If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

• Limits can be used to set the minimum and maximum amount of CPU/memory/storage for:
  • a single deployment related asset (e.g. container / pod) in a namespace and is typically defined in deployment YAML or deployment config YAML
  • all deployment related assets (e.g. containers / pods) in a namespace
• Quotas can be used to:
  • set the maximum amount of CPU and memory that can be used in a namespace
  • set the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a namespace
• Cluster Resource Quotas is the same as Quotas except the minimum and maximum are associated with:
  • A user
  • One or more namespaces

You can set both requests and limits.

• requests
  • ​the amount of memory / CPU that is reserved or allocated for the container.
• limit
  • ​the maximum amount of memory / CPU a container can use
  • if a container reaches the CPU limit, the container will be throttled (won’t let it consume any more CPU)
  • if a container reaches the memory limit, Out Of Memory (OOM) should occur and the pod should be killed
  • if a container reaches the storage limit, the pod should be evicted

The oc create quota command can be used to create a quota. In this example, the quota would be limited to a specific project / namespace.

oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>

The oc create clusterresourcequota command can be used to create a quota for the entire cluster.

oc create clusterresourcequota onehundredpods --hard=pods=100

The oc get quota command can be used to list the quotas that have been created in the currently selected project / namespace.

TIP

The -A or --all-namespaces flag can be used to list the quotas in every project / namespace.

The -n or --namespace flag can be used to list the quotas in a certain project / namespace.

~]$ oc get quota
NAME            AGE   REQUEST                                           LIMIT
default-quota   21s   cpu: 0/1, memory: 0/1G, pods: 5/2, secrets: 9/1

The oc describe quota command can be used to display a bit of an easier to read output.

AVOID TROUBLE

Notice 9 used secrets with a hard limit of 1 secret, or 5 used pods with a hard limit of 2 pods. This happens when the quota is created after the objects have already been created.

~]$ oc describe quota default-quota
Name:       default-quota
Namespace:  foo
Resource    Used  Hard
--------    ----  ----
cpu         0     1
memory      0     1G
pods        5     2
secrets     9     1

Or, the oc get quota command with the --output json or --output yaml option can be used.

~]$ oc get quota default-quota --output yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  creationTimestamp: "2022-07-19T01:44:14Z"
  name: default-quota
  namespace: foo
  resourceVersion: "437349115"
  uid: 1243bc12-0ce2-47d2-8bcf-35cd09aa8995
spec:
  hard:
    cpu: "1"
    memory: 1G
    pods: "2"
    secrets: "1"
status:
  hard:
    cpu: "1"
    memory: 1G
    pods: "2"
    secrets: "1"
  used:
    cpu: "0"
    memory: "0"
    pods: "5"
    secrets: "9"

The --output jsonpath option can be used to print the value of a specific JSON key.

~]$ oc get quota default-quota --output jsonpath={.spec.hard.memory}
1G

If you do something that exceeds the quota, something like this should be returned.

~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: default-quota, requested: pods=1, used: pods=10, limited: pods=5