This blog is a continuation of previous blog series https://goglides.io/2020/03/03/limit-range-kubernetes/
Limiting Pod Compute Resources
I am going to use limitrange-demo2 namespace. It will be easier to test features without affecting the previous deployment. Create a file limitrange-pod.yaml with the following content.
apiVersion: v1
kind: Namespace
metadata:
name: limitrange-demo2
---
apiVersion: v1
kind: LimitRange
metadata:
name: limit-mem-cpu-per-pod
namespace: limitrange-demo2
spec:
limits:
- max:
cpu: "2"
memory: "2Gi"
type: Pod
kubectl apply -f limitrange-pod.yaml
namespace/limitrange-demo2 created
limitrange/limit-mem-cpu-per-pod created
Now create the busybox2.yaml file with the following content.
apiVersion: v1
kind: Pod
metadata:
name: busybox2
namespace: limitrange-demo2
spec:
containers:
- name: busybox-cnt01
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"]
resources:
requests:
memory: "100Mi"
cpu: "100m"
limits:
memory: "200Mi"
cpu: "500m"
- name: busybox-cnt02
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt02; sleep 10;done"]
resources:
requests:
memory: "100Mi"
cpu: "100m"
- name: busybox-cnt03
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt03; sleep 10;done"]
resources:
limits:
memory: "200Mi"
cpu: "500m"
- name: busybox-cnt04
image: busybox
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello from cnt04; sleep 10;done"]
Apply it,
kubectl apply -f busybox2.yaml
You will see the following Output:
Error from server (Forbidden): error when creating "limitrange-pod.yaml": pods "busybox2" is forbidden: [maximum cpu usage per Pod is 2. No limit is specified, maximum memory usage per Pod is 2Gi. No limit is specified]
Here I am hitting a different issue, only the first container busybox-cnt01 has "request" and "limit" configured. But since I am deploying this pod in new namespace limitrange-demo2 so there is no default value assigned to a container if limit/request not assigned explicitly from manifests. Lets me create a default LimitRange using the following,
apiVersion: v1
kind: LimitRange
metadata:
name: limit-mem-cpu-per-container
namespace: limitrange-demo2
spec:
limits:
- default:
cpu: "700m"
memory: "900Mi"
defaultRequest:
cpu: "110m"
memory: "111Mi"
type: Container
Once you apply this try to redeploy busybox2 again.
kubectl apply -f busybox2.yaml
You will see the following Output:
Error from server (Forbidden): error when creating "limitrange-pod.yaml": pods "busybox2" is forbidden: [maximum cpu usage per Pod is 2, but limit is 2400m, maximum memory usage per Pod is 2Gi, but limit is 2306867200]
The reason for this is, any container which is missing limits and request will be assigned a default cpu: 700m and default memory: 900Mi. So for busybox2 example.
busybox-cnt01 -> cpu -> 500m
busybox-cnt02 -> cpu -> 700m (missing limits)
busybox-cnt03 -> cpu -> 500m
busybox-cnt04 -> cpu -> 700m (missing limits)
And sum total is 2400m which is violating pods limitRange criteria of 2 CPU. Same thing is valid for memory limits.
Top comments (0)