
If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
- Limits can be used to set the minimum and maxiumum amount of CPU and memory for:
- a single deployment / deployment config / replica set / replication controller / stateful set / pod
- all containers / pods in a project
- Quotas can be used to:
- set the maximum amount of CPU and memory that can be used in a project
- set the the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a project
- Cluster Resource Quotas is the same as Quotas except the maximum are associated with:
- A user
- One or more projects
You can set both requests and limits.
- requests = the amount of memory / CPU that is reserved or allocated for the container. If a container exceeds its memory limit, the container will should be terminated.
- limit = the maximum amount of memory / CPU the container can request. If a container exceeds its memory request, its pod should be evicted if the node the pod is running on runs out of memory.
The oc create quota command can be used to create a quota. In this example, the quota would be limited to a specific project / namespace.
oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>
The oc create clusterresourcequota command can be used to create a quota for the entire cluster.
oc create clusterresourcequota onehundredpods --hard=pods=100
The oc get quota command can be used to list the quotas that have been created in the currently selected project / namespace.
TIP
The -A or --all-namespaces flag can be used to list the quotas in every project / namespace.
The -n or --namespace flag can be used to list the quotas in a certain project / namespace.
~]$ oc get quota
NAME AGE REQUEST LIMIT
default-quota 21s cpu: 0/1, memory: 0/1G, pods: 5/2, secrets: 9/1
The oc describe quota command can be used to display a bit of an easier to read output.
AVOID TROUBLE
Notice 9 used secrets with a hard limit of 1 secret, or 5 used pods with a hard limit of 2 pods. This happens when the quota is created after the objects have already been created.
~]$ oc describe quota default-quota
Name: default-quota
Namespace: foo
Resource Used Hard
-------- ---- ----
cpu 0 1
memory 0 1G
pods 5 2
secrets 9 1
Or, the oc get quota command with the --output json or --output yaml option can be used.
~]$ oc get quota default-quota --output yaml
apiVersion: v1
kind: ResourceQuota
metadata:
creationTimestamp: "2022-07-19T01:44:14Z"
name: default-quota
namespace: foo
resourceVersion: "437349115"
uid: 1243bc12-0ce2-47d2-8bcf-35cd09aa8995
spec:
hard:
cpu: "1"
memory: 1G
pods: "2"
secrets: "1"
status:
hard:
cpu: "1"
memory: 1G
pods: "2"
secrets: "1"
used:
cpu: "0"
memory: "0"
pods: "5"
secrets: "9"
The --output jsonpath option can be used to print the value of a specific JSON key.
~]$ oc get quota default-quota --output jsonpath={.spec.hard.memory}
1G
If you do something that exceeds the quota, something like this should be returned.
~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: default-quota, requested: pods=1, used: pods=10, limited: pods=5
Did you find this article helpful?
If so, consider buying me a coffee over at