Resource Quota & Limit Range
<h4 id="resource-quota--limit-range-overview">Resource Quota & Limit Range Overview</h4>
<p>In Kubernetes, Resource Quota provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of resources that may be consumed by resources in that namespace.</p>
<p>If a resource quota is configured, then it is required that every incoming pod/container makes an explicit request for the required resources. If a resource request is not configured, the pod creation request is rejected. A Limit Range can be used to force defaults for pods that don’t specify resource requirements.</p>
<p>Support of Resource Quota and Limit Range within CompanyName allows users to allocate the resources of a cluster to specific teams or applications.</p>
<p>Resource Quota and Limit Range enables cluster resources, including CPU, memory, PVCs, and a variety of other quantities, to be divided between multiple teams or applications.</p>
<p>CompanyName checks the quantities used at the specified level. If the quantity is found to be above the specified threshold for more than three minutes, an alarm is raised in CompanyName.</p>
<p>Admin or platform user can specify the Default Resource Quota for an environment. This will be applied to any application/namespace that does not specify one.</p>
<ul>
<li>
<p>Admin or platform user will be able to define a Default Limit Range for an environment. It will be applied to any application that does not specifying one.</p>
</li>
<li>
<p>Admin or platform user will be able to define an Environment Resource Quota.</p>
</li>
<li>
<p>An Alarm will be generated when the Resource Usage aggregated across all Applications exceeds the Environment Resource Quota</p>
</li>
<li>
<p>Admin or platform users can create/import/export/update/delete Resource Quotas and Limit Ranges in Environment configured with an “environment”
level isolation.</p>
</li>
<li>
<p>Admin or platform users can create/import/update/view usage/delete Resource Quotas and Limit Ranges for applications deployed in Environments configured with an “application” level isolation.</p>
</li>
<li>
<p>All users can view the Resource usage for all the running applications in a given environment</p>
</li>
<li>
<p>All users will can view pod scheduling failure events related to Resource Quota and Limit Ranges</p>
</li>
</ul>
<p><img src="/images/rqlr-1.png" alt="image"></p>
<p>Resource Quotas set at the Environment level are not hard limits and will not prevent applications from running. Instead, when running an application exceeds the Resource Quota limits, an alarm is raised.</p>
<h4 id="how-to-set-a-limit-range">How to Set a Limit Range</h4>
<p>Limit Range can be added to most Kubernetes resources but most often it is added to Container, Pod, PersistentVolumeClaim. Default values are required in the limit range for environments that use resource quotas so that any container that does not specify resource requests/limits can use the defaults.</p>
<p>To apply a new Limit Range, create an Environment in CompanyName by selecting <em>Environments</em> and then the <em>+Add Environment</em> button. Complete the <em>Add Environment</em> wizard.</p>
<table>
<thead>
<tr>
<th></th>
<th>Isolation Level Definitions</th>
</tr>
</thead>
<tbody>
<tr>
<td>Shared NameSpace</td>
<td>All applications deployed in the environment are in the same <em>namespace</em>; each application can only be deployed one time</td>
</tr>
<tr>
<td>Namespace per Application</td>
<td>Each application can be deployed multiple times; deployment occurs within the application’s own Environment</td>
</tr>
</tbody>
</table>
<p><img src="/images/rqlr-2.png" alt="image"></p>
<p>After creating the Environment, open the Environment settings and select <em>Add Limit Range</em>.</p>
<p><img src="/images/rqlr-3.png" alt="image"></p>
<p>Specify the appropriate <em>Default Limits</em> to be applied at the container level. Each <em>Default Level</em> is the quantity that the container is guaranteed to have at start-up.</p>
<p><em>Default Request</em> values are the quantities applied to containers that do not specify a request quantity. A <em>Default Request</em> is the minimum value for the specified resource and is applied to containers deployed in the environment.</p>
<p>Click the <em>Add</em> button after completing each <em>Limit Range</em> quantity.</p>
<p><img src="/images/rqlr-4.png" alt="image"></p>
<h4 id="how-to-set-a-resource-quota-at-the-environment-level">How to Set a Resource Quota at the Environment Level</h4>
<p>After setting a <em>Limit Range</em> at the container level, <em>Resource Quotas</em> can be defined at the Application Level and the Environment Level.</p>
<p>To add a Resource Quota, select <em>Add Resource Quota</em> from within the <em>Environment Settings</em>. Kubernetes compares current application usage levels to the defined <em>Resource Quotas</em>.</p>
<p><img src="/images/rqlr-5.png" alt="image"></p>
<p><img src="/images/rqlr-6.png" alt="image"></p>
