Configure Memory and CPU Quotas for a Namespace

    You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

    To check the version, enter .

    Each node in your cluster must have at least 1 GiB of memory.

    Create a namespace

    Create a namespace so that the resources you create in this exercise are isolated from the rest of your cluster.

    Here is the configuration file for a ResourceQuota object:

    admin/resource/quota-mem-cpu.yaml

    1. apiVersion: v1
    2. kind: ResourceQuota
    3. metadata:
    4. name: mem-cpu-demo
    5. spec:
    6. hard:
    7. requests.cpu: "1"
    8. limits.cpu: "2"
    9. limits.memory: 2Gi

    Create the ResourceQuota:

    View detailed information about the ResourceQuota:

    1. kubectl get resourcequota mem-cpu-demo --namespace=quota-mem-cpu-example --output=yaml

    The ResourceQuota places these requirements on the quota-mem-cpu-example namespace:

    • Every Container must have a memory request, memory limit, cpu request, and cpu limit.
    • The memory request total for all Containers must not exceed 1 GiB.
    • The memory limit total for all Containers must not exceed 2 GiB.
    • The CPU request total for all Containers must not exceed 1 cpu.
    • The CPU limit total for all Containers must not exceed 2 cpu.

    Create a Pod

    Here is the configuration file for a Pod:

    Create the Pod:

    1. kubectl apply -f https://k8s.io/examples/admin/resource/quota-mem-cpu-pod.yaml --namespace=quota-mem-cpu-example

    Verify that the Pod’s Container is running:

    1. kubectl get pod quota-mem-cpu-demo --namespace=quota-mem-cpu-example

    Once again, view detailed information about the ResourceQuota:

    1. kubectl get resourcequota mem-cpu-demo --namespace=quota-mem-cpu-example --output=yaml

    The output shows the quota along with how much of the quota has been used. You can see that the memory and CPU requests and limits for your Pod do not exceed the quota.

    Here is the configuration file for a second Pod:

    admin/resource/quota-mem-cpu-pod-2.yaml Configure Memory and CPU Quotas for a Namespace - 图3

    1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4. name: quota-mem-cpu-demo-2
    5. spec:
    6. containers:
    7. resources:
    8. limits:
    9. memory: "1Gi"
    10. cpu: "800m"
    11. requests:
    12. memory: "700Mi"
    13. cpu: "400m"

    In the configuration file, you can see that the Pod has a memory request of 700 MiB. Notice that the sum of the used memory request and this new memory request exceeds the memory request quota. 600 MiB + 700 MiB > 1 GiB.

    Attempt to create the Pod:

    1. kubectl apply -f https://k8s.io/examples/admin/resource/quota-mem-cpu-pod-2.yaml --namespace=quota-mem-cpu-example

    The second Pod does not get created. The output shows that creating the second Pod would cause the memory request total to exceed the memory request quota.

    1. Error from server (Forbidden): error when creating "examples/admin/resource/quota-mem-cpu-pod-2.yaml":
    2. requested: requests.memory=700Mi,used: requests.memory=600Mi, limited: requests.memory=1Gi

    Discussion

    As you have seen in this exercise, you can use a ResourceQuota to restrict the memory request total for all Containers running in a namespace. You can also restrict the totals for memory limit, cpu request, and cpu limit.

    Delete your namespace:

    What’s next

    For app developers