Default Quota

Every namespace has a set of default quotas and limits configured to protect the APPUiO Zone from resource abuse.

Resource Quotas

The following quotas are configured:

organization-objects

Quotas for counts of non-compute objects such as ConfigMaps and Services. Check the system documentation or use the oc command below to see all non-compute resources on which quotas are in place. Notably, we apply quotas for the cumulative storage requests for the storage classes cephfs-fspool-cluster and rbd-storagepool-cluster. There are separate quotas for each storage class.

Storage class rbd-storagepool-cluster isn’t present on all APPUiO Cloud zones.
organization-compute

Quotas for NotTerminating pods. This includes the number of NotTerminating pods and the cumulative resource requests and limits for NotTerminating pods.

organization-compute-terminating

Quotas for Terminating pods. This includes the number of Terminating pods and the cumulative resource limits for Terminating pods.

As described above, we distinguish between NotTerminating and Terminating pods. A pod is considered Terminating when it has .spec.activeDeadlineSeconds >= 0. Generally, it’s considered best practice to configure .spec.activeDeadlineSeconds in the PodSpec of Jobs and CronJobs. All other pods are considered NotTerminating.

See the Kubernetes Resource Quotas documentation for more details on how Kubernetes Resource Quotas work.

If the default quotas block you from running your application, please contact APPUiO Cloud support.

Resource Limits and Defaults

Additionally, APPUiO Cloud enforces minimum and maximum values for some configurations. These values are checked for each container individually. Minimum and maximum values are enforced for the following configurations:

  • Container CPU requests and limits

  • Container memory requests and limits

  • Container ephemeral storage requests and limits (only minimum)

We enforce minimum values which are greater than zero because Kubernetes interprets zero values for requests and limits as "unlimited"

In addition to enforcing minimum and maximum values, APPUiO Cloud also injects default values for the following configurations if they’re not explicitly set:

  • Container CPU requests and limits

  • Container memory requests and limits

  • Container ephemeral storage requests

Default value for activeDeadlineSeconds for "run-once" pods

APPUiO Cloud sets a default value of 30 minutes for .spec.activeDeadlineSeconds for "run-once" pods. "Run-once" pods are pods which have .spec.restartPolicy of Never or OnFailure. Generally, that’s pods created by Jobs, CronJobs, or OpenShift Builds.

Notably, APPUiO Cloud only applies the default value for .spec.activeDeadlineSeconds for pods which don’t have a value for that field already. Therefore, if you need a job to run longer than the default 30 minutes, simply set .spec.activeDeadlineSeconds accordingly in the Job’s pod template.

This mechanism ensures that all pods created by Jobs, CronJobs and OpenShift builds are considered Terminating by the Kubernetes resource quota management. That means that the organization-compute-terminating quota is relevant for pods created by Jobs, CronJobs and OpenShift builds.

The default value for activeDeadlineSeconds can be adjusted per namespace by adding annotation appuio.io/active-deadline-seconds-override to the namespace. The implementation expects that the value of the annotation is provided in seconds as a plain number, for example appuio.io/active-deadline-seconds-override: 3600 to set the default deadline to 1 hour.

If the value of the annotation can’t be parsed as a number, "run-once" pods won’t be scheduled correctly. Please check the events in the namespace or the relevant pod controller for details regarding the error. For example, for a CronJob, check the generated Job object for errors.

Checking the Quota and Limit values

You can check the actual quotas as follows:

  • Via the CLI:

    oc -n $mynamespace describe quota (1)
oc -n $mynamespace describe quota organization-objects (2)
oc -n $mynamespace describe limits organization (3)
    1 Show all configured quotas (ResourceQuota objects) in the namespace
    2 Show a specific quota in the namespace
    3 Show the configured limits (LimitRange object) in the namespace
    The oc describe quota command also shows you how much of each quota you’re currently consuming (column "Used").

  • Check the default values in the Commodore Component for APPUiO Cloud