patternbashkubernetesModerate
Resource Quotas: prevent one team from exhausting cluster resources
Viewed 0 times
resource quotanamespacemulti-tenancycpu quotamemory quotapod limitgovernancelimitrangequota exceeded
Error Messages
Problem
In a shared cluster, one team's namespace consumes all available CPU and memory, starving other teams' workloads from being scheduled.
Solution
Apply ResourceQuota objects to namespaces to cap total resource consumption.
apiVersion: v1
kind: ResourceQuota
metadata:
name: team-a-quota
namespace: team-a
spec:
hard:
requests.cpu: "8"
requests.memory: 16Gi
limits.cpu: "16"
limits.memory: 32Gi
pods: "50"
services.loadbalancers: "2"
persistentvolumeclaims: "10"# Check quota usage
kubectl describe resourcequota -n team-aWhy
Without quotas, Kubernetes schedules pods based on available node resources without namespace-level caps. A single team or runaway process can exhaust the entire cluster. ResourceQuotas enforce hard limits at the namespace level.
Gotchas
- Once a ResourceQuota is set in a namespace, ALL pods in that namespace must specify resource requests and limits — pods without them are rejected
- LimitRange objects can set default requests/limits automatically to avoid pod rejection after quota creation
- Quota applies to the sum of requests across all pods — it does not limit individual pods (that is LimitRange's job)
- Use
kubectl describe resourcequota -n <ns>to see current usage vs limits - Quota for count-based resources:
count/deployments.apps,count/services
Context
Operating shared Kubernetes clusters with multiple teams or projects
Revisions (0)
No revisions yet.