openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 21:46:22 +01:00
Code Issues Releases Activity

BZ1844942 - Amending procedure to define explicit resource quotas

Browse Source
This commit is contained in:
Paul Needle
2020-06-15 13:36:10 +01:00
committed by Kathryn Alexander
parent f37529aa08
commit ba1dc15c38
2 changed files with 119 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
applications/quotas/quotas-setting-per-project.adoc
View File

@@ -24,6 +24,3 @@ include::modules/quotas-creating-object-count-quotas.adoc[leveloffset=+2]
include::modules/setting-resource-quota-for-extended-resources.adoc[leveloffset=+2]
include::modules/quotas-viewing-quotas.adoc[leveloffset=+1]
include::modules/quotas-requiring-explicit-quota.adoc[leveloffset=+1]
// This is not configurable in 4.1 right now - removing
// include::modules/quotas-requiring-explicit-quota.adoc[leveloffset=+1]

153
modules/quotas-requiring-explicit-quota.adoc
View File

@@ -2,48 +2,133 @@
//
// * applications/quotas/quotas-setting-per-project.adoc
[id="quota-requiring-explicit-quota_{context}"]
= Requiring explicit quota to consume a resource
// NOTE: This is currently not configurable in 4.1, removing from 4.1 docs.
If a resource is not managed by quota, a user has no restriction on the amount
of resource that can be consumed. For example, if there is no quota on storage
related to the gold storage class, the amount of gold storage a project can
create is unbounded.
[id="configuring-explicit-resource-quotas_{context}"]
= Configuring explicit resource quotas
For high-cost compute or storage resources, administrators might want to require
an explicit quota be granted in order to consume a resource. For example, if a
project was not explicitly given quota for storage related to the gold storage
class, users of that project would not be able to create any storage of that
type.
Configure explicit resource quotas in a project request template to apply specific resource quotas in new projects.
.Prerequisites
* Access to the cluster as a user with the cluster-admin role.
* Install the OpenShift Command-line Interface (CLI), commonly known as `oc`.
.Procedure
To require explicit quota to consume a particular resource:
. Add the following stanza to the master configuration:
. Add a resource quota definition to a project request template:
+
** If a project request template does not exist in a cluster:
.. Create a bootstrap project template and output it to a file called `template.yaml`:
+
----
$ oc adm create-bootstrap-project-template -o yaml > template.yaml
----
+
.. Add a resource quota definition to `template.yaml`. The following example defines a resource quota named 'storage-consumption'. The definition must be added before the `parameters:` section in the template:
+
[source,yaml]
----
admissionConfig:
pluginConfig:
ResourceQuota:
configuration:
apiVersion: resourcequota.admission.k8s.io/v1alpha1
kind: Configuration
limitedResources:
- resource: persistentvolumeclaims <1>
matchContains:
- gold.storageclass.storage.k8s.io/requests.storage <2>
- apiVersion: v1
kind: ResourceQuota
metadata:
name: storage-consumption
spec:
hard:
persistentvolumeclaims: "10" <1>
requests.storage: "50Gi" <2>
gold.storageclass.storage.k8s.io/requests.storage: "10Gi" <3>
silver.storageclass.storage.k8s.io/requests.storage: "20Gi" <4>
silver.storageclass.storage.k8s.io/persistentvolumeclaims: "5" <5>
bronze.storageclass.storage.k8s.io/requests.storage: "0" <6>
bronze.storageclass.storage.k8s.io/persistentvolumeclaims: "0" <7>
----
<1> The group/resource to whose consumption is limited by default.
<2> The name of the resource tracked by quota associated with the group/resource to
limit by default.
<1> The total number of persistent volume claims in a project.
<2> Across all persistent volume claims in a project, the sum of storage requested cannot exceed this value.
<3> Across all persistent volume claims in a project, the sum of storage requested in the gold storage class cannot exceed this value.
<4> Across all persistent volume claims in a project, the sum of storage requested in the silver storage class cannot exceed this value.
<5> Across all persistent volume claims in a project, the total number of claims in the silver storage class cannot exceed this value.
<6> Across all persistent volume claims in a project, the sum of storage requested in the bronze storage class cannot exceed this value. When this value is set to `0`, the bronze storage class cannot request storage.
<7> Across all persistent volume claims in a project, the sum of storage requested in the bronze storage class cannot exceed this value. When this value is set to `0`, the bronze storage class cannot create claims.
+
In the above example, the quota system intercepts every operation that
creates or updates a `PersistentVolumeClaim`. It checks what resources understood
by quota would be consumed, and if there is no covering quota for those resources
in the project, the request is denied.
.. Create a project request template from the modified `template.yaml` file in the `openshift-config` namespace:
+
In this example, if a user creates a `PersistentVolumeClaim` that uses storage
associated with the gold storage class, and there is no matching quota in the
project, the request is denied.
----
$ oc create -f template.yaml -n openshift-config
----
+
[NOTE]
====
To include the configuration as a `kubectl.kubernetes.io/last-applied-configuration` annotation, add the `--save-config` option to the `oc create` command.
====
+
By default, the template is called `project-request`.
+
** If a project request template already exists within a cluster:
+
[NOTE]
====
If you declaratively or imperatively manage objects within your cluster by using configuration files, edit the existing project request template through those files instead.
====
+
.. List templates in the `openshift-config` namespace:
+
----
$ oc get templates -n openshift-config
----
+
.. Edit an existing project request template:
+
----
$ oc edit template <project_request_template> -n openshift-config
----
+
.. Add a resource quota definition, such as the preceding 'storage-consumption' example, into the existing template. The definition must be added before the `parameters:` section in the template.
. If you created a project request template, reference it in the cluster's project configuration resource:
.. Access the project configuration resource for editing:
+
** By using the web console:
... Navigate to the *Administration* -> *Cluster Settings* page.
... Click *Global Configuration* to view all configuration resources.
... Find the entry for *Project* and click *Edit YAML*.
+
** By using the CLI:
... Edit the `project.config.openshift.io/cluster` resource:
+
----
$ oc edit project.config.openshift.io/cluster
----
+
.. Update the `spec` section of the project configuration resource to include the `projectRequestTemplate` and `name` parameters. The following example references the default project request template name `project-request`:
+
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Project
metadata:
...
spec:
projectRequestTemplate:
name: project-request
----
. Verify that the resource quota is applied when projects are created:
.. Create a project:
+
----
$ oc new-project <project_name>
----
+
.. List the project's resource quotas:
+
----
$ oc get resourcequotas
----
+
.. Describe the resource quota in detail:
+
----
$ oc describe resourcequotas <resource_quota_name>
----