我的书签
添加书签
移除书签Setting Limit Ranges
Overview
A limit range, defined by a **LimitRange** object, enumerates compute resource constraints in a project at the pod, container, image, image stream, and persistent volume claim level, and specifies the amount of resources that a pod, container, image, image stream, or persistent volume claim can consume.
All resource create and modification requests are evaluated against each **LimitRange** object in the project. If the resource violates any of the enumerated constraints, then the resource is rejected. If the resource does not set an explicit value, and if the constraint supports a default value, then the default value is applied to the resource.
For CPU and Memory limits, if you specify a max value, but do not specify a min limit, the resource can consume CPU/memory resources greater than max value`.
You can specify limits and requests for ephemeral storage by using the ephemeral storage technology preview. This feature is disabled by default. To enable this feature, see configuring for ephemeral storage.
Core Limit Range Object Definition
apiVersion: "v1"kind: "LimitRange"metadata:name: "core-resource-limits" (1)spec:limits:- type: "Pod"max:cpu: "2" (2)memory: "1Gi" (3)min:cpu: "200m" (4)memory: "6Mi" (5)- type: "Container"max:cpu: "2" (6)memory: "1Gi" (7)min:cpu: "100m" (8)memory: "4Mi" (9)default:cpu: "300m" (10)memory: "200Mi" (11)defaultRequest:cpu: "200m" (12)memory: "100Mi" (13)maxLimitRequestRatio:cpu: "10" (14)
| 1 | The name of the limit range object. |
| 2 | The maximum amount of CPU that a pod can request on a node across all containers. |
| 3 | The maximum amount of memory that a pod can request on a node across all containers. |
| 4 | The minimum amount of CPU that a pod can request on a node across all containers. Not setting a min value or setting 0 is unlimited allowing the pod to consume more than the max value. |
| 5 | The minimum amount of memory that a pod can request on a node across all containers. Not setting a min value or setting 0 is unlimited allowing the pod to consume more than the max value. |
| 6 | The maximum amount of CPU that a single container in a pod can request. |
| 7 | The maximum amount of memory that a single container in a pod can request. |
| 8 | The minimum amount of CPU that a single container in a pod can request. Not setting a min value or setting 0 is unlimited allowing the pod to consume more than the max value. |
| 9 | The minimum amount of memory that a single container in a pod can request. Not setting a min value or setting 0 is unlimited allowing the pod to consume more than the max value. |
| 10 | The default amount of CPU that a container will be limited to use if not specified. |
| 11 | The default amount of memory that a container will be limited to use if not specified. |
| 12 | The default amount of CPU that a container will request to use if not specified. |
| 13 | The default amount of memory that a container will request to use if not specified. |
| 14 | The maximum amount of CPU burst that a container can make as a ratio of its limit over request. |
For more information on how CPU and memory are measured, see Compute Resources.
OKD Limit Range Object Definition
apiVersion: "v1"kind: "LimitRange"metadata:name: "openshift-resource-limits"spec:limits:- type: openshift.io/Imagemax:storage: 1Gi (1)- type: openshift.io/ImageStreammax:openshift.io/image-tags: 20 (2)openshift.io/images: 30 (3)- type: "Pod"max:cpu: "2" (4)memory: "1Gi" (5)ephemeral-storage: "1Gi" (6)max:cpu: "1" (7)memory: "1Gi" (8)
| 1 | The maximum size of an image that can be pushed to an internal registry. |
| 2 | The maximum number of unique image tags per image stream’s spec. |
| 3 | The maximum number of unique image references per image stream’s status. |
| 4 | The maximum amount of CPU that a pod can request on a node across all containers. |
| 5 | The maximum amount of memory that a pod can request on a node across all containers. |
| 6 | The maximum amount of ephemeral storage that a pod can request on a node across all containers, if the ephemeral storage technology preview is enabled. |
| 7 | The minimum amount of CPU that a pod can request on a node across all containers. Not setting a min value or setting 0 is unlimited allowing the pod to consume more than the max value. |
| 8 | The minimum amount of memory that a pod can request on a node across all containers. Not setting a min value or setting 0 is unlimited allowing the pod to consume more than the max value. |
Both core and OKD resources can be specified in just one limit range object. They are separated here into two examples for clarity.
