{"id":2187,"date":"2017-01-03T19:23:38","date_gmt":"2017-01-03T19:23:38","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=2187"},"modified":"2019-04-04T02:31:58","modified_gmt":"2019-04-04T09:31:58","slug":"kubernetes-namespaces-resource-quota-limits-qos-cluster","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/","title":{"rendered":"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-12277\" src=\"\/wp-content\/original-assets\/kubernetes-logo.png\" alt=\"Kubernetes Logo\" width=\"209\" height=\"185\" \/><\/p>\n<p>By default, all resources in Kubernetes cluster are created in a default namespace. A\u00a0pod will run with unbounded CPU and memory requests\/limits. A <a href=\"https:\/\/kubernetes.io\/v1.1\/docs\/admin\/namespaces\/README.html\">Kubernetes\u00a0namespace<\/a> allows\u00a0to partition created resources into a logically named group. Each namespace provides:<\/p>\n<ul>\n<li><strong>a unique scope<\/strong> for resources to avoid name collisions<\/li>\n<li><strong>policies<\/strong>to ensure appropriate authority to trusted users<\/li>\n<li>ability to specify <strong>constraints for resource consumption<\/strong><\/li>\n<\/ul>\n<p>This allows a Kubernetes cluster to share\u00a0resources\u00a0by multiple groups and provide different levels of QoS each group. Resources created in one namespace are hidden from other namespaces.\u00a0Multiple\u00a0namespaces can be created, each potentially with different constraints.<\/p>\n<h2>Default Kubernetes Namespace<\/h2>\n<p>By default, each resource created by user in Kubernetes cluster runs in a default namespace, called <code>default<\/code>.<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get namespace\r\nNAME          LABELS    STATUS    AGE\r\ndefault           Active    1m\r\nkube-system       Active    1m<\/pre>\n<p>Any pod, service or replication controller will be created\u00a0in this namespace. <code>kube-system<\/code> namespace is reserved for\u00a0resources created by the Kubernetes cluster. More details about the namespace can be seen:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh describe namespaces default\r\nName: default\r\nLabels: \r\nStatus: Active\r\n\r\nNo resource quota.\r\n\r\nResource Limits\r\n Type  Resource Min Max Request Limit Limit\/Request\r\n ----  -------- --- --- ------- ----- -------------\r\n Container cpu  - - 100m - -\r\n<\/pre>\n<p>This description shows resource quota (if present), as well as resource limit ranges. So let&#8217;s create a Couchbase replication controller as:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh run couchbase --image=arungupta\/couchbase<\/pre>\n<p>Check the existing replication controller:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get rc\r\nCONTROLLER   CONTAINER(S)   IMAGE(S)              SELECTOR        REPLICAS   AGE\r\ncouchbase    couchbase      arungupta\/couchbase   run=couchbase   1          5m<\/pre>\n<p>By default, only resources in user namespace are shown. Resources in\u00a0all namespaces can be shown using <code>--all-namespaces<\/code>\u00a0option:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get rc --all-namespaces\r\nNAMESPACE     CONTROLLER                       CONTAINER(S)           IMAGE(S)                                                SELECTOR                           REPLICAS   AGE\r\ndefault       couchbase                        couchbase              arungupta\/couchbase                                     run=couchbase                      1          5m\r\nkube-system   heapster-v11                     heapster               gcr.io\/google_containers\/heapster:v0.18.4               k8s-app=heapster,version=v11       1          6m\r\nkube-system   kube-dns-v9                      etcd                   gcr.io\/google_containers\/etcd:2.0.9                     k8s-app=kube-dns,version=v9        1          6m\r\n                                               kube2sky               gcr.io\/google_containers\/kube2sky:1.11                                                     \r\n                                               skydns                 gcr.io\/google_containers\/skydns:2015-10-13-8c72f8c                                         \r\n                                               healthz                gcr.io\/google_containers\/exechealthz:1.0                                                   \r\nkube-system   kube-ui-v4                       kube-ui                gcr.io\/google_containers\/kube-ui:v4                     k8s-app=kube-ui,version=v4         1         6m\r\nkube-system   l7-lb-controller-v0.5.2          default-http-backend   gcr.io\/google_containers\/defaultbackend:1.0             k8s-app=glbc,version=v0.5.2        1         6m\r\n                                               l7-lb-controller       gcr.io\/google_containers\/glbc:0.5.2                                                        \r\nkube-system   monitoring-influxdb-grafana-v2   influxdb               gcr.io\/google_containers\/heapster_influxdb:v0.4         k8s-app=influxGrafana,version=v2   1         6m\r\n                                               grafana                beta.gcr.io\/google_containers\/heapster_grafana:v2.1.1<\/pre>\n<p>As you can see, the <code>arungupta\/couchbase<\/code> image runs in the <code>default<\/code> namespace. All other resources run in the\u00a0<code>kube-system<\/code> namespace. Lets check the context of this replication controller:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh config view couchbase\r\napiVersion: v1\r\nclusters:\r\n- cluster:\r\n    certificate-authority-data: REDACTED\r\n    server: https:\/\/104.197.10.200\r\n  name: couchbase-on-kubernetes_kubernetes\r\ncontexts:\r\n- context:\r\n    cluster: couchbase-on-kubernetes_kubernetes\r\n    user: couchbase-on-kubernetes_kubernetes\r\n  name: couchbase-on-kubernetes_kubernetes\r\ncurrent-context: couchbase-on-kubernetes_kubernetes\r\nkind: Config\r\npreferences: {}\r\nusers:\r\n- name: couchbase-on-kubernetes_kubernetes\r\n  user:\r\n    client-certificate-data: REDACTED\r\n    client-key-data: REDACTED\r\n    token: 1RUrsvA5RDwwRNf0eOvz86elmniOK0oj\r\n- name: couchbase-on-kubernetes_kubernetes-basic-auth\r\n  user:\r\n    password: cZ9fZSuzIqq5kdnj\r\n    username: admin<\/pre>\n<p>Look for <code>contexts.context.name<\/code> attribute to see the existing context.\u00a0This will be manipulated\u00a0later.<\/p>\n<h2>Create a Resource in New Kubernetes Namespace<\/h2>\n<p>Lets create a\u00a0new namespace first. This can be done\u00a0using\u00a0the following configuration file:<\/p>\n<pre class=\"lang:default decode:true\">apiVersion: v1\r\nkind: Namespace\r\nmetadata:\r\n  name: development\r\n  labels:\r\n    name: development<\/pre>\n<p>Namespace is created as:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh create -f myns.yaml \r\nnamespace \"development\" created<\/pre>\n<p>Then querying for all the namespaces gives:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get namespace\r\nNAME          LABELS             STATUS    AGE\r\ndefault                    Active    9m\r\ndevelopment   name=development   Active    13s\r\nkube-system                Active    8m<\/pre>\n<p>A new\u00a0replication controller can be created in this new namespace by using <code>--namespace<\/code> option:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development run couchbase --image=arungupta\/couchbase\r\nreplicationcontroller \"couchbase\" created<\/pre>\n<p>List of resources in all namespaces looks like:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get rc --all-namespaces\r\nNAMESPACE     CONTROLLER                       CONTAINER(S)           IMAGE(S)                                                SELECTOR                           REPLICAS   AGE\r\ndefault       couchbase                        couchbase              arungupta\/couchbase                                     run=couchbase                      1          4m\r\ndevelopment   couchbase                        couchbase              arungupta\/couchbase                                     run=couchbase                      1          2m\r\nkube-system   heapster-v11                     heapster               gcr.io\/google_containers\/heapster:v0.18.4               k8s-app=heapster,version=v11       1          31m\r\n. . .<\/pre>\n<p>As\u00a0seen, there are two replication controllers with <code>arungupta\/couchbase<\/code> image &#8211; one in <code>default<\/code> namespace and another in <code>development<\/code> namespace.