Quota
You can now apply constraints that limit resource consumption
per namespace, similar to the OpenStack tenant. For example, you can
limit the quantity of objects that can be created in a namespace,
the total amount of compute resources that may be consumed by resources,
etc. The constraint in k8s is called quota. Here’s
an example:
kubectl -n dev create quota quota-onepod hard pods=1
There, we just created quota quota-onepod, and the constraint
we gave is pods=1 – so only one pod is allowed to be created
in this namespace:
$ kubectl get quota -n dev
NAME CREATED AT
quota-onepod 2019-06-14T04:25:37Z
$ kubectl get quota -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: ResourceQuota
metadata:
creationTimestamp: 2019-06-14T04:25:37Z
name: quota-onepod
namespace: dev
resourceVersion: "823606"
selfLink: /api/v1/namespaces/dev/resourcequotas/quota-onepod
uid: 76052368-8e5c-11e9-87fb-0050569e6cfc
spec:
hard:
pods: "1"
status:
hard:
pods: "1"
used:
pods: "1"
kind: List
metadata:
resourceVersion: ""
selfLink: ""
And now create a pod within it:
$ kubectl create -f pod-webserver-do.yaml -n dev
pod/contrail-webserver created
That works fine, so now let’s create a second pod in it:
$ kubectl create -f pod-2containers-do.yaml -n dev
Error from server (Forbidden): error when creating
"pod/pod-2containers-do.yaml": pods "pod-1" is forbidden:
exceeded quota:
quota-onepod, requested: pods=1, used: pods=1, limited:
pods=1
Immediately we run into the error exceeded quota. Let’s
delete the quota quota-onepod. This new pod will be created after
the quota is removed:
$ kubectl delete quota quota-onepod -n dev
resourcequota "quota-onepod" deleted
$ kubectl create -f pod/pod-2containers-do.yaml -n dev
pod/pod-1 created