Container Limits
Supported Resources:
CPU
Memory
Supported Constraints:
Per container, the following must hold true if specified:
| Constraint | Behavior |
|---|---|
|
If the configuration defines a |
|
If the configuration defines a |
|
If a configuration defines a For example, if a container has |
Supported Defaults:
Default[resource]
Defaults container.resources.limit[resource] to specified value if none.
Default Requests[resource]
Defaults container.resources.requests[resource] to specified value if none.
Pod Limits
Supported Resources:
CPU
Memory
Supported Constraints:
Across all containers in a pod, the following must hold true:
| Constraint | Enforced Behavior |
|---|---|
|
|
|
|
|
|
Image Limits
Supported Resources:
- Storage
Resource type name:
openshift.io/Image
Per image, the following must hold true if specified:
| Constraint | Behavior |
|---|---|
|
|
To prevent blobs exceeding the limit from being uploaded to the registry, the registry must be configured to enforce quota. An environment variable |
The image size is not always available in the manifest of an uploaded image. This is especially the case for images built with Docker 1.10 or higher and pushed to a v2 registry. If such an image is pulled with an older Docker daemon, the image manifest will be converted by the registry to schema v1 lacking all the size information. No storage limit set on images will prevent it from being uploaded. The issue is being addressed. |
Image Stream Limits
Supported Resources:
openshift.io/image-tagsopenshift.io/images
Resource type name:
openshift.io/ImageStream
Per image stream, the following must hold true if specified:
| Constraint | Behavior |
|---|---|
|
|
|
|
Counting of Image References
Resource openshift.io/image-tags represents unique image references. Possible references are an **ImageStreamTag**, an **ImageStreamImage** and a **DockerImage**. They may be created using commands oc tag and oc import-image or by using tag tracking. No distinction is made between internal and external references. However, each unique reference tagged in the image stream’s specification is counted just once. It does not restrict pushes to an internal container image registry in any way, but is useful for tag restriction.
Resource openshift.io/images represents unique image names recorded in image stream status. It allows for restriction of a number of images that can be pushed to the internal registry. Internal and external references are not distinguished.
PersistentVolumeClaim Limits
Supported Resources:
- Storage
Supported Constraints:
Across all persistent volume claims in a project, the following must hold true:
| Constraint | Enforced Behavior |
|---|---|
| Min[resource] ⇐ claim.spec.resources.requests[resource] (required) |
| claim.spec.resources.requests[resource] (required) ⇐ Max[resource] |
Limit Range Object Definition
{"apiVersion": "v1","kind": "LimitRange","metadata": {"name": "pvcs" (1)},"spec": {"limits": [{"type": "PersistentVolumeClaim","min": {"storage": "2Gi" (2)},"max": {"storage": "50Gi" (3)}}]}}
| 1 | The name of the limit range object. |
| 2 | The minimum amount of storage that can be requested in a persistent volume claim |
| 3 | The maximum amount of storage that can be requested in a persistent volume claim |
Creating a Limit Range
To apply a limit range to a project, create a limit range object definition on your file system to your desired specifications, then run:
$ oc create -f <limit_range_file> -n <project>
Viewing Limits
You can view any limit ranges defined in a project by navigating in the web console to the project’s Quota page.
You can also use the CLI to view limit range details:
First, get the list of limit ranges defined in the project. For example, for a project called demoproject:
$ oc get limits -n demoprojectNAME AGEresource-limits 6d
Then, describe the limit range you are interested in, for example the resource-limits limit range:
$ oc describe limits resource-limits -n demoprojectName: resource-limitsNamespace: demoprojectType Resource Min Max Default Request Default Limit Max Limit/Request Ratio---- -------- --- --- --------------- ------------- -----------------------Pod cpu 200m 2 - - -Pod memory 6Mi 1Gi - - -Container cpu 100m 2 200m 300m 10Container memory 4Mi 1Gi 100Mi 200Mi -openshift.io/Image storage - 1Gi - - -openshift.io/ImageStream openshift.io/image - 12 - - -openshift.io/ImageStream openshift.io/image-tags - 10 - - -
Deleting Limits
Remove any active limit range to no longer enforce the limits of a project:
$ oc delete limits <limit_name>
