Account Quotas
Account quotas are like Kubernetes resource quotas but they are aggregated across namespaces, i.e. if you specify a limit such as limits.memory: 8Gi
, the user can use up to 8Gi of memory across all the spaces owned by the account that the quota is defined for.
Admins can manage account quotas in the "Quotas" tab of each cluster. Users can view a list of all quotas of their accounts as well as of the quotas of the accounts of their teams under "Quotas". Both views also show the current utilization for each quota limit.
Create Quotas
Account quotas can be created for any existing cluster account and as part of the process of updating and creating cluster accounts when using the UI.
- UI
- kubectl
Create file quota.yaml
:
apiVersion: config.kiosk.sh/v1alpha1
kind: AccountQuota
metadata:
name: johns-quota
spec:
account: johns-account
quota:
hard:
limits.cpu: "2"
limits.memory: 8Gi
Create the account quota using kubectl
:
# IMPORTANT: Make sure to switch to the context of the connected cluster!
kubectl apply -f quota.yaml
Delete Quotas
- UI
- kubectl
Delete an account quota using kubectl
:
# IMPORTANT: Make sure to switch to the context of the connected cluster!
kubectl delete accountquota [ACCOUNT_QUOTA_NAME]
Restrict Resource Amounts (e.g. virtual clusters, pods)
One common use case for account quotas is to restrict the amount of virtual clusters a user can create. This can be done by using the object count quota as in a regular resource quota.
With this you can limit any account to a specific amount of objects, such as pods
, deployments
, virtualclusters
and others.
For example, if you want to restrict a user to only create up to 2 virtual clusters through Loft, you can define:
- UI
- kubectl
Select the account this quota should apply to and enter in the quota section:
count/virtualclusters.storage.loft.sh: '2'
The press 'Create' to apply the quota.
Apply the following yaml in the cluster you want to restrict the user:
apiVersion: config.kiosk.sh/v1alpha1
kind: AccountQuota
metadata:
name: user-quota
spec:
account: user-account
quota:
hard:
count/virtualclusters.storage.loft.sh: '2'
Namespace Scoped Resources
Resource and account quotas can only restrict namespaced resources, such as pods, deployments etc. If you want to restrict the amount of spaces a user can create, please take a look at the account space creation settings