Skip to content

Latest commit

 

History

History
110 lines (89 loc) · 3.65 KB

config.md

File metadata and controls

110 lines (89 loc) · 3.65 KB

Configuration

Example

quotas:
- name: "singular-quota"
  selector: # optional
    matchLabels:
      demo.quota.operator/id: singular
  mode: singular
  deleteIneffectiveQuotas: true # optional
  template:
    annotations: # optional
      foo.bar.baz/foobar: asdf
    spec:
      hard:
        count/secrets: 3
- name: "maximum-quota"
  selector:
    matchLabels:
      demo.quota.operator/id: maximum
  mode: maximum
  deleteIneffectiveQuotas: false # optional
  template:
    spec:
      hard:
        count/configmaps: 3
- name: "cumulative-quota"
  selector:
    matchLabels:
      demo.quota.operator/id: cumulative
  mode: cumulative
  template:
    labels: # optional
      foo.bar.baz/foobar: asdf
    spec:
      hard:
        count/serviceaccounts: 3

externalQuotaDefinitionNames: # optional
- other-quota-1
- other-quota-2

Quota Definitions

The basic idea of the quota controller is that it can be configured with multiple quota definitions. Each quota definition consists of the following parts:

  • name
  • label selector
  • ResourceQuota template
  • configuration
    • operating mode
    • deletion of ineffective QuotaIncreases

Name

The name of the quota definition serves as an identifier. It must be unique among all quota definitions. It is also used as name for the generated ResourceQuota resource, so it has to be k8s compatible.

Label Selector (optional)

The quota operator reconciles namespaces and the label selectors allow to filter which quota definition should apply to which namespaces.

Note that only one quota definition can be used per namespace, so the sets of namespaces selected by the different label selectors should be disjunct. In case of overlaps, the first quota definition to be applied to this namespace 'claims' it, preventing other quota definitions to be applied to it.

While it is possible to not specify any label selector, this will result in the quota definition being applied to all namespaces, including k8s-relevant ones (e.g. kube-system), which is likely not desired.

ResourceQuota Template

This is the template for the ResourceQuota that will be created in each namespace matched by the label selector.

The spec must be specified, annotations and labels are optional. The name is taken from the quota definition.

This generated ResourceQuota is watched and reconciled by the quota operator, manual changes to it will be overwritten immediately.

As an example, the ResourceQuota generated by the cumulative-quota definition from the config above will look like this:

apiVersion: v1
kind: ResourceQuota
metadata:
  creationTimestamp: "2024-07-10T09:45:01Z"
  labels:
    foo.bar.baz/foobar: asdf
    quota.openmcp.cloud/managed-by: quota-controller
    quota.openmcp.cloud/quota-definition: cumulative-quota
  name: cumulative-quota
  namespace: <namespace>
  ownerReferences:
  - apiVersion: v1
    blockOwnerDeletion: true
    controller: true
    kind: Namespace
    name: <namespace>
    uid: <namespace UID>
  resourceVersion: "1985788"
  uid: a08ccb81-ab28-4a51-afde-37ea14914bb5
spec:
  hard:
    count/serviceaccounts: "3"

Configuration

Mode

The operating mode determines how the controller handles multiple QuotaIncrease resources in the same namespace. See the full documentation here.

Deletion of ineffective QuotaIncreases (optional)

If deleteIneffectiveQuotas is set to true (it defaults to false, if not specified), the quota operator will delete all QuotaIncreases that don't contribute to the generated ResourceQuota. The behavior here strongly depends on the operating mode, see above.