yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  creationTimestamp: "2022-07-19T01:44:14Z"
  name: default-quota
  namespace: foo
  resourceVersion: "437349115"
  uid: 1243bc12-0ce2-47d2-8bcf-35cd09aa8995
spec:
  hard:
    cpu: "1"
    memory: 1G
    pods: "2"
    secrets: "1"
status:
  hard:
    cpu: "1"
    memory: 1G
    pods: "2"
    secrets: "1"
  used:
    cpu: "0"
    memory: "0"
    pods: "5"
    secrets: "9"

The --output jsonpath option can be used to print the value of a specific JSON key.

~]$ oc get quota default-quota --output jsonpath={.spec.hard.memory}
1G

If you do something that exceeds the quota, something like this should be returned.

~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: default-quota, requested: pods=1, used: pods=10, limited: pods=5