k3s/docs/resource_quota_admin.md

# Administering Resource Quotas

Kubernetes can limit the both number of objects created in a namespace, and the
total amount of resources requested by pods in a namespace.  This facilitates
sharing of a single Kubernetes cluster by several teams or tenants, each in
a namespace.

## Enabling Resource Quota

Resource Quota support is enabled by default for many kubernetes distributions.  It is
enabled when the apiserver `--admission_control=` flag has `ResourceQuota` as
one of its arguments.  

Resource Quota is enforced in a particular namespace when there is a
`ResourceQuota` object in that namespace.  There should be at most one
`ResourceQuota` object in a namespace.

##  Object Count Quota
The number of objects of a given type can be restricted.  The following types
are supported:

| ResourceName | Description |
| ------------ | ----------- |
| pods | Total number of pods  |
| services | Total number of services |
| replicationcontrollers | Total number of replication controllers |
| resourcequotas | Total number of resource quotas |
| secrets | Total number of secrets |
| persistentvolumeclaims | Total number of persistent volume claims |

For example, `pods` quota counts and enforces a maximum on the number of `pods`
created in a single namespace.

##  Compute Resource Quota
The total number of objects of a given type can be restricted.  The following types
are supported:

| ResourceName | Description |
| ------------ | ----------- |
| cpu | Total cpu limits of containers |
| memory | Total memory usage limits of containers
| `example.com/customresource` | Total of `resources.limits."example.com/customresource"` of containers |

For example, `cpu` quota sums up the `resources.limits.cpu` fields of every
container of every pod in the namespace, and enforces a maximum on that sum.

Any resource that is not part of core Kubernetes must follow the resource naming convention prescribed by Kubernetes.

This means the resource must have a fully-qualified name (i.e. mycompany.org/shinynewresource)

## Viewing and Setting Quotas
Kubectl supports creating, updating, and viewing quotas
```
$ kubectl namespace myspace
$ cat <<EOF > quota.json
{
  "apiVersion": "v1beta3",
  "kind": "ResourceQuota",
  "metadata": {
    "name": "quota",
  },
  "spec": {
    "hard": {
      "memory": "1Gi",
      "cpu": "20",
      "pods": "10",
      "services": "5",
      "replicationcontrollers":"20",
      "resourcequotas":"1",
    },
  }
}
EOF
$ kubectl create -f quota.json
$ kubectl get quota
NAME
quota
$ kubectl describe quota quota
Name:                   quota
Resource                Used    Hard
--------                ----    ----
cpu                     0m      20
memory                  0       1Gi
pods                    5       10
replicationcontrollers  5       20
resourcequotas          1       1
services                3       5
```

## Quota and Cluster Capacity
Resource Quota objects are independent of the Cluster Capacity.  They are
expressed in absolute units.  

Sometimes more complex policies may be desired, such as:
  - proportionally divide total cluster resources among several teams.
  - allow each tenant to grow resource usage as needed, but have a generous
    limit to prevent accidental resource exhaustion.

Such policies could be implemented using ResourceQuota as a building-block, by
writing a controller which watches the quota usage and adjusts the quota
hard limits of each namespace.
Added Quota documentation for Cluster Admins. Also documented Admission Control Plugins for developers. 2015-03-16 22:14:30 +00:00			`# Administering Resource Quotas`

			`Kubernetes can limit the both number of objects created in a namespace, and the`
			`total amount of resources requested by pods in a namespace. This facilitates`
			`sharing of a single Kubernetes cluster by several teams or tenants, each in`
			`a namespace.`

			`## Enabling Resource Quota`

			`Resource Quota support is enabled by default for many kubernetes distributions. It is`
			enabled when the apiserver `--admission_control=` flag has `ResourceQuota` as
			`one of its arguments.`

			`Resource Quota is enforced in a particular namespace when there is a`
			`ResourceQuota` object in that namespace. There should be at most one
			`ResourceQuota` object in a namespace.

			`## Object Count Quota`
			`The number of objects of a given type can be restricted. The following types`
			`are supported:`
fix broken tables in docs/resouce_quota_admin.md 2015-04-05 09:56:03 +00:00
Added Quota documentation for Cluster Admins. Also documented Admission Control Plugins for developers. 2015-03-16 22:14:30 +00:00			`\| ResourceName \| Description \|`
			`\| ------------ \| ----------- \|`
			`\| pods \| Total number of pods \|`
			`\| services \| Total number of services \|`
			`\| replicationcontrollers \| Total number of replication controllers \|`
			`\| resourcequotas \| Total number of resource quotas \|`
ResourceQuota add object count support for secret and volume claims 2015-04-08 21:03:56 +00:00			`\| secrets \| Total number of secrets \|`
			`\| persistentvolumeclaims \| Total number of persistent volume claims \|`
Added Quota documentation for Cluster Admins. Also documented Admission Control Plugins for developers. 2015-03-16 22:14:30 +00:00
			For example, `pods` quota counts and enforces a maximum on the number of `pods`
			`created in a single namespace.`

			`## Compute Resource Quota`
			`The total number of objects of a given type can be restricted. The following types`
			`are supported:`

			`\| ResourceName \| Description \|`
			`\| ------------ \| ----------- \|`
			`\| cpu \| Total cpu limits of containers \|`
			`\| memory \| Total memory usage limits of containers`
fix broken tables in docs/resouce_quota_admin.md 2015-04-05 09:56:03 +00:00			\| `example.com/customresource` \| Total of `resources.limits."example.com/customresource"` of containers \|
Added Quota documentation for Cluster Admins. Also documented Admission Control Plugins for developers. 2015-03-16 22:14:30 +00:00
			For example, `cpu` quota sums up the `resources.limits.cpu` fields of every
			`container of every pod in the namespace, and enforces a maximum on that sum.`

			`Any resource that is not part of core Kubernetes must follow the resource naming convention prescribed by Kubernetes.`

			`This means the resource must have a fully-qualified name (i.e. mycompany.org/shinynewresource)`

			`## Viewing and Setting Quotas`
			`Kubectl supports creating, updating, and viewing quotas`
			```
			`$ kubectl namespace myspace`
			`$ cat <<EOF > quota.json`
			`{`
			`"apiVersion": "v1beta3",`
			`"kind": "ResourceQuota",`
			`"metadata": {`
			`"name": "quota",`
			`},`
			`"spec": {`
			`"hard": {`
			`"memory": "1Gi",`
			`"cpu": "20",`
			`"pods": "10",`
			`"services": "5",`
			`"replicationcontrollers":"20",`
			`"resourcequotas":"1",`
			`},`
			`}`
			`}`
			`EOF`
			`$ kubectl create -f quota.json`
			`$ kubectl get quota`
			`NAME`
			`quota`
			`$ kubectl describe quota quota`
			`Name: quota`
			`Resource Used Hard`
			`-------- ---- ----`
			`cpu 0m 20`
			`memory 0 1Gi`
			`pods 5 10`
			`replicationcontrollers 5 20`
			`resourcequotas 1 1`
			`services 3 5`
			```

			`## Quota and Cluster Capacity`
			`Resource Quota objects are independent of the Cluster Capacity. They are`
			`expressed in absolute units.`

			`Sometimes more complex policies may be desired, such as:`
			`- proportionally divide total cluster resources among several teams.`
			`- allow each tenant to grow resource usage as needed, but have a generous`
			`limit to prevent accidental resource exhaustion.`

			`Such policies could be implemented using ResourceQuota as a building-block, by`
			`writing a controller which watches the quota usage and adjusts the quota`
			`hard limits of each namespace.`