Kubernetes Namespace Resource Quotas: Set Defaults, Limits, and Enforce Policies
This guide explains how Kubernetes namespace-level resource management lets administrators set default CPU/memory requests, define minimum and maximum constraints, and enforce resource quotas, with step‑by‑step commands and YAML examples to create namespaces, ResourceQuota objects, and pods while handling quota limits.
Kubernetes allows specifying CPU and RAM requests and limits for individual pods, which is useful for pod‑level resource management. This article demonstrates three strategies for efficient cluster‑wide resource management using namespace‑level features.
Three strategies
Set default resource requests and limits for containers.
Define minimum and maximum resource constraints.
Apply a ResourceQuota to control total resource consumption of all containers in a namespace.
These strategies help address various use cases by leveraging the full capabilities of Kubernetes namespaces and resource management.
Creating a namespace for the demo
<code>kubectl create namespace resource-quota-demo
namespace "resource-quota-demo" created</code>Defining a ResourceQuota object
<code>apiVersion: v1
kind: ResourceQuota
metadata:
name: resource-quota
spec:
hard:
requests.cpu: "1.4"
requests.memory: 2Gi
limits.cpu: "2"
limits.memory: 3Gi</code>This ResourceQuota enforces that each container defines its memory and CPU requests and limits, the total memory requests do not exceed 2 Gi, total CPU requests do not exceed 1.4 CPU, and the total limits are capped at 2 CPU and 3 Gi memory.
Applying the ResourceQuota
<code>kubectl create -f resource-quota.yaml --namespace resource-quota-demo
resourcequota "resource-quota" created</code>Creating the first pod
<code>apiVersion: v1
kind: Pod
metadata:
name: resource-quota-pod-1
spec:
containers:
- name: resource-quota-ctr-1
image: httpd:2.4
resources:
limits:
memory: "2Gi"
cpu: 1.2
requests:
memory: "1.3Gi"
cpu: 0.8</code><code>kubectl create -f resource-quota-pod-1.yaml --namespace resource-quota-demo
pod "resource-quota-pod-1" created</code>The pod is created successfully because its requests and limits are within the namespace quota.
Inspecting quota usage after the first pod
<code>kubectl get resourcequota --namespace resource-quota-demo --output=yaml</code>The output shows that the first pod has consumed part of the quota (limits.cpu: 1200m, limits.memory: 2 Gi, requests.cpu: 800m, requests.memory: 1.3 Gi).
Creating a second pod that exceeds the quota
<code>apiVersion: v1
kind: Pod
metadata:
name: resource-quota-pod-2
spec:
containers:
- name: resource-quota-ctr-2
image: httpd:2.4
resources:
limits:
memory: "1.3Gi"
cpu: 0.9
requests:
memory: "1Gi"
cpu: 0.8</code><code>kubectl create -f resource-quota-pod-2.yaml --namespace resource-quota-demo</code><code>Error from server (Forbidden): error when creating "resource-quota-pod-2.yaml": pods "resource-quota-pod-2" is forbidden: exceeded quota: resource-quota, requested: limits.cpu=900m,limits.memory=1395864371200m,requests.cpu=800m,requests.memory=1Gi, used: limits.cpu=1200m,limits.memory=2Gi,requests.cpu=800m,requests.memory=1395864371200m, limited: limits.cpu=2,limits.memory=3Gi,requests</code>The creation fails because the pod's CPU and memory requests exceed the defined ResourceQuota.
Cleanup
<code>kubectl delete namespace resource-quota-demo
namespace "resource-quota-demo" deleted</code>By setting default requests and limits, defining constraints, and applying ResourceQuotas, administrators can enforce resource policies at the namespace level without requiring manual specifications for each pod.
360 Zhihui Cloud Developer
360 Zhihui Cloud is an enterprise open service platform that aims to "aggregate data value and empower an intelligent future," leveraging 360's extensive product and technology resources to deliver platform services to customers.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.