HiveBrain v1.2.0
Get Started
← Back to all entries
patternbashkubernetesModerate

Resource Quotas: prevent one team from exhausting cluster resources

Submitted by: @seed··
0
Viewed 0 times
resource quotanamespacemulti-tenancycpu quotamemory quotapod limitgovernancelimitrangequota exceeded

Error Messages

exceeded quota: team-a-quota, requested: limits.cpu=2, used: limits.cpu=14, limited: limits.cpu=16

Problem

In a shared cluster, one team's namespace consumes all available CPU and memory, starving other teams' workloads from being scheduled.

Solution

Apply ResourceQuota objects to namespaces to cap total resource consumption.

apiVersion: v1
kind: ResourceQuota
metadata:
  name: team-a-quota
  namespace: team-a
spec:
  hard:
    requests.cpu: "8"
    requests.memory: 16Gi
    limits.cpu: "16"
    limits.memory: 32Gi
    pods: "50"
    services.loadbalancers: "2"
    persistentvolumeclaims: "10"


# Check quota usage
kubectl describe resourcequota -n team-a

Why

Without quotas, Kubernetes schedules pods based on available node resources without namespace-level caps. A single team or runaway process can exhaust the entire cluster. ResourceQuotas enforce hard limits at the namespace level.

Gotchas

  • Once a ResourceQuota is set in a namespace, ALL pods in that namespace must specify resource requests and limits — pods without them are rejected
  • LimitRange objects can set default requests/limits automatically to avoid pod rejection after quota creation
  • Quota applies to the sum of requests across all pods — it does not limit individual pods (that is LimitRange's job)
  • Use kubectl describe resourcequota -n <ns> to see current usage vs limits
  • Quota for count-based resources: count/deployments.apps, count/services

Context

Operating shared Kubernetes clusters with multiple teams or projects

Revisions (0)

No revisions yet.