|
1 | | -[id="k8s-best-practices-requests-limits"] |
2 | | -= Requests/Limits |
| 1 | += Requests and Limits in Kubernetes |
3 | 2 |
|
4 | 3 | Kubernetes provides mechanisms for defining resource usage per container: |
5 | 4 |
|
6 | | -***Requests:*** The guaranteed minimum amount of a resource (e.g., CPU, memory). Used by the scheduler. |
| 5 | +* *Requests*: The guaranteed minimum amount of a resource (e.g., CPU, memory). Used by the scheduler. |
| 6 | +* *Limits*: The maximum amount a container is allowed to consume. Enforced by the kubelet. |
| 7 | +* *Quotas*: Enforce aggregate resource usage at the namespace/project level to prevent resource overuse. |
7 | 8 |
|
8 | | -***Limits:*** The maximum amount a container is allowed to consume. Enforced by the kubelet. |
| 9 | +See: _OpenShift Resource Quotas Per Project_ |
9 | 10 |
|
10 | | -***Quotas:*** Enforce aggregate resource usage at the namespace/project level to prevent resource overuse. |
| 11 | +== Risks with Resource Limits |
11 | 12 |
|
12 | | -See link:https://docs.openshift.com/container-platform/latest/applications/quotas/quotas-setting-per-project.html[OpenShift Resource Quotas per Project]. |
| 13 | +While limits can prevent runaway resource usage, they also introduce risk when misapplied, especially for CPU and memory. |
13 | 14 |
|
14 | | -Nodes can be overcommitted which can affect the strategy of request/limit implementation. For example, when you need guaranteed capacity, use quotas to enforce. In a development environment, you can overcommit where a trade-off of guaranteed performance for capacity is acceptable. Overcommitment can be done on a project, node or cluster level. |
| 15 | +=== CPU Limits Cause Throttling |
15 | 16 |
|
16 | | -See link:https://docs.openshift.com/container-platform/latest/nodes/clusters/nodes-cluster-overcommit.html[Configuring your cluster to place pods on overcommitted nodes] for more information. |
| 17 | +* Limits can throttle workloads even if unused CPU is available. |
| 18 | +* This leads to hangs, timeouts, and degraded performance. |
| 19 | +* CPU requests (without limits) often provide better fairness and stability. |
17 | 20 |
|
18 | | -.Workload requirement |
19 | | -[IMPORTANT] |
20 | | -==== |
21 | | -Pods must define requests and limits values for CPU and memory. |
| 21 | +=== Memory Limits Cause OOMKills |
22 | 22 |
|
23 | | -See test case link:https://github.com/test-network-function/cnf-certification-test/blob/main/CATALOG.md#access-control-requests-and-limits[access-control-requests-and-limits] |
| 23 | +* Limits on memory are strict—when exceeded, containers are killed. |
| 24 | +* Difficult to predict worst-case memory usage for infrastructure components. |
| 25 | +* Can result in crash loops, degraded service, and unrecoverable clusters. |
24 | 26 |
|
25 | | -**Impacts and Risks of Non-Compliance:** Missing resource requests and limits can lead to resource contention, node instability, and unpredictable application performance. |
26 | | -==== |
| 27 | +=== Why Limits are a Problem for Cluster Components |
27 | 28 |
|
| 29 | +Unlike with user workloads, setting resource limits for cluster components presents several challenges and is strongly discouraged: |
| 30 | + |
| 31 | +* *Inability to Anticipate Scaling*: Cluster components cannot predict their usage scaling across all customer environments, making it impossible to set one-size-fits-all limits. |
| 32 | +* *Impeded Responsiveness*: Setting static limits prevents administrators from reacting to changes in cluster needs, such as resizing control plane nodes to allocate more resources. |
| 33 | +* *Undesirable Restarts*: It is undesirable for cluster components to be restarted due to excessive resource consumption (e.g., OOMKills). Graceful handling without degrading cluster performance is preferred. |
| 34 | + |
| 35 | +Therefore, *cluster components SHOULD NOT be configured with resource limits*. |
| 36 | + |
| 37 | +However, *cluster components MUST declare resource requests for both CPU and memory*. |
| 38 | + |
| 39 | +==== Benefits of Using Requests Without Limits |
| 40 | + |
| 41 | +* *Guaranteed Minimums and Bursting*: Specifying requests without limits ensures components receive their required minimum resources and can burst when needed. |
| 42 | +* *Balancing Efficiency and Performance*: When setting resource requests: |
| 43 | + ** If too low, the component may be starved under load, leading to degraded performance and service. |
| 44 | + ** If too high, the scheduler may be unable to place the component, leading to crash loops or failed deployments. Excessively high requests can also starve user workloads, particularly in small or single-node clusters. |
| 45 | + |
| 46 | +== Resource Requests: Compressible vs Incompressible |
| 47 | + |
| 48 | +Kubernetes treats resources differently depending on their behavior under pressure: |
| 49 | + |
| 50 | +[cols="1,2,2", options="header"] |
| 51 | +|=== |
| 52 | +|Resource Type |Description |Examples |
| 53 | +|Compressible |Slower performance but still runs |CPU, network |
| 54 | +|Incompressible |Fails without required amount |Memory, storage |
| 55 | +|=== |
| 56 | + |
| 57 | +=== Requesting Resources |
| 58 | + |
| 59 | +* *Compressible (e.g., CPU)*: Requests should be balanced to ensure proportional system behavior and fairness. |
| 60 | +* *Incompressible (e.g., memory)*: Requests should reflect minimum safe usage to avoid runtime failure. |
| 61 | + |
| 62 | +See: _More details on setting requests for different resource types_ |
| 63 | + |
| 64 | +== Alternatives to Resource Limits |
| 65 | + |
| 66 | +Although limits are generally avoided for cluster components, the following mechanisms can help manage resources and prioritize workloads: |
| 67 | + |
| 68 | +* *Pod Priority (PriorityClass)*: Preferred for ensuring essential core workloads have priority and sufficient resources. |
| 69 | + ** Allows critical components to avoid eviction during resource press** |
0 commit comments