K
Q

Where can you find the authoratative resource limits for a pod/container in a kubernetes cluster?

4/24/2019

I am trying to track down some bottlenecks in a GKE kubernetes cluster. I am trying to rule out resource (cpu and memory) limits. However, I am having trouble because there are resource limits set on the containers in the deployment yaml files, but there are also resource quotas set as defaults in the cluster that presumably don't apply when they are specified in the container definitions. But then I have also read that you can have pod resource limits and even limits on specific namespaces.

Where is the authoritative listing of what limits are being applied to a container? If I kubectl Describe the Node that has the pods, should the limits in the details be the actual limits?

-- Kyle
google-kubernetes-engine
kubectl
kubernetes

Similar Questions

Ansible, k8s and variables
Using InfluxDB for Horizaontal Pod AutoScaling using Custom Metrics
Kubernetes CronJob Stops Scheduling Jobs
Configuration for Redis on Azure Kubernetes
How to create Ingress Controller in kubernetes-client-java
How to debug Spring Cloud Kubernetes Configuration Watcher when it is not working as expectted
Unable to connect to the server: dial tcp: lookup MasterIP on 127.0.0.53:53: server misbehaving
Giving a different public IP/URL to services on different namespaces

1 Answer

4/24/2019

I see you confusion, but reality is more simple. First of all - resource requests and limits are applied on container level, not pod. Pod resources are defined as simple sum of its container resources.

  1. Namespace quotas. They influence the namespace as a whole and do not influence pods themselves. The only thing namespace quota does is ensuring that sum of all pod resources in given namespace does not exceed the configured limits. If you have reasonably high namespace quota - you may forget that it even exists. But you should remember that once you define namespace quota - any single container in namespace must have resources specified.
  2. LimitRange. LimitRange works on namespace level. You can configure default resource requests and limits both for pods and containers. Another thing it does is specifying minimum and maximum resources for pods and containers in namespace.
  3. The last but the most important is the actual pod resources. I guess this thing is more or less self-explanatory in this context.

Now, when you hit "kubectl describe" on node or pod - then the actual pod requests and limits are displayed. Actual means those resources that matter. It does not matter where those resources came from - from deployment/pod spec or from LimitRange. What you see is what you get here, regardless of have you specified some quotas or LimitRange or not.

Does that answer your question?

-- Vasily Angapov
Source: StackOverflow