Let's inspect our new namespace a bit more. Run the describe command as follows:
$ kubectl describe namespace/test
The following screenshot is the result of the preceding command:
Kubernetes allows you to both limit the resources used by individual pods or containers and the resources used by the overall namespace using quotas. You'll note that there are no resource limits or quotas currently set on the test namespace.
Suppose we want to limit the footprint of this new namespace; we can set quotas such as the following:
apiVersion: v1
kind: ResourceQuota
metadata:
name: test-quotas
namespace: test
spec:
hard:
pods: 3
services: 1
replicationcontrollers: 1
Listing 3-16: quota.yaml
Here, we will create a quota of 3 pods, 1 RC, and 1 service for the test namespace. As you probably guessed, this is executed once again by our trusty create command:
$ kubectl create -f quota.yaml
Now that we have that in place, let's use describe on the namespace, as follows:
$ kubectl describe namespace/test
The following screenshot is the result of the preceding command:
You'll note that we now have some values listed in the quota section and the limits section is still blank. We also have a Used column, which lets us know how close to the limits we are at the moment. Let's try to spin up a few pods using the following definition:
apiVersion: v1
kind: ReplicationController
metadata:
name: busybox-ns
namespace: test
labels:
name: busybox-ns
spec:
replicas: 4
selector:
name: busybox-ns
template:
metadata:
labels:
name: busybox-ns
spec:
containers:
- name: busybox-ns
image: busybox
command:
- sleep
- "3600"
Listing 3-17: busybox-ns.yaml
You'll note that we are creating four replicas of this basic pod. After using create to build this RC, run the describe command on the test namespace once more. You'll notice that the Used values for pods and RCs are at their max. However, we asked for four replicas and only see three pods in use.
Let's see what's happening with our RC. You might attempt to do that with the command here:
kubectl describe rc/busybox-ns
However, if you try, you'll be discouraged to see a not found message from the server. This is because we created this RC in a new namespace and kubectl assumes the default namespace if not specified. This means that we need to specify --namepsace=test with every command when we wish to access resources in the test namespace.
$ kubectl config view | grep current-context
Next, we can take that context and set the namespace variable like the following:
$ kubectl config set-context <Current Context> --namespace=test
Now you can run the kubectl command without the need to specify the namespace. Just remember to switch back when you want to look at the resources running in your default namespace.
Run the command with the namespace specified. If you've set your current namespace as demonstrated in the tip box, you can leave off the --namespace argument:
$ kubectl describe rc/busybox-ns --namespace=test
The following screenshot is the result of the preceding command:
As you can see in the preceding image, the first three pods were successfully created, but our final one fails with the Limited to 3 pods error.
This is an easy way to set limits for resources partitioned out at a community scale. It's worth noting that you can also set quotas for CPU, memory, persistent volumes, and secrets. Additionally, limits work in a similar way to quota, but they set the limit for each pod or container within the namespace.