Search code examples
memorykubernetescpugoogle-kubernetes-enginequota

Why do my pods not fulfill the resource quota limits if the number match?


After applying the following ResourceQuota compute-resources to my GKE Cluster

apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-resources
spec:
  hard:
    limits.cpu: "1"
    limits.memory: 1Gi

and updating a Deployment to

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-service
spec:
  selector:
    matchLabels:
      app: my-service
      tier: backend
      track: stable
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 50%
  template:
    metadata:
      labels:
        app: my-service
        tier: backend
        track: stable
    spec:
      containers:
        - name: my-service
          image: registry/namespace/my-service:latest
          ports:
            - name: http
              containerPort: 8080
          resources:
            requests:
              memory: "128Mi"
              cpu: "125m"
            limits:
              memory: "256Mi"
              cpu: "125m"

the scheduling fails 100% of tries due to pods "my-service-5bc4c68df6-4z8wp" is forbidden: failed quota: compute-resources: must specify limits.cpu,limits.memory. Since limits and requests are specified and they fulfill the limit, I don't see a reason why the pods should be forbidden.

How pod limits resource on kubernetes enforced when the pod exceed limits after pods is created ? is a different question.

I upgraded my cluster to 1.13.6-gke.0.


Solution

  • I was about to suggest to test within separate namespace, but see that you already tried.

    As another workaround try to setup default limits by enabling LimitRanger admission controller and setting it up e.g.

    apiVersion: v1
    kind: LimitRange
    metadata:
      name: cpu-limit-range
    spec:
      limits:
      - default:
          memory: 256Mi
          cpu: 125m
        defaultRequest:
          cpu: 125m
          memory: 128Mi
        type: Container
    

    Now if a Container is created in the default namespace, and the Container does not specify its own values for CPU request and CPU limit, the Container is given a default CPU limits of 125m and a default memory limit of 256Mi

    Also, after setting up LimitRange, make sure you removed your deployment and there are no pods stuck in failed state.