<\/p>\n<h2>Set Kubernetes Namespace For an Existing Resource<\/h2>\n<p>If a resource is already created then it can be assigned a namespace. On a previously created resource, new context can be set in the namespace:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh config set-context dev --namespace=development --cluster=couchbase-on-kubernetes_kubernetes --user=couchbase-on-kubernetes_kubernetes\r\ncontext \"dev\" set.<\/pre>\n<p>Viewing the context now shows:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh config view couchbase\r\napiVersion: v1\r\nclusters:\r\n- cluster:\r\n    certificate-authority-data: REDACTED\r\n    server: https:\/\/104.197.10.200\r\n  name: couchbase-on-kubernetes_kubernetes\r\ncontexts:\r\n- context:\r\n    cluster: couchbase-on-kubernetes_kubernetes\r\n    user: couchbase-on-kubernetes_kubernetes\r\n  name: couchbase-on-kubernetes_kubernetes\r\n- context:\r\n    cluster: couchbase-on-kubernetes_kubernetes\r\n    namespace: development\r\n    user: couchbase-on-kubernetes_kubernetes\r\n  name: dev\r\ncurrent-context: couchbase-on-kubernetes_kubernetes\r\nkind: Config\r\npreferences: {}\r\nusers:\r\n- name: couchbase-on-kubernetes_kubernetes\r\n  user:\r\n    client-certificate-data: REDACTED\r\n    client-key-data: REDACTED\r\n    token: 1RUrsvA5RDwwRNf0eOvz86elmniOK0oj\r\n- name: couchbase-on-kubernetes_kubernetes-basic-auth\r\n  user:\r\n    password: cZ9fZSuzIqq5kdnj\r\n    username: admin<\/pre>\n<p>The second attribute in <code>contexts.context<\/code> array shows that a\u00a0new context has been created. It also shows that the current context is still <code>couchbase-on-kubernetes_kubernetes<\/code>. Since no namespace is specified in that context, it belongs to the default namespace. Change the context:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh config use-context dev\r\nswitched to context \"dev\".<\/pre>\n<p>See the list of replication controllers:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get rc\r\nCONTROLLER   CONTAINER(S)   IMAGE(S)   SELECTOR   REPLICAS   AGE<\/pre>\n<p>Obviously, no replication controllers are running in this context. Lets create a new replication controller in this new namespace:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh run couchbase --image=arungupta\/couchbase\r\nreplicationcontroller \"couchbase\" created<\/pre>\n<p>And see the list of replication\u00a0controllers in all namespaces:<\/p>\n<pre class=\"lang:default decode:true \">.\/kubernetes\/cluster\/kubectl.sh get rc --all-namespaces\r\nNAMESPACE     CONTROLLER                       CONTAINER(S)           IMAGE(S)                                                SELECTOR                           REPLICAS   AGE\r\ndefault       couchbase                        couchbase              arungupta\/couchbase                                     run=couchbase                      1          16m\r\ndevelopment   couchbase                        couchbase              arungupta\/couchbase                                     run=couchbase                      1          4s\r\nkube-system   heapster-v11                     heapster               gcr.io\/google_containers\/heapster:v0.18.4               k8s-app=heapster,version=v11       1          17m\r\n. . .<\/pre>\n<p>Now you can see two <code>arungupta\/couchbase<\/code> replication controllers running in two difference namespaces.<\/p>\n<h2>Delete a Kubernetes Resource in Namespace<\/h2>\n<p>A resource can be deleted by\u00a0fully-qualifying the\u00a0resource name:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=default delete rc couchbase\r\nreplicationcontroller \"couchbase\" deleted<\/pre>\n<p>Similarly the other\u00a0replication controller can be deleted as:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development delete rc couchbase\r\nreplicationcontroller \"couchbase\" deleted<\/pre>\n<p>Finally, see the list of all replication controllers in all namespaces:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh get rc --all-namespaces\r\nNAMESPACE     CONTROLLER                       CONTAINER(S)           IMAGE(S)                                                SELECTOR                           REPLICAS   AGE\r\nkube-system   heapster-v11                     heapster               gcr.io\/google_containers\/heapster:v0.18.4               k8s-app=heapster,version=v11       1          3h\r\nkube-system   kube-dns-v9                      etcd                   gcr.io\/google_containers\/etcd:2.0.9                     k8s-app=kube-dns,version=v9        1          3h\r\n. . .