🦉
Programming Notes
  • My Programming Notes
  • CKA Exam Preparation
    • Certified Kubernetes Administrator
    • Setup Minikube
    • Network Design Principles
    • Role-Based Access Control (RBAC)
    • Namespace
    • Resource Quota
    • Pod
    • Deployment
    • Deployment: Rollout
    • ConfigMap
    • Service
    • Service: kubectl expose
    • Pod: Resources Management
    • Pod & Container: Quality of Service Class
    • Pod & Container: Probes
    • Limit Range
    • Scaling: Manual
    • Scaling: Horizontal Pod Autoscaler
    • Persistent Volume & Claim
    • Secret
    • Ingress: Routing
    • Ingress: TLS
    • Ingress: Rate Limit
    • Ingress: Basic Auth
    • Ingress: CRD (Custom Resource Definition)
    • Job
    • CronJob
    • Mutli-Node Cluster
  • Golang
    • Generics
    • Context
    • Goroutines and Channels in Go
    • Goroutine: Concurrency vs Parallelism
    • Goroutine: Performance & Tradeoffs
    • JSON: omitzero
  • Rust
    • Arrays & Slices
    • Closures
    • Generics & Traits
    • Iterators
    • Run Code Simultaneously
    • String vs &str
    • Tests
    • Rustlings Exercises
      • Variables
      • Functions
      • If
      • Primitive Types
      • Vectors
      • Move Semantics
      • Structs
      • Enums and Matching Pattern
      • Strings
      • Modules
      • Hashmaps
      • Options
      • Error Handling
      • Generics
      • Traits
      • Lifetimes
      • Tests
      • Iterators
      • Smart Pointers
      • Threads
      • Macros
      • Quiz 1
      • Quiz 2
      • Quiz 3
  • Software Engineering
    • CAP Theorem
    • Circuit Breaker
    • Decoupling
    • GraphQL: Query Caching
    • HMAC Signature
    • Idempotency
    • Monolith VS Microservice
    • OWASP Top 10 2021
    • PCI DSS
    • PostgreSQL: Partitioning
    • PostgreSQL: Replication
    • Protobuf & gRPC
    • Redis: Streams
    • Resource Scaling
    • Signed URL
    • SOLID
    • Stack VS Heap
    • Stateful VS Stateless
  • Site Reliability Engineering
    • Chaos Engineering
    • Distributed Tracing
    • Kubernetes (k8s)
    • SLA, SLO, and SLI Metrics
    • Site Reliability Engineer
  • Others
    • FFMPEG Cheat sheet
Powered by GitBook
On this page
  • Define LimitRange
  • Apply and Validate
  • Test LimitRange
  • References
  1. CKA Exam Preparation

Limit Range

By default, containers run with unbounded compute resources on a Kubernetes cluster.

LimitRange is a Kubernetes resource that enforces resource constraints (CPU, memory) at the namespace level. It ensures that every pod/container in the namespace has a default resource request and limit. Containers cannot exceed the specified limits. Using this will prevents excessive resource consumption by a single pod/container.

Define LimitRange

Lets create new file limitrange.yaml and put below definition there. This configuration will limit CPU and Memory in container level.

apiVersion: v1
kind: LimitRange
metadata:
  name: resource-limits
  namespace: limited
spec:
  limits:
  - type: Container
    defaultRequest:
      cpu: "100m"
      memory: "64Mi"
    default:
      cpu: "100m"
      memory: "64Mi"
    max:
      cpu: "250m"
      memory: "128Mi"

  • defaultRequest: Define the default request for each containers.

    • cpu: "100m": Set container's resource.request.cpu to 100m if not explicitly specified.

    • memory: "64Mi": Set container's resource.request.memory to 64Mi if not explicitly specified.

  • default: Define the default limit for each containers.

    • cpu: "100m": Set container's resource.limits.cpu to 100m if not explicitly specified.

    • memory: "64Mi": Set container's resource.limits.memory to 64Mi if not explicitly specified.

  • max: Define the default request for each containers. The limits for configured in each containers cannot exceed this value.

Apply and Validate

Let's apply the configuration file using kubectl apply command.

➜ kubectl apply -f limitrange.yaml 
limitrange/resource-limits created

We can validate it using kubectl describe limitranges command with specific namespace.

➜ kubectl -n limited describe limitranges 
Name:       resource-limits
Namespace:  limited

Type        Resource  Min  Max    
----        --------  ---  ---    
Container   cpu       -    250m   
Container   memory    -    128Mi  

Default Request  Default Limit  Max Limit/Request Ratio
---------------  -------------  -----------------------
100m             100m           -
64Mi             64Mi           -

Test LimitRange

To test if our configuration work as expected we can run pod without any resource specified.

➜ kubectl -n limited run nginx --image=nginx          
pod/nginx created

Lets get the pod details using kubectl describe command.

➜ kubectl -n limited describe pod nginx  
Name:             nginx
Namespace:        limited
Priority:         0
Service Account:  default
Node:             minikube/192.168.49.2
Start Time:       Wed, 05 Feb 2025 17:49:07 +0700
Labels:           run=nginx
Annotations:      kubernetes.io/limit-ranger: LimitRanger plugin set: cpu, memory request for container nginx; cpu, memory limit for container nginx
Status:           Pending
IP:               
IPs:              <none>
Containers:
  nginx:
    Container ID:   
    Image:          nginx
    Image ID:       
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Limits:
      cpu:     100m
      memory:  64Mi
    Requests:
      cpu:        100m
      memory:     64Mi
    Environment:  <none>
...

As you can see above if we don't specify the resource.request and resource.limits it will set to default that we just configure.

Now let's try to create a new pod that will exceed the max configuration of our LimitRange. Create new file named limitrange-pod.yaml and put below definition there.

apiVersion: v1
kind: Pod
metadata:
  name: over-limit-pod
  namespace: limited
spec:
  containers:
  - name: over-limit-container
    image: nginx
    resources:
      limits:
        cpu: "1"  # Exceeds the 250m limit
        memory: "512Mi"  # Exceeds the 128Mi limit

Lets apply and see what happens.

➜ kubectl apply -f limitrange-pod.yaml

Error from server (Forbidden): error when creating "limitrange-pod.yaml": pods "over-limit-pod" is forbidden: [maximum cpu usage per Container is 250m, but limit is 1, maximum memory usage per Container is 128Mi, but limit is 512Mi]

As you can see we got error creating pods "over-limit-pod" is forbidden because the CPU and Memory limits exceed the LimitRange.

References

PreviousPod & Container: ProbesNextScaling: Manual

Last updated 4 months ago

https://kubernetes.io/docs/concepts/policy/limit-range/
https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/