Resource Quota

Resources

• https://docs.openshift.com/container-platform/4.6/applications/quotas/quotas-setting-per-project.html

Discussion

How to limit resource usage per namespace, such as memory, storage and so on.

What would be needed

A ResourceQuota object needs to be created in the namespace it is supposed to manage/control.

This object could be automatically managed by an operator for each new namespace that gets created (properly tagged) for community users.

Limits can go from storage, memory and cpu usage to the amount of objects (limit the namespace to have a max. of 5 secrets for example).

Sample object definition:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: app-quota
spec:
  hard:
    # compute
    cpu: "1" # requests.cpu
    memory: "1Gi" # requests.memory
    ephemeral-storage: "10Gi" # requests.ephemeral-storage
    limits.cpu: "2"
    limits.memory: "2Gi"
    limits.ephemeral-storage: "10Gi"
    # storage
    requests.storage: "10Gi"
    persistentvolumeclaims: "1"
    # <storage-class-name>.storageclass.storage.k8s.io/requests.storage
    # <storage-class-name>.storageclass.storage.k8s.io/persistentvolumeclaims
    # object counts
    pods: "1"
    replicationcontrollers: 1
    # resourcequotas: 1
    # services: 1
    # services.loadbalancers: 1
    # services.nodeports: 1
    # secrets: 1
    # configmaps: 1
    # openshift.io/imagestreams: 1
  # scopes:
    # https://docs.openshift.com/container-platform/4.6/applications/quotas/quotas-setting-per-project.html#quotas-scopes_quotas-setting-per-project
    # - Terminating
    # - NotTerminating
    # - BestEffort
    # - NotBestEffort

Conclusion

It can be easily achieved by creating a namespaced resourced and can be automated with an Openshift Operator.