<\/pre>\n<p>This confirms that all user created replication controllers are deleted.<\/p>\n<h2>Resource Quota and Limit using Kubernetes Namespace<\/h2>\n<p>Each namespace can be assigned resource quota. By default, a pod will run with unbounded CPU and memory requests\/limits.\u00a0Specifying quota allows to restrict how much of cluster resources\u00a0can be consumed across all pods in a namespace. Resource quota can be specified using\u00a0a configuration file:<\/p>\n<pre class=\"lang:default decode:true\">apiVersion: v1\r\nkind: ResourceQuota\r\nmetadata:\r\n  name: quota\r\nspec:\r\n  hard:\r\n    cpu: \"20\"\r\n    memory: 1Gi\r\n    pods: \"10\"\r\n    replicationcontrollers: \"20\"\r\n    resourcequotas: \"1\"\r\n    services: \"5\"<\/pre>\n<p>The following resources\u00a0are supported by the quota system:<\/p>\n<table>\n<tbody>\n<tr>\n<th>Resource<\/th>\n<th>Description<\/th>\n<\/tr>\n<tr>\n<td><code>cpu<\/code><\/td>\n<td>Total requested cpu usage<\/td>\n<\/tr>\n<tr>\n<td><code>memory<\/code><\/td>\n<td>Total requested memory usage<\/td>\n<\/tr>\n<tr>\n<td><code>pods<\/code><\/td>\n<td>Total number of active pods where phase is pending or active.<\/td>\n<\/tr>\n<tr>\n<td><code>services<\/code><\/td>\n<td>Total number of services<\/td>\n<\/tr>\n<tr>\n<td><code>replicationcontrollers<\/code><\/td>\n<td>Total number of replication controllers<\/td>\n<\/tr>\n<tr>\n<td><code>resourcequotas<\/code><\/td>\n<td>Total number of resource quotas<\/td>\n<\/tr>\n<tr>\n<td><code>secrets<\/code><\/td>\n<td>Total number of secrets<\/td>\n<\/tr>\n<tr>\n<td><code>persistentvolumeclaims<\/code><\/td>\n<td>Total number of persistent volume claims<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>This resource quota can be created in a namespace:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development create -f quota.yaml\r\nresourcequota \"quota\" created<\/pre>\n<p>The created quota can be seen as:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development describe quota\r\nName:   quota\r\nNamespace:  development\r\nResource  Used Hard\r\n--------  ---- ----\r\ncpu   0 20\r\nmemory   0 1Gi\r\npods   0 10\r\nreplicationcontrollers 0 20\r\nresourcequotas  1 1\r\nservices  0 5<\/pre>\n<p>Now, if you try to create the replication controller that works:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development run couchbase --image=arungupta\/couchbase\r\nreplicationcontroller \"couchbase\" created<\/pre>\n<p>But describing the quota again shows:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development describe quota\r\nName:   quota\r\nNamespace:  development\r\nResource  Used Hard\r\n--------  ---- ----\r\ncpu   0 20\r\nmemory   0 1Gi\r\npods   0 10\r\nreplicationcontrollers 1 20\r\nresourcequotas  1 1\r\nservices  0 5<\/pre>\n<p>We expected a new pod to be created as part of this replication controller but it&#8217;s not there. So lets\u00a0describe our replication controller:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development describe rc\r\nName:  couchbase\r\nNamespace: development\r\nImage(s): arungupta\/couchbase\r\nSelector: run=couchbase\r\nLabels:  run=couchbase\r\nReplicas: 0 current \/ 1 desired\r\nPods Status: 0 Running \/ 0 Waiting \/ 0 Succeeded \/ 0 Failed\r\nNo volumes.\r\nEvents:\r\n  FirstSeen LastSeen Count From    SubobjectPath Reason  Message\r\n  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500    \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n  1m  24s  4 {replication-controller }   FailedCreate Error creating: Pod \"couchbase-\" is forbidden: must make a non-zero request for memory since it is tracked by quota.<\/pre>\n<p>By default, pod consumes all the cpu and memory available. With resource quotas applied, an explicit value must be specified. Alternatively a default value for the pod can be specified using the following configuration file:<\/p>\n<pre class=\"lang:default decode:true\">apiVersion: v1\r\nkind: LimitRange\r\nmetadata:\r\n  name: limits\r\nspec:\r\n  limits:\r\n  - default:\r\n      cpu: 200m\r\n      memory: 512Mi\r\n    defaultRequest:\r\n      cpu: 100m\r\n      memory: 256Mi\r\n    type: Container<\/pre>\n<p>This\u00a0restricts the CPU and memory that can be consumed by a pod. Lets apply these limits as:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development create -f limits.yaml \r\nlimitrange \"limits\" created<\/pre>\n<p>Now when you\u00a0describe the replication controller again, it shows:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development describe rc\r\nName:  couchbase\r\nNamespace: development\r\nImage(s): arungupta\/couchbase\r\nSelector: run=couchbase\r\nLabels:  run=couchbase\r\nReplicas: 1 current \/ 1 desired\r\nPods Status: 1 Running \/ 0 Waiting \/ 0 Succeeded \/ 0 Failed\r\nNo volumes.