Kubernetes Resource Management: LimitRange vs ResourceQuota
Managing resources in Kubernetes is critical for ensuring fair usage, stability, and predictable performance in a multi-tenant cluster. Two powerful tools provided by Kubernetes for this purpose are LimitRange and ResourceQuota.
This article explains what they are, their differences, and how to use them effectively.
What is LimitRange?
LimitRange is a Kubernetes policy object that sets default resource limits (CPU/memory) for containers in a namespace.
Use Case
To prevent pods from consuming excessive resources if developers forget to define limits.
Example
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
namespace: dev
spec:
limits:
- default:
memory: 512Mi
defaultRequest:
memory: 256Mi
type: Container
This ensures all containers in the dev namespace will have a default memory limit and request.
What is ResourceQuota?
ResourceQuota enforces a hard limit on the total resources a namespace can consume.
Use Case
To control how much total CPU/memory/storage a team or environment uses.
Example
apiVersion: v1
kind: ResourceQuota
metadata:
name: dev-quota
namespace: dev
spec:
hard:
requests.cpu: "4"
requests.memory: 4Gi
limits.cpu: "8"
limits.memory: 8Gi
This prevents the namespace from exceeding the defined total resources.
Key Differences
| Feature | LimitRange | ResourceQuota |
|---|---|---|
| Scope | Per container | Per namespace |
| Purpose | Default/request limits | Total usage limit |
| Use Together? | Yes | Yes |
Best Practices
- Use both together to enforce defaults and total limits.
- Use
kubectl describe quotaandkubectl describe limitrangeto debug. - Monitor usage with metrics (e.g., Prometheus + Grafana).
Conclusion
Understanding and properly applying LimitRange and ResourceQuota is essential to run a stable, efficient, and secure Kubernetes cluster.