Interactive Lab ยท CKA ยท Intermediate

RESOURCE QUOTAS & LIMITRANGES

$ kubectl describe resourcequota -n team-a
📊 ResourceQuota Namespace-level limits
  • 1A ResourceQuota limits the total resources a namespace can consume. Once the quota is reached, new objects are rejected.
  • 2Quotas can limit: CPU requests/limits, memory requests/limits, number of pods, services, PVCs, secrets, configmaps.
  • 3When a ResourceQuota exists, every pod must have resource requests and limits defined. Pods without them are rejected at admission.
ResourceQuota manifest
apiVersion: v1 kind: ResourceQuota metadata: name: team-quota namespace: team-a spec: hard: pods: "10" requests.cpu: "4" requests.memory: 8Gi limits.cpu: "8" limits.memory: 16Gi persistentvolumeclaims: "4" # Check usage: kubectl describe resourcequota team-quota -n team-a
📏 LimitRange Per-container defaults
  • 1A LimitRange sets default resource requests/limits for containers. If a pod has no resources defined, the defaults are applied automatically.
  • 2LimitRange also enforces min and max values. A container requesting more than max is rejected. Less than min is rejected.
  • 3This solves the 'forgot to set resources' problem. Every pod gets sensible defaults even if the developer did not specify them.
LimitRange manifest
apiVersion: v1 kind: LimitRange metadata: name: default-limits namespace: team-a spec: limits: - type: Container default: cpu: "500m" memory: 256Mi defaultRequest: cpu: "100m" memory: 128Mi max: cpu: "2" memory: 2Gi
⚡ QoS Classes Eviction priority under pressure
  • 1Guaranteed: requests == limits for all containers. Highest priority. Never evicted unless the node itself is critically low.
  • 2Burstable: requests less than limits, or only one is set. Can burst. Evicted before Guaranteed pods.
  • 3BestEffort: no requests or limits at all. First to be evicted. Never use for production workloads.
QoS class examples
# Guaranteed (requests == limits for ALL resources) resources: requests: cpu: "500m" memory: 256Mi limits: cpu: "500m" memory: 256Mi # Check QoS class of a running pod: kubectl get pod my-pod -o jsonpath='{.status.qosClass}'
ResourceQuota fields
podsMax number of pods in namespace
requests.cpu / limits.cpuTotal CPU across all pods
requests.memory / limits.memoryTotal memory across all pods
services, secrets, pvcObject count limits
QoS Classes
Guaranteedrequests == limits. Highest eviction priority.
Burstablerequests < limits. Medium priority.
BestEffortNo resources set. First evicted.
LimitRange defaultAuto-applies resources when not specified
Done