\r\nEvents:\r\n  FirstSeen LastSeen Count From    SubobjectPath Reason   Message\r\n  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500    \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500   \u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n  8m  2m  14 {replication-controller }   FailedCreate  Error creating: Pod \"couchbase-\" is forbidden: must make a non-zero request for memory since it is tracked by quota.\r\n  2m  2m  1 {replication-controller }   SuccessfulCreate Created pod: couchbase-gzk0l<\/pre>\n<p>This shows successful creation of the pod. And now when you describe the quota, it shows\u00a0correct values as well:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development describe quota\r\nName:   quota\r\nNamespace:  development\r\nResource  Used  Hard\r\n--------  ----  ----\r\ncpu   100m  20\r\nmemory   268435456 1Gi\r\npods   1  10\r\nreplicationcontrollers 1  20\r\nresourcequotas  1  1\r\nservices  0  5<\/pre>\n<p><a href=\"https:\/\/kubernetes.io\/v1.1\/docs\/admin\/resourcequota\/\">Resource Quota<\/a> provide more details about how to set\/update\u00a0these values. Creating another quota gives the following error:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development create -f quota.yaml\r\nError from server: error when creating \"quota.yaml\": ResourceQuota \"quota\" is forbidden: limited to 1 resourcequotas<\/pre>\n<h2>Specifying\u00a0Limits During Pod Creation<\/h2>\n<p>Limits can be specified during pod creation as well: If memory limit for each pod is restricted to 1g, then a valid pod definition would be:<\/p>\n<pre class=\"lang:default decode:true\">apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  name: couchbase-pod\r\nspec:\r\n  containers:\r\n  - name: couchbase\r\n    image: couchbase\r\n    ports:\r\n    - containerPort: 8091\r\n    resources:\r\n      limits:\r\n        cpu: \"1\"\r\n        memory: 512Mi<\/pre>\n<p>This is because the pod request 0.5G of memory only. And an invalid pod definition would be:<\/p>\n<pre class=\"lang:default decode:true\">apiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  name: couchbase-pod\r\nspec:\r\n  containers:\r\n  - name: couchbase\r\n    image: couchbase\r\n    ports:\r\n    - containerPort: 8091\r\n    resources:\r\n      limits:\r\n        cpu: \"1\"\r\n        memory: 2G<\/pre>\n<p>This is because the pod requests 2G of memory. Creating such a pod gives the following error:<\/p>\n<pre class=\"lang:default decode:true\">.\/kubernetes\/cluster\/kubectl.sh --namespace=development create -f couchbase-pod.yaml \r\nError from server: error when creating \"couchbase-pod.yaml\": Pod \"couchbase-pod\" is forbidden: unable to admit pod without exceeding quota for resource memory:  limited to 1Gi but require 2805306368 to succeed<\/pre>\n<p>Hope you can apply\u00a0namespaces, resource quotas, and limits for\u00a0sharing your clusters across different environments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By default, all resources in Kubernetes cluster are created in a default namespace. A\u00a0pod will run with unbounded CPU and memory requests\/limits. A Kubernetes\u00a0namespace allows\u00a0to partition created resources into a logically named group. Each namespace provides: a unique scope for [&hellip;]<\/p>\n","protected":false},"author":58,"featured_media":13873,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1816],"tags":[1545],"ppma_author":[8933],"class_list":["post-2187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-couchbase-server","tag-kubernetes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v26.2) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster - The Couchbase Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster\" \/>\n<meta property=\"og:description\" content=\"By default, all resources in Kubernetes cluster are created in a default namespace. A\u00a0pod will run with unbounded CPU and memory requests\/limits. A Kubernetes\u00a0namespace allows\u00a0to partition created resources into a logically named group. Each namespace provides: a unique scope for [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-01-03T19:23:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-04-04T09:31:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2022\/11\/couchbase-nosql-dbaas.