You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/docs/concepts/policy/resource-quotas.md
+12-5Lines changed: 12 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -149,8 +149,8 @@ Refer to [Logging Architecture](/docs/concepts/cluster-administration/logging/)
149
149
150
150
## Object Count Quota
151
151
152
-
You can set quota for the total number of certain resources of all standard,
153
-
namespaced resource types using the following syntax:
152
+
You can set quota for *the total number of one particular resource kind* in the Kubernetes API,
153
+
using the following syntax:
154
154
155
155
*`count/<resource>.<group>` for resources from non-core groups
156
156
*`count/<resource>` for resources from the core group
@@ -168,16 +168,21 @@ Here is an example set of resources users may want to put under object count quo
168
168
*`count/jobs.batch`
169
169
*`count/cronjobs.batch`
170
170
171
-
The same syntax can be used for custom resources.
171
+
If you define a quota this way, it applies to Kubernetes' APIs that are part of the API server, and
172
+
to any custom resources backed by a CustomResourceDefinition. If you use [API aggregation](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/) to
173
+
add additional, custom APIs that are not defined as CustomResourceDefinitions, the core Kubernetes
174
+
control plane does not enforce quota for the aggregated API. The extension API server is expected to
175
+
provide quota enforcement if that's appropriate for the custom API.
172
176
For example, to create a quota on a `widgets` custom resource in the `example.com` API group, use `count/widgets.example.com`.
173
177
174
-
When using `count/*` resource quota, an object is charged against the quota if it exists in server storage.
178
+
When using such a resource quota (nearly for all object kinds), an object is charged
179
+
against the quota if the object kind exists (is defined) in the control plane.
175
180
These types of quotas are useful to protect against exhaustion of storage resources. For example, you may
176
181
want to limit the number of Secrets in a server given their large size. Too many Secrets in a cluster can
177
182
actually prevent servers and controllers from starting. You can set a quota for Jobs to protect against
178
183
a poorly configured CronJob. CronJobs that create too many Jobs in a namespace can lead to a denial of service.
179
184
180
-
It is also possible to do generic object count quota on a limited set of resources.
185
+
There is another syntax only to set the same type of quota for certain resources.
181
186
The following types are supported:
182
187
183
188
| Resource Name | Description |
@@ -197,6 +202,8 @@ created in a single namespace that are not terminal. You might want to set a `po
197
202
quota on a namespace to avoid the case where a user creates many small pods and
198
203
exhausts the cluster's supply of Pod IPs.
199
204
205
+
You can find more examples on [Viewing and Setting Quotas](#viewing-and-setting-quotas).
206
+
200
207
## Quota Scopes
201
208
202
209
Each quota can have an associated set of `scopes`. A quota will only measure usage for a resource if it matches
0 commit comments