Pod creation fails even after specifying cpu requests in openshift

12/26/2019

I have created a resource quota like below.

apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-resources
spec:
  hard:
    requests.cpu: "900m" 

Then in my deployment I specify resource requests as below.

spec:
      containers:
      - image: nginx@sha256:189cce606b29fb2a33ebc2fcecfa8e33b0b99740da4737133cdbcee92f3aba0a
        imagePullPolicy: Always
        name: hello
        ports:
        - containerPort: 80
          protocol: TCP
        resources:
          requests:
            cpu: "500m"

Even after this , the pod creation fails with message -

Error creating deployer pod: pods "hello-1-deploy" is forbidden: failed quota: compute-resources: must specify requests.cpu

What am I doing wrong here ? FYI, I am using the same namespace/project for both quota and pod.

-- Naxi
kubernetes
openshift
pod

2 Answers

12/27/2019

As workaround try to setup default limits by enabling LimitRanger admission controller and setting it up e.g.

apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-limit-range
spec:
  limits:
  - default:
      memory: 256Mi
      cpu: 900m
    defaultRequest:
      cpu: 900m
      memory: 128Mi
    type: Container

Now if a Container is created in the default namespace, and the Container does not specify its own values for CPU request and CPU limit, the Container is given a default CPU limits of 125m and a default memory limit of 256Mi

Also, after setting up LimitRange, make sure you removed your deployment and there are no pods stuck in failed state.

If that won't help , it'll be interesting to see the output of: kubectl describe ResourceQuota -n mynamespace

Hope that helps!

-- Nick
Source: StackOverflow

12/26/2019

Could you please also specify the limits along with the requests? Its anyways a kubernetes best practise to specific the limits for the workloads (wondering if Openshift is enforcing this, but obviously the error is misleading).

If you have access to see the kube-apiserver logs, you can see if there are additional clues.

-- pr-pal
Source: StackOverflow