Resource Quotas & LimitRanges

In a multi-tenant Kubernetes environment, you need to make sure no single team or workload can hog all the resources. Kubernetes provides two key tools for this: ResourceQuotas and LimitRanges.

These help admins enforce fair resource allocation, cost controls, and capacity planning.

ResourceQuota

A ResourceQuota sets a hard cap on the total resource usage (CPU, memory, object counts, etc.) within a namespace.

If the sum of all Pods in the namespace exceeds the quota, new requests are denied.

Example: Memory & CPU Quota

apiVersion: v1
kind: ResourceQuota
metadata:
  name: dev-quota
  namespace: dev
spec:
  hard:
    requests.cpu: "2"
    requests.memory: "4Gi"
    limits.cpu: "4"
    limits.memory: "8Gi"

This restricts total requested and limited CPU/memory for all Pods in the dev namespace.

Example: Object Count Quota

spec:
  hard:
    pods: "10"
    configmaps: "20"
    persistentvolumeclaims: "5"

You can limit the number of objects like Pods, ConfigMaps, or PVCs to enforce soft multi-tenancy boundaries.

LimitRange

A LimitRange sets default values and upper/lower bounds for container-level resource usage within a namespace.

It ensures developers don’t accidentally omit or misuse resource definitions.

Example: Default Limits and Requests

apiVersion: v1
kind: LimitRange
metadata:
  name: default-resources
spec:
  limits:
  - default:
      cpu: 500m
      memory: 512Mi
    defaultRequest:
      cpu: 250m
      memory: 256Mi
    type: Container

This sets:

  • A default request and limit if none is provided in the Pod spec.
  • A guardrail to prevent containers from consuming too much by default.

When to Use Quotas vs LimitRanges

Feature ResourceQuota LimitRange
Scope Namespace-wide Per container
Controls total usage
Sets defaults
Enforces boundaries ✅ (hard enforcement) ✅ (via defaults and min/max)
Common Use Multi-team environments Developer guardrails

Summary

  • ResourceQuotas: Limit total resources in a namespace.
  • LimitRanges: Set defaults and max/min per container.
  • Both are essential for multi-tenant, production-grade clusters.

Best Practices

  • Always set quotas and limits in shared clusters. It keeps things fair, predictable, and safe for everyone.
  • Monitor usage with `kubectl describe quota` or metrics dashboards.
  • Document enforced limits for your teams to avoid confusion and failures.