Skip to content

Kubernetes LimitRange

LimitRange is a Kubernetes policy object, scoped to a specific [[Namespace]], used to constrain resource allocation for Pods or other API objects.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]

In a default Kubernetes environment, containers may run without resource constraints, potentially allowing a single workload to monopolize a node's available resources.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md] The LimitRange object addresses this by enforcing compute resource constraints within the namespace.

Functionality

A LimitRange ensures that resources are allocated properly by performing several checks:

  • Min/Max Constraints: Enforces minimum and maximum CPU and memory usage per Pod or Container.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]
  • Storage Constraints: Restricts the minimum and maximum storage sizes requested by PersistentVolumeClaim objects.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]
  • Request-to-Limit Ratio: Controls the ratio between resource requests and limits.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]
  • Default Values: Automatically injects default CPU and memory requests or limits into containers at runtime if they are not explicitly defined.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]

Resource Policy

When a LimitRange is created, it defines a policy that dictates: * The default resource limit applied if a container specifies none. * The defaultRequest (minimum guaranteed resources) applied if a container specifies none. * The min value a container must request. * The max value a container is allowed to limit.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]

If a container within a Pod declares its own resources, Kubernetes ensures the declared values fall within the min and max boundaries defined by the LimitRange.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]

Behavior

When a new Pod is created in a namespace with a LimitRange:

  • Auto-injection: If the Pod's containers do not specify requests or limits, Kubernetes automatically applies the values defined in the LimitRange spec.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]
  • Enforcement: If a container tries to request resources lower than the defined minimum or higher than the defined maximum, the API server rejects the creation with a Forbidden error.^[400-devops-06-kubernetes-k8s-ithelp-day23-readme.md]

Sources

  • 400-devops-06-kubernetes-k8s-ithelp-day23-readme.md