<p><img src="/images/rqlr-7.png" alt="image"></p>
<h4 id="how-to-set-a-resource-quota-at-the-application-level">How to Set a Resource Quota at the Application Level</h4>
<p>To set a Resource Quota at the Application level, select the Application from the Catalog and then click on the <em>Deployment</em>.</p>
<p><img src="/images/rqlr-8.png" alt="image"></p>
<p>Select the Containers to which the Resource Quota will apply.</p>
<p><img src="/images/rqlr-9.png" alt="image"></p>
<p>Click <em>Add Resource Requirements</em>.</p>
<p><img src="/images/rqlr-10.png" alt="image"></p>
<h4 id="understanding-resource-quota-errors">Understanding Resource Quota Errors</h4>
<p>If the pod deployment fails when the resource quota is exceeded, the error details are displayed in <em>Status</em>.</p>
<p>For example, in a deployment, ReplicaFailure will display. View the details by clicking on the condition.</p>
<p><img src="/images/rqlr-11.png" alt="image"></p>
<h4 id="understanding-resource-quota-alarms">Understanding Resource Quota Alarms</h4>
<p>CompanyName generates the following alarms when resource quotas exceed the configured thresholds:</p>
<ol>
<li>
<p>Resource Quota CPU Usage: This alarm is triggered when the allocated CPU request is greater than the threshold.</p>
</li>
<li>
<p>Resource Quota Limits CPU Usage: This alarm is triggered when the allocated CPU limit is greater than the threshold.</p>
</li>
<li>
<p>Resource Quota Limits Memory Usage: This alarm is triggered when the allocated memory limit is greater than the threshold.</p>
</li>
<li>
<p>Resource Quota Memory Usage: This alarm is triggered when the allocated memory request is greater than the threshold.</p>
</li>
</ol>
<h4 id="compute-resource-quotas">Compute Resource Quotas</h4>
<table>
<thead>
<tr>
<th>Compute Resource Quotas</th>
<th></th>
</tr>
</thead>
<tbody>
<tr>
<td>cpu</td>
<td>Across all pods in a non-terminal state, the sum of CPU requests cannot exceed this value.</td>
</tr>
<tr>
<td>limits.cpu</td>
<td>Across all pods in a non-terminal state, the sum of CPU limits cannot exceed this value.</td>
</tr>
<tr>
<td>limits.memory</td>
<td>Across all pods in a non-terminal state, the sum of memory limits cannot exceed this value.</td>
</tr>
<tr>
<td>memory</td>
<td>Across all pods in a non-terminal state, the sum of memory requests cannot exceed this value.</td>
</tr>
<tr>
<td>requests.cpu</td>
<td>Across all pods in a non-terminal state, the sum of CPU requests cannot exceed this value.</td>
</tr>
<tr>
<td>requests.memory</td>
<td>Across all pods in a non-terminal state, the sum of memory requests cannot exceed this value.</td>
</tr>
</tbody>
</table>
<h4 id="storage-resource-quotas">Storage Resource Quotas</h4>
<table>
<thead>
<tr>
<th>Storage Resource Quotas</th>
<th></th>
</tr>
</thead>
<tbody>
<tr>
<td>requests.storage</td>
<td>Across all persistent volume claims, the sum of storage requests cannot exceed this value.</td>
</tr>
<tr>
<td>persistentvolumeclaims</td>
<td>The total number of persistent volume claims that can exist in the namespace.</td>
</tr>
<tr>
<td><storage-class-name>.storageclass.storage.k8s.io/requests.storage</td>
<td>Across all persistent volume claims associated with the storage-class-name, the sum of storage requests cannot exceed this value.</td>
</tr>
<tr>
<td><storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims</td>
<td>Across all pods in a non-terminal state, the sum of memory requests cannot exceed this value.</td>
</tr>
</tbody>
</table>
<h4 id="object-count-quota">Object Count Quota</h4>
<p>Resource Quota can be added for any namespaced resource using the syntax:</p>
<pre><code>count/<resource>.<group>
</code></pre><p>Following resources are supported:</p>
<table>
<thead>
<tr>
<th>Supported Resources</th>
<th></th>
</tr>
</thead>
<tbody>
<tr>
<td>configmaps</td>
<td>The total number of config maps that can exist in the namespace.</td>
</tr>
<tr>
<td>pods</td>
<td>The total number of pods in a non-terminal state that can exist in the namespace. A pod is in a terminal state if is in Failed, Succeeded phase.</td>
</tr>
<tr>
<td>persistentvolumeclaims</td>
<td>The total number of persistent volume claims that can exist in the namespace.</td>
</tr>
<tr>
<td>replicationcontrollers</td>
<td>The total number of replication controllers that can exist in the namespace.</td>
</tr>
<tr>
<td>resourcequotas</td>
<td>The total number of resource quotas that can exist in a namespace.</td>
</tr>
<tr>
<td>services</td>
<td>The total number of services that can exist in the namespace.</td>
</tr>
<tr>
<td>services.loadbalancers</td>
<td>The total number of services of type load balancer that can exist in the namespace.</td>
</tr>
<tr>
<td>services.nodeports</td>
<td>The total number of services of type node port that can exist in the namespace.</td>
</tr>
<tr>
<td>secrets</td>
<td>The total number of secrets that can exist in the namespace.</td>
</tr>
</tbody>
</table>
Updated on 27 Aug 2020