8.2: Resource Quotas (CPU & Memory Limits)

https://drive.google.com/file/d/132X_P0IKV-zSgNG3ocHXdnwv4ATGxMTz/view?usp=sharing

🔍 YAML Breakdown

apiVersion: v1
kind: ResourceQuota
metadata:
  name: memory-cpu-quota
  namespace: learning
spec:
  hard:
    requests.cpu: "1"        # ← Total CPU requests ≤ 1 core
    requests.memory: 1Gi     # ← Total memory requests ≤ 1 GiB
    limits.cpu: "2"          # ← Total CPU limits ≤ 2 cores
    limits.memory: 2Gi       # ← Total memory limits ≤ 2 GiB

🔑 Key Insight:

This quota enforces four hard limits on the learning namespace:

Total requested CPU ≤ 1 core

Total requested memory ≤ 1 GiB

Total CPU limits ≤ 2 cores

Total memory limits ≤ 2 GiB

💡 Why both requests and limits?

requests → used for scheduling and quota allocation

limits → used for runtime enforcement (throttling/OOM) → Both are critical for fair resource sharing

📌 How Resource Quotas Work

Quota Type	What It Tracks	Enforcement
`requests.cpu`	Sum of all `resources.requests.cpu` in Pods	At Pod creation
`requests.memory`	Sum of all `resources.requests.memory`	At Pod creation
`limits.cpu`	Sum of all `resources.limits.cpu`	At Pod creation
`limits.memory`	Sum of all `resources.limits.memory`	At Pod creation

🎯 Example:

If you deploy a Pod with:
resources:
  requests:
    cpu: "500m"
    memory: "512Mi"
  limits:
    cpu: "1000m"
    memory: "1Gi"
→ Quota usage becomes:

requests.cpu: 0.5/1

requests.memory: 512Mi/1Gi

limits.cpu: 1/2

limits.memory: 1Gi/2Gi

⚠️ Critical Rule:

Every container in every Pod must define resources.requests and limits — otherwise, quota enforcement fails silently (Pod won’t be created).

🧪 k3s Lab: Enforce CPU/Memory Quotas

🔧 Step 1: Create Namespace & Apply Quota

# Create namespace
kubectl create namespace learning

# Apply quota
kubectl apply -f namespace-resourcequota.yml

# Verify
kubectl describe resourcequotas memory-cpu-quota -n learning
# Hard:
#  limits.cpu:      2
#  limits.memory:   2Gi
#  requests.cpu:    1
#  requests.memory: 1Gi
# Used: <all 0>

🔧 Step 2: Deploy a Pod Within Quota

# pod-within-quota.yaml
apiVersion: v1
kind: Pod
meta
  name: good-pod
  namespace: learning
spec:
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        cpu: "500m"
        memory: "512Mi"
      limits:
        cpu: "1000m"
        memory: "1Gi"

kubectl apply -f pod-within-quota.yaml

# Verify usage
kubectl describe resourcequotas memory-cpu-quota -n learning
# Used:
#  requests.cpu:    500m
#  requests.memory: 512Mi
#  limits.cpu:      1
#  limits.memory:   1Gi

🔧 Step 3: Exceed Quota (Watch Enforcement)

❌ Case 1: Exceed `requests.memory`

# pod-exceed-memory.yaml
apiVersion: v1
kind: Pod
metadata:
  name: bad-pod-memory
  namespace: learning
spec:
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        memory: "1536Mi"  # > 1Gi quota (1024Mi used by good-pod)
      limits:
        memory: "2Gi"

🔍 YAML Breakdown

📌 How Resource Quotas Work

🧪 k3s Lab: Enforce CPU/Memory Quotas

🔧 Step 1: Create Namespace & Apply Quota

🔧 Step 2: Deploy a Pod Within Quota

🔧 Step 3: Exceed Quota (Watch Enforcement)

❌ Case 1: Exceed requests.memory

❌ Case 1: Exceed `requests.memory`