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Arun Gupta, VP, Developer Advocacy, Couchbase\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@arungupta\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arun Gupta, VP, Developer Advocacy, Couchbase\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\"},\"author\":{\"name\":\"Arun Gupta, VP, Developer Advocacy, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/39d8caed0f536489b6aa6e8d31ee631f\"},\"headline\":\"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster\",\"datePublished\":\"2017-01-03T19:23:38+00:00\",\"dateModified\":\"2019-04-04T09:31:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\"},\"wordCount\":836,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"keywords\":[\"kubernetes\"],\"articleSection\":[\"Couchbase Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\",\"name\":\"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"datePublished\":\"2017-01-03T19:23:38+00:00\",\"dateModified\":\"2019-04-04T09:31:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png\",\"width\":1800,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/39d8caed0f536489b6aa6e8d31ee631f\",\"name\":\"Arun Gupta, VP, Developer Advocacy, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/8900a75409c646948fe0bd80f6240337\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f912e10b5f39748ee4f1a0b0da6f42747f0b3a94fe7acb511791468656f5e726?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f912e10b5f39748ee4f1a0b0da6f42747f0b3a94fe7acb511791468656f5e726?s=96&d=mm&r=g\",\"caption\":\"Arun Gupta, VP, Developer Advocacy, Couchbase\"},\"description\":\"Arun Gupta is the vice president of developer advocacy at Couchbase. He has built and led developer communities for 10+ years at Sun, Oracle, and Red Hat. He has deep expertise in leading cross-functional teams to develop and execute strategy, planning and execution of content, marketing campaigns, and programs. Prior to that he led engineering teams at Sun and is a founding member of the Java EE team. Gupta has authored more than 2,000 blog posts on technology. He has extensive speaking experience in more than 40 countries on myriad topics and is a JavaOne Rock Star for three years in a row. Gupta also founded the Devoxx4Kids chapter in the US and continues to promote technology education among children. An author of several books on technology, an avid runner, a globe trotter, a Java Champion, a JUG leader, NetBeans Dream Team member, and a Docker Captain, he is easily accessible at @arungupta.\",\"sameAs\":[\"https:\/\/x.com\/arungupta\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/arun-gupta\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster - The Couchbase Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/","og_locale":"en_US","og_type":"article","og_title":"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster","og_description":"By default, all resources in Kubernetes cluster are created in a default namespace. A\u00a0pod will run with unbounded CPU and memory requests\/limits. A Kubernetes\u00a0namespace allows\u00a0to partition created resources into a logically named group. Each namespace provides: a unique scope for [&hellip;]","og_url":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/","og_site_name":"The Couchbase Blog","article_published_time":"2017-01-03T19:23:38+00:00","article_modified_time":"2019-04-04T09:31:58+00:00","og_image":[{"width":1800,"height":630,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2022\/11\/couchbase-nosql-dbaas.png","type":"image\/png"}],"author":"Arun Gupta, VP, Developer Advocacy, Couchbase","twitter_card":"summary_large_image","twitter_creator":"@arungupta","twitter_misc":{"Written by":"Arun Gupta, VP, Developer Advocacy, Couchbase","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/"},"author":{"name":"Arun Gupta, VP, Developer