Skip to content

Resource Quotas, Limit Ranges & Priority Classes

DodaTech 3 min read

In this tutorial, you'll learn about Resource Quotas, Limit Ranges & Priority Classes. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

Kubernetes resource management controls how CPU and memory are allocated across the cluster through ResourceQuotas, LimitRanges, and PriorityClasses that prevent resource starvation.

What You'll Learn

This tutorial covers ResourceQuotas for namespace limits, LimitRanges for pod default requests and limits, PriorityClasses for scheduling preemption, and verifying enforcement.

Why It Matters

Without resource controls, a single misconfigured pod can consume all cluster resources, starving other applications. Resource quotas prevent runaway costs and ensure fair resource distribution across teams.

Real-World Use

Google Kubernetes Engine uses resource quotas to enforce team-level limits in multi-tenant clusters. Adobe uses PriorityClasses to ensure critical rendering jobs preempt batch processing during peak hours.

ResourceQuotas

ResourceQuotas limit total resource consumption per namespace.

apiVersion: v1
kind: ResourceQuota
metadata:
  name: team-a-quota
  namespace: team-a
spec:
  hard:
    requests.cpu: "8"
    requests.memory: "16Gi"
    limits.cpu: "16"
    limits.memory: "32Gi"
    persistentvolumeclaims: "10"
    pods: "20"
    services: "10"
    configmaps: "10"
    secrets: "10"
# Apply quota
kubectl apply -f quota.yaml

# View quota status
kubectl get resourcequota -n team-a

# Detailed quota usage
kubectl describe resourcequota team-a-quota -n team-a

Expected output shows hard limits and current used values for each resource.

Quota Scopes

Scopes control which resources the quota applies to.

spec:
  hard:
    pods: "10"
  scopes:
  - NotBestEffort
  - Terminating

Available scopes include BestEffort, NotBestEffort, Terminating, NotTerminating, and PriorityClass.

LimitRanges

LimitRanges set default requests, limits, and min-max constraints for containers in a namespace.

apiVersion: v1
kind: LimitRange
metadata:
  name: container-limits
  namespace: team-a
spec:
  limits:
  - max:
      cpu: "4"
      memory: "8Gi"
    min:
      cpu: "50m"
      memory: "64Mi"
    default:
      cpu: "500m"
      memory: "512Mi"
    defaultRequest:
      cpu: "200m"
      memory: "256Mi"
    type: Container
# Apply limit range
kubectl apply -f limitrange.yaml

# View limit range
kubectl describe limitrange container-limits -n team-a

Containers without explicit requests or limits automatically get the default values. Containers requesting more than max or less than min are rejected.

PersistentVolumeClaim Limits

LimitRanges also apply to storage.

spec:
  limits:
  - max:
      storage: "100Gi"
    min:
      storage: "1Gi"
    type: PersistentVolumeClaim

PriorityClasses

PriorityClasses determine scheduling order and preemption behavior.

apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: high-priority
value: 1000000
preemptionPolicy: PreemptLowerPriority
globalDefault: false
description: "Priority for critical production services"
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
  name: batch-priority
value: 1000
preemptionPolicy: Never
globalDefault: false
description: "Priority for batch jobs that can be delayed"
apiVersion: v1
kind: Pod
metadata:
  name: critical-app
spec:
  priorityClassName: high-priority
  containers:
  - name: app
    image: myapp:1.0

Higher value means higher priority. Pods with PreemptLowerPriority can evict lower-priority pods to make room.

Verification and Monitoring

# Check if pods are quota-blocked
kubectl describe pod failing-pod

# View quota events
kubectl get events -n team-a --field-selector reason=FailedCreate

# Audit resource usage across namespaces
kubectl top pods --all-namespaces

Practice Questions

  1. What happens when a namespace reaches its ResourceQuota limit? Kubernetes rejects new resource creation with a Forbidden error explaining which quota is exceeded.

  2. What is the difference between default and defaultRequest in LimitRange? default sets the limit. defaultRequest sets the request when not specified in the container spec.

  3. How does PriorityClass affect scheduling? Higher priority pods are scheduled before lower priority ones. High-priority pods can preempt low-priority ones.

  4. What scope restricts quota to guaranteed pods? NotBestEffort scope applies quota only to pods with resource requests, excluding BestEffort pods.

  5. Can a pod be scheduled if it exceeds the LimitRange max? No. The API server rejects pods that violate LimitRange constraints.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro