Applying Limit Ranges

A LimitRange resource, also called a limit, defines the default, minimum, and maximum values for compute resource requests, and limits for a single pod or for a single container defined inside the project. A resource request or limit for a pod is the sum of its containers.

To understand the difference between a limit range and a resource quota, consider that a limit range defines valid ranges and default values for a single pod, and a resource quota defines only top values for the sum of all pods in a project. A cluster administrator concerned about resource usage in an OKD cluster usually defines both limits and quotas for a project.

A limit range resource can also define default, minimum, and maximum values for the storage capacity requested by an image, image stream, or persistent volume claim. If a resource that is added to a project does not provide a compute resource request, then it takes the default value provided by the limit ranges for the project.

If a new resource provides compute resource requests or limits that are smaller than the minimum specified by the project limit ranges, then the resource is not created. In a similar way, if a new resource provides compute resource requests or limits that are higher than the maximum specified by the project limit ranges, then the resource is not created.

The following table describes some of the compute resources that can be specified by a limit range resource

Type Resource Name Description
Container cpu Minimum and maximum CPU allowed and default CPU set per container
memory Minimum and maximum memory allowed and default memory set per container
Pod cpu Minimum and maximum CPU allowed across all containers in a pod
memory Minimum and maximum memory allowed across all containers in a pod
Image storage Maximum size of an image that can be pushed to the internal registry
PVC storage Minimum and maximum capacity of the volume that can be requested by one claim


The following listing shows a limit range defined using YAML syntax:

spec:
    limits:
    - type: "Pod"
      max:
        cpu: "500m"
        memory: "750Mi"
      min:
        cpu: "10m"
        memory: "5Mi"
    - type: "Container"
      default:
        cpu: "100m"
        memory: "100Mi"
      max:
        cpu: "500m"
        memory: "750Mi"
      min:
        cpu: "10m"
        memory: "5Mi"

Users can create a limit range resource the same way as any other OKD resource; that is, by passing a YAML or JSON resource definition file to the oc create command:

oc create --save-config -f dev-limits.yml

OKD does not provide an oc create command specifically for limit ranges like it does for resource quotas. The only alternative is to use YAML or JSON files. Use the oc describe limitrange command to view the limit constraints enforced in a project.

oc describe limitrange dev-limits

An active limit range can be deleted by name with the oc delete command:

oc delete limitrange dev-limits

After a limit range is created in a project, all requests to create new resources are evaluated against each limit range resource in the project. If the new resource violates the minimum or maximum constraint enumerated by any limit range, then the resource is rejected.

If the new resource does not set an explicit value, and the constraint supports a default value, then the default value is applied to the new resource as its usage value.

All resource update requests are also evaluated against each limit range resource in the project. If the updated resource violates any constraint, the update is rejected.

Daftar Materi