Advocacy, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/39d8caed0f536489b6aa6e8d31ee631f"},"headline":"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster","datePublished":"2017-01-03T19:23:38+00:00","dateModified":"2019-04-04T09:31:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/"},"wordCount":836,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","keywords":["kubernetes"],"articleSection":["Couchbase Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/","url":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/","name":"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","datePublished":"2017-01-03T19:23:38+00:00","dateModified":"2019-04-04T09:31:58+00:00","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2022\/11\/couchbase-nosql-dbaas.png","width":1800,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/kubernetes-namespaces-resource-quota-limits-qos-cluster\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Kubernetes Namespaces, Resource Quota, and Limits for QoS in Cluster"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/39d8caed0f536489b6aa6e8d31ee631f","name":"Arun Gupta, VP, Developer Advocacy, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/8900a75409c646948fe0bd80f6240337","url":"https:\/\/secure.gravatar.com\/avatar\/f912e10b5f39748ee4f1a0b0da6f42747f0b3a94fe7acb511791468656f5e726?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f912e10b5f39748ee4f1a0b0da6f42747f0b3a94fe7acb511791468656f5e726?s=96&d=mm&r=g","caption":"Arun Gupta, VP, Developer Advocacy, Couchbase"},"description":"Arun Gupta is the vice president of developer advocacy at Couchbase. He has built and led developer communities for 10+ years at Sun, Oracle, and Red Hat. He has deep expertise in leading cross-functional teams to develop and execute strategy, planning and execution of content, marketing campaigns, and programs. Prior to that he led engineering teams at Sun and is a founding member of the Java EE team. Gupta has authored more than 2,000 blog posts on technology. He has extensive speaking experience in more than 40 countries on myriad topics and is a JavaOne Rock Star for three years in a row. Gupta also founded the Devoxx4Kids chapter in the US and continues to promote technology education among children. An author of several books on technology, an avid runner, a globe trotter, a Java Champion, a JUG leader, NetBeans Dream Team member, and a Docker Captain, he is easily accessible at @arungupta.","sameAs":["https:\/\/x.com\/arungupta"],"url":"https:\/\/www.couchbase.com\/blog\/author\/arun-gupta\/"}]}},"authors":[{"term_id":8933,"user_id":58,"is_guest":0,"slug":"arun-gupta","display_name":"Arun Gupta, VP, Developer Advocacy, Couchbase","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/f912e10b5f39748ee4f1a0b0da6f42747f0b3a94fe7acb511791468656f5e726?s=96&d=mm&r=g","author_category":"","last_name":"Gupta","first_name":"Arun","job_title":"","user_url":"","description":"Arun Gupta is the vice president of developer advocacy at Couchbase. He has built and led developer communities for 10+ years at Sun, Oracle, and Red Hat. He has deep expertise in leading cross-functional teams to develop and execute strategy, planning and execution of content, marketing campaigns, and programs. Prior to that he led engineering teams at Sun and is a founding member of the Java EE team.\r\n\r\nGupta has authored more than 2,000 blog posts on technology. He has extensive speaking experience in more than 40 countries on myriad topics and is a JavaOne Rock Star for three years in a row. Gupta also founded the Devoxx4Kids chapter in the US and continues to promote technology education among children. An author of several books on technology, an avid runner, a globe trotter, a Java Champion, a JUG leader, NetBeans Dream Team member, and a Docker Captain, he is easily accessible at @arungupta."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/2187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/58"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=2187"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/2187\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/13873"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=2187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=2187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=2187"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}