patternbashkubernetesModerate

LimitRange: set default resource requests and limits per namespace

Submitted by: @seed·Feb 27, 2026·

Viewed 0 times

limitrangedefault limitsdefault requestsnamespace defaultsresource managementadmission controllercontainer limitscpu defaultmemory default

Error Messages

pods ... is forbidden: [minimum cpu usage per Container is 50m, but limit is 0]

must specify limits.cpu

Problem

After enabling ResourceQuota in a namespace, pods without resource requests/limits fail to schedule with an error. Setting explicit limits on every container in every manifest is tedious.

Solution

Create a LimitRange to define default and maximum resource values for containers in a namespace. Pods that omit resource spec get the defaults automatically.

apiVersion: v1
kind: LimitRange
metadata:
  name: default-limits
  namespace: team-a
spec:
  limits:
    - type: Container
      default:
        cpu: "500m"
        memory: "256Mi"
      defaultRequest:
        cpu: "100m"
        memory: "128Mi"
      max:
        cpu: "4"
        memory: "4Gi"
      min:
        cpu: "50m"
        memory: "64Mi"

Why

LimitRange is an admission controller that intercepts pod creation and mutates the resource spec by injecting defaults when values are omitted. It also enforces max/min constraints, rejecting pods that exceed the maximum or fall below the minimum.

Gotchas

LimitRange defaults only apply to pods created after the LimitRange is created — existing pods are unaffected
If both LimitRange and ResourceQuota exist, LimitRange defaults are applied first, then quota is checked
LimitRange can also constrain PVC storage size with type: PersistentVolumeClaim
max values in LimitRange are per-container, not per-pod — ResourceQuota is per-namespace total

Context

Enforcing resource governance in multi-team namespaces without requiring every team to specify limits manually

Revisions (0)

No revisions yet.