Drill: Check Resource Quotas and Limit Ranges

Goal

Inspect resource quotas and limit ranges in a namespace to understand resource constraints and capacity.

Setup

• kubectl configured with cluster access
• A namespace with resource quotas or limit ranges configured

Commands

List resource quotas in a namespace:

kubectl get resourcequota -n <namespace>

Describe a resource quota with usage details:

kubectl describe resourcequota -n <namespace>

View the quota in YAML:

kubectl get resourcequota <name> -n <namespace> -o yaml

List limit ranges:

kubectl get limitrange -n <namespace>

Describe a limit range with defaults:

kubectl describe limitrange -n <namespace>

Check current resource usage against quota:

kubectl get resourcequota -n <namespace> -o custom-columns='NAME:.metadata.name,CPU_USED:.status.used.requests\.cpu,CPU_HARD:.status.hard.requests\.cpu,MEM_USED:.status.used.requests\.memory,MEM_HARD:.status.hard.requests\.memory'

Check if a specific resource is close to quota:

kubectl describe resourcequota -n <namespace> | grep -E "Used|Hard|Resource"

List all pods with their resource requests:

kubectl get pods -n <namespace> -o custom-columns='NAME:.metadata.name,CPU_REQ:.spec.containers[*].resources.requests.cpu,MEM_REQ:.spec.containers[*].resources.requests.memory'

What to Look For

• Used close to Hard means the namespace is near capacity
• LimitRange default values are applied to containers without explicit resource specs
• LimitRange max prevents any single container from requesting too many resources
• Pods failing to create with "exceeded quota" are blocked at admission time

Common Mistakes

• Not setting resource requests on pods, then being surprised when defaults from LimitRange apply
• Confusing resource requests (scheduling) with limits (enforcement)
• Not checking quota when pods fail to create with vague admission errors
• Forgetting that quota applies to the sum of all pods in the namespace

Cleanup

No cleanup needed. These are read-only inspection commands.