OpenShift Administrator’s Office Hour - Controlling Pod Resource Consumption

As administrators we have to strike a balance between granting unfettered access to resources by applications and preventing overconsumption of resources. Importantly, we also want to take precautions to avoid an accident or typo from affecting other applications, Pods, or even the whole cluster.

During this week’s stream we addressed how to use Kubernetes’ LimitRange and Quota objects to implement controls. By encouraging the application developer and administrator to consider the resources they need, it allows us to more easily balance, predict, and control resource consumption at the infrastructure layer, cost effectively and without wasting resources

As always, please see the list below for additional links to specific topics, questions, and supporting materials for the episode!

If you’re interested in more streaming content, please subscribe to the OpenShift.tv streaming calendar to see the upcoming episode topics and to receive any schedule changes. If you have questions or topic suggestions for the OpenShift Administrator’s Office Hour, please contact us via Discord, Twitter, or come join us live, Wednesdays at 11am EST / 1600 UTC, on YouTube and Twitch.

Episode 17 recorded stream:

Supporting links for today’s topic:

• Kubernetes documentation for LimitRange and Quota objects.
• A GitHub repo with some example scenarios showing how to control access to resources using LimitRanges and Quotas. You can see a video of this code in action here.
• A great way to simplify creating and applying LimitRanges and Quotas for projects is to create a customized Project template. I demoed this at the end of the stream, however we had to end before it was working. I promised to follow up with any issues/reasons why it wasn’t working, but it turns out I was just too impatient - it takes a couple minutes for the API server to restart with the new config, afterward it works exactly as expected!

Other links and materials referenced during the stream:

• The OpenShift Labs team recently published an update graph tool for OpenShift. This very helpful tool shows the exact upgrade path between OpenShift versions and includes a helpful visualization of the upgrade edges. You can listen to us talk about the tool and see it in action starting here.
• We followed up on the topic of mirroring disconnected Operator catalogs from a few weeks ago during the stream here. What we discovered is that the oc CLI tool has a bug that prevents the catalog from mirroring to disk successfully, though it may be working with the most recent version, 4.6.16. If you’re looking for a workaround, please view the stream starting at 10:58.

Other questions answered during the stream:

• Is the cluster network, defined in install-config.yaml, required to be a /14? No, it’s not. We talk about all three types of networks defined in the install-config.yaml, what their role is, and how to determine the precise values you need starting at the 17:43 timestamp.
• Can I use a vSphere datastore cluster with OpenShift? Unfortunately, no. But, there is a less functional, though similar, way to achieve the result using datastore tagging and policy based provisioning.