Kubernetes ResourceQuota and LimitRange are two important mechanisms for managing resource allocation and usage within a Kubernetes cluster.
Here’s a comparison of ResourceQuota and LimitRange features and use cases in a tabular format:
| Feature | ResourceQuota | LimitRange |
|---|---|---|
| Scope | Namespace-wide | Individual pods and containers |
| Purpose | Limit aggregate resource consumption | Set constraints on individual resources |
| Resource Types | CPU, memory, storage, object counts | CPU, memory |
| Default Values | Does not set defaults | Can set default requests and limits |
| Enforcement Level | Across all pods in a namespace | Per pod or container |
| Ratio Enforcement | No | Can enforce request-to-limit ratio |
| Object Creation | Can limit number of objects by type | N/A |
| Use Case | ResourceQuota | LimitRange |
|---|---|---|
| Prevent resource overuse by a team | ✓ | |
| Ensure fair resource distribution | ✓ | |
| Set default resource requests/limits | ✓ | |
| Prevent creation of pods without limits | ✓ | |
| Limit storage consumption | ✓ | |
| Control number of objects (e.g., services, ConfigMaps) | ✓ | |
| Enforce minimum resource requirements | ✓ | |
| Prevent excessive resource allocation to single pod | ✓ | |
| Maintain consistent request-to-limit ratios | ✓ | |
| Isolate resources between different environments (dev/prod) | ✓ |
This comparison highlights the complementary nature of ResourceQuota and LimitRange in managing Kubernetes cluster resources effectively.
ResourceQuota
ResourceQuota is used to limit the aggregate resource consumption per namespace. It can restrict:
- Total compute resources (CPU and memory) that can be requested
- Number of objects that can be created by type (e.g., pods, services)
- Total storage resources that can be consumed
Key features:
- Applied at the namespace level
- Limits the sum of resources across all pods in a namespace
- Enforces constraints on both resource requests and limits
Example ResourceQuota:
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
spec:
hard:
requests.cpu: "2"
requests.memory: 1Gi
limits.cpu: "4"
limits.memory: 2GiLimitRange
LimitRange sets constraints on individual pods and containers within a namespace. It can:
- Enforce minimum and maximum compute resources per pod or container
- Set default request/limit values for containers
- Enforce a ratio between request and limit for a resource
Key features:
- Applied at the pod and container level within a namespace
- Sets default values for resource requests and limits
- Can prevent the creation of pods that don’t meet the specified constraints
Example LimitRange:
apiVersion: v1
kind: LimitRange
metadata:
name: limit-mem-cpu-per-container
spec:
limits:
- default:
cpu: 500m
memory: 512Mi
defaultRequest:
cpu: 200m
memory: 256Mi
type: ContainerUse Cases
- ResourceQuota: Useful for enforcing overall resource constraints in a shared cluster environment, preventing one team or application from consuming all available resources.
- LimitRange: Helpful for setting reasonable defaults and preventing the creation of pods with excessive resource requirements or no specified limits.
By using both ResourceQuota and LimitRange together, cluster administrators can effectively manage resource allocation and ensure fair usage across different teams and applications within a Kubernetes cluster.
apiVersion: v1
kind: Namespace
metadata:
name: myspace
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
namespace: myspace
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: object-quota
namespace: myspace
spec:
hard:
configmaps: "10"
persistentvolumeclaims: "4"
replicationcontrollers: "20"
secrets: "10"
services: "10"
services.loadbalancers: "2"
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: helloworld-deployment
namespace: myspace
spec:
replicas: 3
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: k8s-demo
image: wardviaene/k8s-demo
ports:
- name: nodejs-port
containerPort: 3000
resources:
requests:
cpu: 200m
memory: 0.5Gi
limits:
cpu: 400m
memory: 1Gi
apiVersion: v1
kind: LimitRange
metadata:
name: limits
namespace: myspace
spec:
limits:
- default:
cpu: 200m
memory: 512Mi
defaultRequest:
cpu: 100m
memory: 256Mi
type: Container
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND
