This blog is a continuation of previous blog series https://goglides.io/2020/03/03/limit-range-kubernetes/
Limiting Pod Compute Resources
I am going to use limitrange-demo2
namespace. It will be easier to test features without affecting the previous deployment. Create a file limitrange-pod.yaml
with the following content.
apiVersion: v1 kind: Namespace metadata: name: limitrange-demo2 --- apiVersion: v1 kind: LimitRange metadata: name: limit-mem-cpu-per-pod namespace: limitrange-demo2 spec: limits: - max: cpu: "2" memory: "2Gi" type: Pod
kubectl apply -f limitrange-pod.yaml namespace/limitrange-demo2 created limitrange/limit-mem-cpu-per-pod created
Now create the busybox2.yaml
file with the following content.
apiVersion: v1 kind: Pod metadata: name: busybox2 namespace: limitrange-demo2 spec: containers: - name: busybox-cnt01 image: busybox command: ["/bin/sh"] args: ["-c", "while true; do echo hello from cnt01; sleep 10;done"] resources: requests: memory: "100Mi" cpu: "100m" limits: memory: "200Mi" cpu: "500m" - name: busybox-cnt02 image: busybox command: ["/bin/sh"] args: ["-c", "while true; do echo hello from cnt02; sleep 10;done"] resources: requests: memory: "100Mi" cpu: "100m" - name: busybox-cnt03 image: busybox command: ["/bin/sh"] args: ["-c", "while true; do echo hello from cnt03; sleep 10;done"] resources: limits: memory: "200Mi" cpu: "500m" - name: busybox-cnt04 image: busybox command: ["/bin/sh"] args: ["-c", "while true; do echo hello from cnt04; sleep 10;done"]
Apply it,
kubectl apply -f busybox2.yaml You will see the following Output: Error from server (Forbidden): error when creating "limitrange-pod.yaml": pods "busybox2" is forbidden: [maximum cpu usage per Pod is 2. No limit is specified, maximum memory usage per Pod is 2Gi. No limit is specified]
Here I am hitting a different issue, only the first container busybox-cnt01
has “request” and “limit” configured. But since I am deploying this pod in new namespace limitrange-demo2
so there is no default value assigned to a container if limit/request not assigned explicitly from manifests. Lets me create a default LimitRange using the following,
apiVersion: v1 kind: LimitRange metadata: name: limit-mem-cpu-per-container namespace: limitrange-demo2 spec: limits: - default: cpu: "700m" memory: "900Mi" defaultRequest: cpu: "110m" memory: "111Mi" type: Container
Once you apply this try to redeploy busybox2
again.
kubectl apply -f busybox2.yaml You will see the following Output: Error from server (Forbidden): error when creating "limitrange-pod.yaml": pods "busybox2" is forbidden: [maximum cpu usage per Pod is 2, but limit is 2400m, maximum memory usage per Pod is 2Gi, but limit is 2306867200]
The reason for this is, any container which is missing limits and request will be assigned a default cpu: 700m and default memory: 900Mi. So for busybox2
example.
busybox-cnt01 -> cpu -> 500m busybox-cnt02 -> cpu -> 700m (missing limits) busybox-cnt03 -> cpu -> 500m busybox-cnt04 -> cpu -> 700m (missing limits)
And sum total is 2400m which is violating pods limitRange criteria of 2 CPU. Same thing is valid for memory limits.