Set Namespace Resource Limit
Namespace Resource limit
When multiple users or teams share a CCE cluster, resource constraints need to be set for each user or team's tenant to prevent a user or team from occupying too many resources in the cluster. The cluster administrator can set resource quota for each tenant through Resource Quota.
Resource Quota Supports Limited Resources
- Computing resource constraints
| Resource name | Description |
|---|---|
| cpu | Under this namespace, the sum of CPU requests of all Pod resources not in ternial state cannot exceed this value |
| limits.cpu | Under this namespace, the sum of total CPU limits of all Pod resources that are not in the terminal state cannot exceed this value |
| limits.memory | Under this namespace, the sum of total memory limits of all Pod resources that are not in the terminal state cannot exceed this value |
| memory | Under this namespace, the sum of total memory requests of all Pod resources that are not in the terminal state cannot exceed this value |
| requests.cpu | Under this namespace, the sum of total CPU requests of all Pod resources that are not in the terminal state cannot exceed this value |
| requests.memory | Under this namespace, the sum of total memory requests of all Pod resources that are not in the terminal state cannot exceed this value |
- Storage resource limitations
| Resource name | Description |
|---|---|
| requests.storage | Under this namespace, the total storage requests of all persistent volume claims cannot exceed this value |
| persistentvolumeclaims | The total number of persistent volume claims that exist under this namespace cannot exceed this value |
| requests.ephemeral-storage | The sum of total storage requests of local temporary storage of all pods under this namespace cannot exceed this value |
| limits.ephemeral-storage | The sum of total storage limit of local temporary storage of all pods under this namespace cannot exceed this value |
- API resource limit
| Resource name | Description |
|---|---|
| configmaps | Number of ConfigMap that can be created under this namespace |
| secrets | Number of secrets that can be created under this namespace |
| persistentvolumeclaims | Number of persistent volume claims that can be created under this namespace |
| services | Number of services that can be created under this namespace |
| services.loadbalancers | Number of load balancer type services that can be created under this namespace |
| services.nodeports | Number of node port type services that can be created under this namespace |
| pods | Number of non-terminal Pod that can exist in this namespace |
| deployments.apps | Number of deployments that can be created under this namespace |
| statefulsets.apps | Number of statefullsets that can be created under this namespace |
| jobs.batch | Number of jobs that can be created under this namespace |
| cronjobs.batch | Number of cronjobs that can be created under this namespace |
Example
This example demonstrates the number of PersistentVolumeClaims created in a namespace by ResourceQuota.
(1) Create sample namespace
kubectl create namespace quota-example (2) Create ResourceQuota
Save the following yaml as quota-demo.yaml and create ResourceQuota kubectl create -f quota-demo.yaml. The ResourceQuota restricts this namespace to create only one PersistentVolumeClaim.
apiVersion: v1
kind: ResourceQuota
metadata:
name: quota-demo
namespace: quota-example
spec:
hard:
persistentvolumeclaims: "1" (3) Verify ResourceQuota Create a PersistentVolumeClaim by the following yaml.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-quota-demo
namespace: quota-example
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 3Gi View PersistentVolumeClaim created successfully.
kubectl get persistentvolumeclaims --namespace=quota-example The results are as follows. PersistentVolumeClaim Creation success.
NAME STATUS
pvc-quota-demo Pending Try to create a second PersistentVolumeClaim by the following yaml.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-quota-demo-2
namespace: quota-example
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi As a result, as you can see, ResourceQuota takes effect, limiting the creation of the second PersistentVolumeClaim.
persistentvolumeclaims "pvc-quota-demo-2" is forbidden:
exceeded quota: object-quota-demo, requested: persistentvolumeclaims=1,
used: persistentvolumeclaims=1, limited: persistentvolumeclaims=1