
If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.
- Limits can be used to set the minimum and maximum amount of CPU/memory/storage for:
- a single deployment related asset (e.g. container / pod) in a namespace and is typically defined in deployment YAML or deployment config YAML
- all deployment related assets (e.g. containers / pods) in a namespace
- Quotas can be used to:
- set the maximum amount of CPU and memory that can be used in a namespace
- set the maximum number of running resources (e.g. persistent volume claims, pods, replication controllers, routes, secrets, services, et cetera) in a namespace
- Cluster Resource Quotas is the same as Quotas except the minimum and maximum are associated with:
- A user
- One or more namespaces
You can set both requests and limits.
- requests
- the amount of memory / CPU that is reserved or allocated for the container.
- limit
- the maximum amount of memory / CPU a container can use
- if a container reaches the CPU limit, the container will be throttled (won’t let it consume any more CPU)
- if a container reaches the memory limit, Out Of Memory (OOM) should occur and the pod should be killed
- if a container reaches the storage limit, the pod should be evicted
The oc create quota command can be used to create a quota. In this example, the quota would be limited to a specific project / namespace.
oc create quota default-quota --hard=pods=10,cpu=1,memory=1G,pods=2,secrets=1 --namespace <some namespace>
The oc create clusterresourcequota command can be used to create a quota for the entire cluster.
oc create clusterresourcequota onehundredpods --hard=pods=100
The oc get quota command can be used to list the quotas that have been created in the currently selected project / namespace.
TIP
The -A or --all-namespaces flag can be used to list the quotas in every project / namespace.
The -n or --namespace flag can be used to list the quotas in a certain project / namespace.
~]$ oc get quota
NAME AGE REQUEST LIMIT
default-quota 21s cpu: 0/1, memory: 0/1G, pods: 5/2, secrets: 9/1
The oc describe quota command can be used to display a bit of an easier to read output.
AVOID TROUBLE
Notice 9 used secrets with a hard limit of 1 secret, or 5 used pods with a hard limit of 2 pods. This happens when the quota is created after the objects have already been created.
~]$ oc describe quota default-quota
Name: default-quota
Namespace: foo
Resource Used Hard
-------- ---- ----
cpu 0 1
memory 0 1G
pods 5 2
secrets 9 1
Or, the oc get quota command with the --output json or --output yaml option can be used.
~]$ oc get quota default-quota --output yaml
apiVersion: v1
kind: ResourceQuota
metadata:
creationTimestamp: "2022-07-19T01:44:14Z"
name: default-quota
namespace: foo
resourceVersion: "437349115"
uid: 1243bc12-0ce2-47d2-8bcf-35cd09aa8995
spec:
hard:
cpu: "1"
memory: 1G
pods: "2"
secrets: "1"
status:
hard:
cpu: "1"
memory: 1G
pods: "2"
secrets: "1"
used:
cpu: "0"
memory: "0"
pods: "5"
secrets: "9"
The --output jsonpath option can be used to print the value of a specific JSON key.
~]$ oc get quota default-quota --output jsonpath={.spec.hard.memory}
1G
If you do something that exceeds the quota, something like this should be returned.
~]$ oc create --filename pod.yml
Error from server (Forbidden): pods "pod001" is forbidden: exceeded quota: default-quota, requested: pods=1, used: pods=10, limited: pods=5
Did you find this article helpful?
If so, consider buying me a coffee over at