https://drive.google.com/file/d/1QTMUPUBy1ik_fnO0AaGF0wPUCn3faDqE/view?usp=sharing

🔍 YAML Breakdown

apiVersion: v1
kind: LimitRange
metadata:
  name: def-cpu-mem-limit
  namespace: dev
spec:
  limits:
  - default:              # ← Applied if Pod defines NO limits
      cpu: 111m
      memory: 99Mi
    defaultRequest:       # ← Applied if Pod defines NO requests
      cpu: 101m
      memory: 91Mi
    max:                  # ← Hard ceiling (enforced)
      cpu: 200m
      memory: 100Mi
    min:                  # ← Hard floor (enforced)
      cpu: 100m
      memory: 90Mi
    type: Container

🔑 Key Insight:

This LimitRange does two critical things:

1. Auto-applies defaults to Pods that don’t define resources
2. Enforces min/max on Pods that do define resources

💡 Why this matters:

• Without defaults → Pods are BestEffort (lowest priority, first to evict)
• Without min/max → Teams can request 1000 CPUs and break quotas

📌 How LimitRange Works

🎯 Your Rules:

• CPU: 100m ≤ request ≤ 200m, 111m ≤ limit ≤ 200m
• Memory: 90Mi ≤ request ≤ 100Mi, 99Mi ≤ limit ≤ 100Mi

⚠️ Critical Note:

defaultRequest must be ≤ default (your example: 101m ≤ 111m → ✅ valid)

🧪 k3s Lab: Test LimitRange Behavior

🔧 Step 1: Create Namespace & Apply LimitRange

# Create namespace
kubectl create namespace dev

# Apply LimitRange
kubectl apply -f limit-ranges.yaml

# Verify
kubectl describe limitrange def-cpu-mem-limit -n dev

🔧 Step 2: Test Case 1 — Pod with NO Resources

# pod-no-resources.yaml
apiVersion: v1
kind: Pod
metadata:
  name: no-res-pod
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx

kubectl apply -f pod-no-resources.yaml

# Check applied resources
kubectl get pod no-res-pod -n dev -o jsonpath='{.spec.containers[0].resources}'
# ✅ Output:
# {"limits":{"cpu":"111m","memory":"99Mi"},
#  "requests":{"cpu":"101m","memory":"91Mi"}}

🔍 Result:

LimitRange auto-applied defaults → Pod is Burstable (not BestEffort)!

🔧 Step 3: Test Case 2 — Pod Within Min/Max

# pod-valid-resources.yaml
apiVersion: v1
kind: Pod
metadata:
  name: valid-pod
  namespace: dev
spec:
  containers:
  - name: nginx
    image: nginx
    resources:
      requests:
        cpu: "150m"
        memory: "95Mi"
      limits:
        cpu: "180m"
        memory: "100Mi"