Why do my pods not fulfill the resource quota limits if the number match?

Kalle Richter picture Kalle Richter · May 30, 2019 · Viewed 11k times · Source

After applying the following ResourceQuota compute-resources to my GKE Cluster

apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-resources
spec:
  hard:
    limits.cpu: "1"
    limits.memory: 1Gi

and updating a Deployment to

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-service
spec:
  selector:
    matchLabels:
      app: my-service
      tier: backend
      track: stable
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 50%
  template:
    metadata:
      labels:
        app: my-service
        tier: backend
        track: stable
    spec:
      containers:
        - name: my-service
          image: registry/namespace/my-service:latest
          ports:
            - name: http
              containerPort: 8080
          resources:
            requests:
              memory: "128Mi"
              cpu: "125m"
            limits:
              memory: "256Mi"
              cpu: "125m"

the scheduling fails 100% of tries due to pods "my-service-5bc4c68df6-4z8wp" is forbidden: failed quota: compute-resources: must specify limits.cpu,limits.memory. Since limits and requests are specified and they fulfill the limit, I don't see a reason why the pods should be forbidden.

How pod limits resource on kubernetes enforced when the pod exceed limits after pods is created ? is a different question.

I upgraded my cluster to 1.13.6-gke.0.

Answer

A_Suh picture A_Suh · May 30, 2019

I was about to suggest to test within separate namespace, but see that you already tried.

As another workaround try to setup default limits by enabling LimitRanger admission controller and setting it up e.g.

apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-limit-range
spec:
  limits:
  - default:
      memory: 256Mi
      cpu: 125m
    defaultRequest:
      cpu: 125m
      memory: 128Mi
    type: Container

Now if a Container is created in the default namespace, and the Container does not specify its own values for CPU request and CPU limit, the Container is given a default CPU limits of 125m and a default memory limit of 256Mi

Also, after setting up LimitRange, make sure you removed your deployment and there are no pods stuck in failed state.