kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #51137 from lmktfy/20250531_improve_resource_quota_description 

Describe kinds of ResourceQuota
pull/51809/head
Kubernetes Prow Robot 2025-08-05 16:19:24 -07:00 committed by GitHub
parent cd49a86fe3 7c019eaac9
commit 531bd04937
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 46 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
content/en/docs/concepts/policy/resource-quotas.md
View File

@ -104,7 +104,12 @@ one of its arguments.
A resource quota is enforced in a particular namespace when there is a
ResourceQuota in that namespace.
## Compute Resource Quota
## Types of resource quota
The ResourceQuota mechanism lets you enforce different kinds of limits. This
section describes the types of limit that you can enforce.
### Quota for infrastructure resources {#compute-resource-quota}
You can limit the total sum of
[compute resources](/docs/concepts/configuration/manage-resources-containers/)
@ -122,7 +127,7 @@ The following resource types are supported:
| `cpu` | Same as `requests.cpu` |
| `memory` | Same as `requests.memory` |
### Resource Quota For Extended Resources
### Quota for extended resources
In addition to the resources mentioned above, in release 1.10, quota support for
[extended resources](/docs/concepts/configuration/manage-resources-containers/#extended-resources) is added.
@ -138,12 +143,13 @@ limit the total number of GPUs requested in a namespace to 4, you can define a q
See [Viewing and Setting Quotas](#viewing-and-setting-quotas) for more details.
## Storage Resource Quota
### Quota for storage
You can limit the total sum of [storage resources](/docs/concepts/storage/persistent-volumes/)
You can limit the total sum of [storage](/docs/concepts/storage/persistent-volumes/) for volumes
that can be requested in a given namespace.
In addition, you can limit consumption of storage resources based on associated storage-class.
In addition, you can limit consumption of storage resources based on associated
[StorageClass](/docs/concepts/storage/storage-classes/).
| Resource Name | Description |
| ------------- | ----------- |
@ -158,7 +164,10 @@ a `bronze` StorageClass, you can define a quota as follows:
* `gold.storageclass.storage.k8s.io/requests.storage: 500Gi`
* `bronze.storageclass.storage.k8s.io/requests.storage: 100Gi`
In release 1.8, quota support for local ephemeral storage is added as an alpha feature:
#### Quota for local ephemeral storage
{{< feature-state for_k8s_version="v1.8" state="alpha" >}}
| Resource Name | Description |
| ------------- | ----------- |
@ -169,46 +178,56 @@ In release 1.8, quota support for local ephemeral storage is added as an alpha f
{{< note >}}
When using a CRI container runtime, container logs will count against the ephemeral storage quota.
This can result in the unexpected eviction of pods that have exhausted their storage quotas.
Refer to [Logging Architecture](/docs/concepts/cluster-administration/logging/) for details.
{{< /note >}}
## Object Count Quota
### Quota on object count
You can set quota for *the total number of one particular resource kind* in the Kubernetes API,
You can set quota for *the total number of one particular {{< glossary_tooltip text="resource" term_id="api-resource" >}} kind* in the Kubernetes API,
using the following syntax:
* `count/<resource>.<group>` for resources from non-core groups
* `count/<resource>` for resources from the core group
* `count/<resource>.<group>` for resources from non-core API groups
* `count/<resource>` for resources from the core API group
Here is an example set of resources users may want to put under object count quota:
For example, the PodTemplate API is in the core API group and so if you want to limit the number of
PodTemplate objects in a namespace, you use `count/podtemplates`.
These types of quotas are useful to protect against exhaustion of control plane storage. For example, you may
want to limit the number of Secrets in a server given their large size. Too many Secrets in a cluster can
actually prevent servers and controllers from starting. You can set a quota for Jobs to protect against
a poorly configured CronJob. CronJobs that create too many Jobs in a namespace can lead to a denial of service.
If you define a quota this way, it applies to Kubernetes' APIs that are part of the API server, and
to any custom resources backed by a CustomResourceDefinition.
For example, to create a quota on a `widgets` custom resource in the `example.com` API group,
use `count/widgets.example.com`.
If you use [API aggregation](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) to
add additional, custom APIs that are not defined as CustomResourceDefinitions, the core Kubernetes
control plane does not enforce quota for the aggregated API. The extension API server is expected to
provide quota enforcement if that's appropriate for the custom API.
##### Generic syntax {#resource-quota-object-count-generic}
This is a list of common examples of object kinds that you may want to put under object count quota,
listed by the configuration string that you would use.
* `count/pods`
* `count/persistentvolumeclaims`
* `count/services`
* `count/secrets`
* `count/configmaps`
* `count/replicationcontrollers`
* `count/deployments.apps`
* `count/replicasets.apps`
* `count/statefulsets.apps`
* `count/jobs.batch`
* `count/cronjobs.batch`
If you define a quota this way, it applies to Kubernetes' APIs that are part of the API server, and
to any custom resources backed by a CustomResourceDefinition. If you use
[API aggregation](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) to
add additional, custom APIs that are not defined as CustomResourceDefinitions, the core Kubernetes
control plane does not enforce quota for the aggregated API. The extension API server is expected to
provide quota enforcement if that's appropriate for the custom API.
For example, to create a quota on a `widgets` custom resource in the `example.com` API group, use `count/widgets.example.com`.
##### Specialized syntax {#resource-quota-object-count-specialized}
When using such a resource quota (nearly for all object kinds), an object is charged
against the quota if the object kind exists (is defined) in the control plane.
These types of quotas are useful to protect against exhaustion of storage resources. For example, you may
want to limit the number of Secrets in a server given their large size. Too many Secrets in a cluster can
actually prevent servers and controllers from starting. You can set a quota for Jobs to protect against
a poorly configured CronJob. CronJobs that create too many Jobs in a namespace can lead to a denial of service.
There is another syntax only to set the same type of quota for certain resources.
There is another syntax only to set the same type of quota, that only works for certain API kinds.
The following types are supported:
| Resource Name | Description |