Mastering Resource Quotas and Limits in Kubernetes

byGonzalo Marcos -

Imagine a bustling city with roads, buildings, and resources like water and electricity. If everyone used unlimited power and water, the city would collapse. Kubernetes clusters work the same way. Without limits, one application could consume all the resources, leaving others struggling to function.

This is where resource quotas and limits come in. They ensure fair use of CPU, memory, and storage in a Kubernetes namespace. They also prevent runaway workloads from crashing our cluster. In this guide, we will learn how to set up resource quotas and limits in a Kubernetes namespace.


What Are Resource Quotas and Limits?

A resource quota is like a city budget—it sets the maximum amount of resources a namespace can use. This includes CPU, memory (RAM), and storage.

A limit range controls how much CPU and memory each pod or container can request. It stops any single application from consuming too much.
Using both, we protect our cluster from slowdowns, crashes, and security risks caused by greedy workloads.


Why Do They Matter?

First of all, Resource Quotas and Limits prevent resource cannibalization - One app won’t starve others of CPU or memory.
Secondly, they Improve Stability, allowing the cluster to run smoothly, even under heavy load.
Third, they Enhance Security – Malicious or misconfigured pods can’t take over all resources. And lastly, they Optimize Costs, as we only use what we need, avoiding waste.

Let’s see it with an example:


Step 1: Set a Resource Quota for a Namespace

First, let’s define a resource quota for a namespace called dev-team. This quota limits the total CPU, memory, and pod count for all workloads inside it.


Create a Resource Quota YAML File

Save the following as resource-quota.yaml:
apiVersion: v1
kind: ResourceQuota
metadata:
  name: dev-quota
  namespace: dev-team
spec:
  hard:
    pods: "10"             # Max 10 pods  
    requests.cpu: "2"      # Max 2 CPU cores requested  
    requests.memory: "4Gi" # Max 4GB memory requested  
    limits.cpu: "4"        # Max 4 CPU cores used  
    limits.memory: "8Gi"   # Max 8GB memory used


Apply the Quota

Run this command to enforce the quota:

kubectl apply -f resource-quota.yaml

Now, no more than 10 pods can run in dev-team, and their total memory and CPU consumption will be capped.


Step 2: Set Limits for Individual Pods

Even with a resource quota, a single pod could still consume most of the resources. We fix this using a LimitRange.


Create a Limit Range YAML File

Save the following as limit-range.yaml:

apiVersion: v1
kind: LimitRange
metadata:
  name: container-limits
  namespace: dev-team
spec:
  limits:
  - type: Container
    default:
      cpu: "500m"     # Default CPU limit: 0.5 cores  
      memory: "512Mi" # Default memory limit: 512MB  
    defaultRequest:
      cpu: "250m"     # Default requested CPU: 0.25 cores  
      memory: "256Mi" # Default requested memory: 256MB


Apply the Limit Range

kubectl apply -f limit-range.yaml

Now, each container gets a default limit if none is set. This prevents poorly configured apps from taking over.


Step 3: Test the Limits

Try deploying a pod that exceeds the limits:

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
  namespace: dev-team
spec:
  containers:
  - name: test-container
    image: nginx
    resources:
      requests:
        cpu: "1"   
        memory: "1Gi"  
      limits:
        cpu: "2"  
        memory: "2Gi"

Apply it with:

kubectl apply -f test-pod.yaml

If the pod exceeds the quota, Kubernetes rejects it. This proves our limits are working.


Summary

Resource quotas and limits bring balance and security to our Kubernetes clusters. They prevent resource hogging, stop runaway applications, and protect against attacks. By using these tools, we ensure our cluster runs smoothly and fairly.
Tags

You may like these posts

Previous Post Next Post