Resource Quotas, Limit Ranges & Priority Classes
In this tutorial, you'll learn about Resource Quotas, Limit Ranges & Priority Classes. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
Kubernetes resource management controls how CPU and memory are allocated across the cluster through ResourceQuotas, LimitRanges, and PriorityClasses that prevent resource starvation.
What You'll Learn
This tutorial covers ResourceQuotas for namespace limits, LimitRanges for pod default requests and limits, PriorityClasses for scheduling preemption, and verifying enforcement.
Why It Matters
Without resource controls, a single misconfigured pod can consume all cluster resources, starving other applications. Resource quotas prevent runaway costs and ensure fair resource distribution across teams.
Real-World Use
Google Kubernetes Engine uses resource quotas to enforce team-level limits in multi-tenant clusters. Adobe uses PriorityClasses to ensure critical rendering jobs preempt batch processing during peak hours.
ResourceQuotas
ResourceQuotas limit total resource consumption per namespace.
apiVersion: v1
kind: ResourceQuota
metadata:
name: team-a-quota
namespace: team-a
spec:
hard:
requests.cpu: "8"
requests.memory: "16Gi"
limits.cpu: "16"
limits.memory: "32Gi"
persistentvolumeclaims: "10"
pods: "20"
services: "10"
configmaps: "10"
secrets: "10"
# Apply quota
kubectl apply -f quota.yaml
# View quota status
kubectl get resourcequota -n team-a
# Detailed quota usage
kubectl describe resourcequota team-a-quota -n team-a
Expected output shows hard limits and current used values for each resource.
Quota Scopes
Scopes control which resources the quota applies to.
spec:
hard:
pods: "10"
scopes:
- NotBestEffort
- Terminating
Available scopes include BestEffort, NotBestEffort, Terminating, NotTerminating, and PriorityClass.
LimitRanges
LimitRanges set default requests, limits, and min-max constraints for containers in a namespace.
apiVersion: v1
kind: LimitRange
metadata:
name: container-limits
namespace: team-a
spec:
limits:
- max:
cpu: "4"
memory: "8Gi"
min:
cpu: "50m"
memory: "64Mi"
default:
cpu: "500m"
memory: "512Mi"
defaultRequest:
cpu: "200m"
memory: "256Mi"
type: Container
# Apply limit range
kubectl apply -f limitrange.yaml
# View limit range
kubectl describe limitrange container-limits -n team-a
Containers without explicit requests or limits automatically get the default values. Containers requesting more than max or less than min are rejected.
PersistentVolumeClaim Limits
LimitRanges also apply to storage.
spec:
limits:
- max:
storage: "100Gi"
min:
storage: "1Gi"
type: PersistentVolumeClaim
PriorityClasses
PriorityClasses determine scheduling order and preemption behavior.
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: high-priority
value: 1000000
preemptionPolicy: PreemptLowerPriority
globalDefault: false
description: "Priority for critical production services"
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: batch-priority
value: 1000
preemptionPolicy: Never
globalDefault: false
description: "Priority for batch jobs that can be delayed"
apiVersion: v1
kind: Pod
metadata:
name: critical-app
spec:
priorityClassName: high-priority
containers:
- name: app
image: myapp:1.0
Higher value means higher priority. Pods with PreemptLowerPriority can evict lower-priority pods to make room.
Verification and Monitoring
# Check if pods are quota-blocked
kubectl describe pod failing-pod
# View quota events
kubectl get events -n team-a --field-selector reason=FailedCreate
# Audit resource usage across namespaces
kubectl top pods --all-namespaces
Practice Questions
What happens when a namespace reaches its ResourceQuota limit? Kubernetes rejects new resource creation with a Forbidden error explaining which quota is exceeded.
What is the difference between default and defaultRequest in LimitRange? default sets the limit. defaultRequest sets the request when not specified in the container spec.
How does PriorityClass affect scheduling? Higher priority pods are scheduled before lower priority ones. High-priority pods can preempt low-priority ones.
What scope restricts quota to guaranteed pods? NotBestEffort scope applies quota only to pods with resource requests, excluding BestEffort pods.
Can a pod be scheduled if it exceeds the LimitRange max? No. The API server rejects pods that violate LimitRange constraints.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro