Part 03: How to force quotas limit to Kubernetes Storage

This blog is a continuation of previous blog series https://goglides.io/2020/03/03/limit-range-kubernetes/

Limiting Storage resources

Using LimitRange it is possible to enforce minimum and maximum size of storage resources that can be requested by each PersistentVolumeClaim in a namespace.

Create a file limitrange-storage.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: limitrange-storage-demo3
---
apiVersion: v1
kind: LimitRange
metadata:
  name: storagelimits
  namespace: limitrange-storage-demo3
spec:
  limits:
  - type: PersistentVolumeClaim
    max:
      storage: 2Gi
    min:
      storage: 1Gi

Apply the YAML file using:

kubectl apply -f limitrange-storage.yaml

Describe the created object:

kubectl describe -f limitrange-storage.yaml


Output:
Name:         limitrange-storage-demo3
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"limitrange-storage-demo3"}}
Status:       Active

No resource quota.

Resource Limits
 Type                   Resource  Min  Max  Default Request  Default Limit  Max Limit/Request Ratio
 ----                   --------  ---  ---  ---------------  -------------  -----------------------
 PersistentVolumeClaim  storage   1Gi  2Gi  -                -              -


Name:                  storagelimits
Namespace:             limitrange-storage-demo3
Type                   Resource  Min  Max  Default Request  Default Limit  Max Limit/Request Ratio
----                   --------  ---  ---  ---------------  -------------  -----------------------
PersistentVolumeClaim  storage   1Gi  2Gi  -                -              -

Now let’s test the constraint working or not, first test lower limits (pvc-limit-lower.yaml)

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-limit-lower
  namespace: limitrange-storage-demo3
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi

apply YAML,

kubectl apply -f pvc-limit-lower.yaml

Output:
Error from server (Forbidden): error when creating "limitrange-storage.yaml": persistentvolumeclaims "pvc-limit-lower" is forbidden: minimum storage usage per PersistentVolumeClaim is 1Gi, but request is 500Mi

Since limitRange rule saying min storage should be 1Gi, so this PersistentVolumeClaim not satisfying this constraint and hence failed.

Now try with higher limits (pvc-limit-higher.yaml)

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-limit-greater
  namespace: limitrange-storage-demo3
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi

apply YAML,

kubectl apply -f pvc-limit-higher.yaml

Output:
Error from server (Forbidden): error when creating "limitrange-storage.yaml": persistentvolumeclaims "pvc-limit-greater" is forbidden: maximum storage usage per PersistentVolumeClaim is 2Gi, but request is 5Gi

This one is also not satisfying the constraint and failed gracefully.

Now test with PersistentVolumeClaim which satisfy the constraint (pvc-limit-matching-constraint.yaml)

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-limit-matching-constraint
  namespace: limitrange-storage-demo3
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1.5Gi

apply YAML,

kubectl apply -f pvc-limit-matching-constraint.yaml

Output:
persistentvolumeclaim/pvc-limit-matching-constraint created

Describe object,

kubectl describe -f pvc-limit-matching-constraint.yaml

Output:
Name:          pvc-limit-matching-constraint
Namespace:     limitrange-storage-demo3
StorageClass:  hostpath
Status:        Bound
Volume:        pvc-8f2271bc-d716-4ff5-9d3c-9889bf7d677b
Labels:        <none>
Annotations:   control-plane.alpha.kubernetes.io/leader:
                 {"holderIdentity":"3789e204-58b4-11ea-b9a6-985aeb8efcc4","leaseDurationSeconds":15,"acquireTime":"2020-02-26T18:20:07Z","renewTime":"2020-...
               kubectl.kubernetes.io/last-applied-configuration:
                 {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"pvc-limit-matching-constraint","namespace":"limitra...
               pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
               volume.beta.kubernetes.io/storage-provisioner: docker.io/hostpath
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      1536Mi
Access Modes:  RWO
VolumeMode:    Filesystem
Mounted By:    <none>
Events:
  Type    Reason                 Age                From                                                               Message
  ----    ------                 ----               ----                                                               -------
  Normal  ExternalProvisioning   98s (x2 over 98s)  persistentvolume-controller                                        waiting for a volume to be created, either by external provisioner "docker.io/hostpath" or manually created by system administrator
  Normal  Provisioning           98s                docker.io/hostpath ggg.local 3789e204-58b4-11ea-b9a6-985aeb8efcc4  External provisioner is provisioning volume for claim "limitrange-storage-demo3/pvc-limit-matching-constraint"
  Normal  ProvisioningSucceeded  98s                docker.io/hostpath ggg.local 3789e204-58b4-11ea-b9a6-985aeb8efcc4  Successfully provisioned volume pvc-8f2271bc-d716-4ff5-9d3c-9889bf7d677b

You can see PersistentVolume is created,

kubectl get pv

Output:
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                                    STORAGECLASS    REASON   AGE
pvc-8f2271bc-d716-4ff5-9d3c-9889bf7d677b   1536Mi     RWO            Delete           Bound    limitrange-st