Limiting namespace resources

Resource quotas are also Kubernetes API objects; however, they are designed to work specifically on namespaces by creating limits on compute resources and even limiting the number of objects on each assigned space.

The ResourceQuota API object is declared like any other object in Kubernetes, through a YAML file passed to the kubectl command.

A basic resource quota definition is as follows:

apiVersion: v1
kind: ResourceQuota
Metadata:
  Namespace: devteam1 
  name: compute-resources
spec:
  hard:
    pods: "4"
    requests.cpu: "1"
    requests.memory: 1Gi
    limits.cpu: "2"
    limits.memory: 2Gi

There are two types of basic quotas that we can set: compute resource quotas and object resource quotas. As seen in the previous example, pods is an object quota and the rest are compute quotas.

In each of these fields, you will specify the total sum of the provided resource, which the namespace cannot exceed. For example, in this namespace, the total number of running pods cannot exceed 4, and the sum of their resources can't exceed 1 CPU and 2Gi of RAM memory.

The maximum number of objects per namespace can be assigned to any kube API object that can be put in a namespace; here is a list of the objects that can be limited with namespaces:

• Persistent Volume Claims (PVCs)
• Services
• Secrets
• ConfigMaps
• Replication controllers
• Deployments
• ReplicaSets
• StatefulSets
• Jobs
• Cron jobs

When it comes to compute resources, it is not only memory and CPU that can be limited, but you can also assign quotas to storage space—these quotas will apply only to PVCs, however.

In order to understand compute quotas better, we need to dive deeper and explore how these resources are managed and assigned on a pod basis. This will also be a good time to understand how to architect pods better.