Master Kubernetes CPU & Memory: Requests, Limits, Quotas, and LimitRanges

Managing CPU and memory resources in Kubernetes can be challenging, but this article provides a clear, step‑by‑step approach to understand and control them.

Allocate CPU and Memory to Containers and Pods

Kubernetes measures CPU in units that correspond to one vCPU on major cloud providers (AWS, GCP, Azure) or one hyper‑thread on a bare‑metal Intel CPU. Memory is specified in MiB or GiB.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: aks-application
spec:
  replicas: 1
  selector:
    matchLabels:
      app: aks-application
  template:
    metadata:
      labels:
        app: aks-application
    spec:
      containers:
      - name: aks-application
        image: hubname/aks-application-image:1.0.0
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 250m
            memory: 256Mi

Resources Quota: Limiting Namespace Consumption

A ResourceQuota object caps the total amount of resources a namespace can consume, including the number of objects and the aggregate CPU and memory requests.

Typical workflow:

Cluster admins create one or more ResourceQuota objects per namespace.

Kubernetes tracks resource usage when users create Pods, Services, etc.

If a creation or update exceeds the defined hard limits, the API returns a 403 FORBIDDEN error.

When CPU or memory quotas are enabled, every Pod must specify both request and limit values; otherwise the request is rejected.

apiVersion: v1
kind: ResourceQuota
metadata:
  name: backend-storage-quota
spec:
  hard:
    persistentvolumeclaims: "2"
    requests.storage: "1Gi"
---
apiVersion: v1
kind: ResourceQuota
metadata:
  name: backend-namespace-quota
spec:
  hard:
    request.cpu: 400m
    request.memory: 9600Mi
    limits.cpu: 1200m
    limits.memory: 11600Mi

Apply the quota with:

kubectl apply -f resource-quota.yaml --namespace backend

LimitRanges: Configuring Default CPU Requests and Limits

If a namespace has a quota, a LimitRange can provide default request and limit values and enforce minimum and maximum storage sizes for PersistentVolumeClaims.

apiVersion: v1
kind: LimitRange
metadata:
  name: backend-limit-range
spec:
  limits:
  - default:
      memory: 110Mi
      cpu: 500m
    defaultRequest:
      memory: 20Mi
      cpu: 100m
    type: Container
---
apiVersion: v1
kind: LimitRange
metadata:
  name: backend-storage-limits
spec:
  limits:
  - type: PersistentVolumeClaim
    max:
      storage: 5Gi
    min:
      storage: 2Gi

Tools for Managing CPU and Memory

Popeye – scans clusters for configuration, resource, and network issues and generates detailed reports.

Goldilocks – analyzes Pod resource limits and suggests optimal values.

Kube‑advisor – Azure‑team tool that detects missing resource requests and limits.

K9s + benchmark – CLI that simplifies cluster management, monitoring, and benchmarking.

These tools can be combined with observability stacks such as Datadog, Grafana + Prometheus, or Azure Monitor for enhanced monitoring.

Summary

Set resource requests to understand the CPU and memory usage of specific containers.

Define resource limits and run load tests to verify behavior under high load.

Continuously monitor container CPU and memory consumption.

Track PersistentVolume usage to avoid storage over‑commit.

Use LimitRanges to enforce default requests and limits when quotas are active.

Apply ResourceQuotas cautiously; they are not always recommended for production environments.