Search code examples
kubernetesstoragepersistent-volumespersistent-volume-claims

How to Hard Limit Of Storage Usage


Is there any way to hard limit to PV/PVC? For example;

  • I have two deployment in the same node.
  • They have separate pv/pvc. Pod 1 claims 10Gi, Pod 2 claims 15Gi
  • Node has 25 Gi free filesystem volume for pv's.
  • Storageclass provisioner is rancher and pv volumeMode is Filesystem.

As I understand, Pod 1 can write more than 10 Gi if the free storage of node is avaible. How to hard limit the pod 1 to not use more than its pvc, ie 10 Gi? I am okay with if the pod 1 tries to write more than 10 Gi, it will be evicted.

Note 1: I know that I can ResourceQuota to hard request storage but it limits pvc, not actual size.

Note 2: I know that I can hard limit empherical size using spec.containers[0].resources.limits.ephemeral-storage: 10Gi but this is ephemeral storage and it is deleted if the pod is restarted. I want to limit persistent volume

Possible Related Questions:


Solution

  • As @ AndD mentioned, if you are using the Rancher local-path-provisioner then the volume capacity limit is not supported in it.

    As there is no direct way to hard limit the pod’s storage in kubernetes. You can try a workaround If you are ok to evict the pod then you can try using the sidecar container to monitor the pod and evict incase of over usage of storage. But for this you might need to script the sidecar container based on your requirement.

    The other approach is you can try using the Admission controller which helps to enforce policies to limit the size of PVC usage but it is more complicated as it requires creating a custom script to monitor and evict the pod when the usage reaches to its limit.

    The other one is you might already know the use of Resource quotas of kubernetes but this approach will apply to namespace level.

    It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that namespace.