Request for Assistance with ResourceQuota Configuration

Hello,

I hope this message finds you well. I am currently working on setting up ResourceQuotas in our Kubernetes cluster, and I’m seeking assistance in creating the necessary configurations.

Below are the ten ResourceQuota manifests that I need to implement:

CPU ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: cpu-quota
spec:
  hard:
    limits.cpu: "4"

Example Manifest to Test the Limit:

apiVersion: v1
kind: Pod
metadata:
  name: cpu-pod
spec:
  containers:
  - name: cpu-container
    image: nginx
    resources:
      limits:
        cpu: "2"

This Pod requests 2 CPU cores. It should be allowed since it’s below the 4 CPU core limit set by the ResourceQuota.

Memory ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: memory-quota
spec:
  hard:
    limits.memory: "4Gi"

Example Manifest to Test the Limit:

apiVersion: v1
kind: Pod
metadata:
  name: memory-pod
spec:
  containers:
  - name: memory-container
    image: nginx
    resources:
      limits:
        memory: "2Gi"

This Pod requests 2GiB of memory. It should be allowed since it’s below the 4GiB memory limit set by the ResourceQuota.

Pods ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: pods-quota
spec:
  hard:
    pods: "10"

Example Manifests to Test the Limit:

apiVersion: v1
kind: Pod
metadata:
  name: pods-pod
spec:
  containers:
  - name: pods-container
    image: nginx
---
apiVersion: v1
kind: Pod
metadata:
  name: pods-pod2
spec:
  containers:
  - name: pods-container2
    image: nginx

These Pods attempt to be created in the same namespace. Since the ResourceQuota allows only 10 Pods, only one of these Pods will be allowed to be created.

Services ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: services-quota
spec:
  hard:
    services: "5"

Example Service Manifest to Test the Limit:

apiVersion: v1
kind: Service
metadata:
  name: service-test
spec:
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80

This Service is attempting to be created. Since the ResourceQuota allows only 5 Services, it should be allowed.

ConfigMaps ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: configmaps-quota
spec:
  hard:
    configmaps: "5"

Example ConfigMap Manifest to Test the Limit:

apiVersion: v1
kind: ConfigMap
metadata:
  name: configmap-test
data:
  key1: value1

This ConfigMap is attempting to be created. Since the ResourceQuota allows only 5 ConfigMaps, it should be allowed.

Secrets ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: secrets-quota
spec:
  hard:
    secrets: "5"

Example Secret Manifest to Test the Limit:

apiVersion: v1
kind: Secret
metadata:
  name: secret-test
data:
  key: dmFsdWUx

This Secret is attempting to be created. Since the ResourceQuota allows only 5 Secrets, it should be allowed.

PersistentVolumeClaims (PVCs) ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: pvcs-quota
spec:
  hard:
    persistentvolumeclaims: "5"

Example PVC Manifest to Test the Limit:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-test
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

This PVC is attempting to be created. Since the ResourceQuota allows only 5 PVCs, it should be allowed.

Ingresses ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: ingresses-quota
spec:
  hard:
    ingresses.extensions: "5"

Example Ingress Manifest to Test the Limit:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-test
spec:
  rules:
  - host: test.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: service-test
            port:
              number: 80

This Ingress is attempting to be created. Since the ResourceQuota allows only 5 Ingresses, it should be allowed.

ReplicaSets ResourceQuota:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: replicasets-quota
spec:
  hard:
    replicasets.apps: "5"

Example ReplicaSet Manifest to Test the Limit:

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: rs-test
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx

This ReplicaSet is attempting to be created with 3 replicas. Since the ResourceQuota allows only 5 ReplicaSets, it should be allowed.

ResourceQuotas ResourceQuota (limiting the number of ResourceQuotas):

apiVersion: v1
kind: ResourceQuota
metadata:
  name: resourcequotas-quota
spec:
  hard:
    resourcequotas: "1"

No testing example provided as this ResourceQuota limits the number of ResourceQuotas that can be created within the namespace.

I’m reaching out to inquire if there is an easier or more efficient way to create these configurations. If there are any tools, scripts, or best practices that you recommend for generating these ResourceQuota manifests, I would greatly appreciate your guidance.

Thank you very much for your time and assistance.

Hi,
I assume you are looking for something like Add Quota | Kyverno
HTH