BestHub
Sign in
Cloud Native 8 min read

Mastering CPU & Memory Management in Kubernetes: Resources, Quotas, and Limits

This article explains how to allocate CPU and memory to containers and Pods in Kubernetes, covers ResourceQuota and LimitRange mechanisms, provides practical YAML examples, and lists useful tools for monitoring and enforcing resource constraints.

Open Source Linux
Open Source Linux
Open Source Linux
Mastering CPU & Memory Management in Kubernetes: Resources, Quotas, and Limits

In Kubernetes, allocating and managing CPU and memory resources can be tricky but also straightforward. This article explains what Kubernetes resources and limits are and how to manage them.

Assign CPU and Memory Resources to Containers and Pods

The following diagram illustrates Kubernetes resource units, the resource lifecycle, and how to use resource limits.

CPU and Memory Units

Kubernetes defines one CPU as: 1 AWS vCPU 1 GCP Core 1 Azure vCore 1 Hyper‑thread on a hyper‑threaded Intel CPU

Below is a Deployment manifest that sets memory and CPU requests and limits for a container.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: aks-application
spec:
  replicas: 1
  selector:
    matchLabels:
      app: aks-application
  template:
    metadata:
      labels:
        app: aks-application
    spec:
      containers:
      - name: aks-application
        image: hubname/aks-application-image:1.0.0
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 250m
            memory: 256Mi

Assign memory resources to containers and Pods

Assign CPU resources to containers and Pods

Kubernetes best‑practice resource requests and limits

Guidelines for Azure Kubernetes Service (AKS) developers

Resources Quota: Limiting Namespace Resource Consumption

ResourceQuota objects define total resource consumption limits for a namespace, restricting the total number of certain objects or the aggregate compute resources that Pods may use.

How ResourceQuota works:

Different teams can work in separate namespaces. Cluster administrators can create one or more ResourceQuota objects per namespace. When users create resources (e.g., Pods, Services) the quota system tracks usage and rejects creations that exceed the hard limits, returning HTTP 403 FORBIDDEN. If a namespace has compute‑resource quotas enabled, users must specify both requests and limits; otherwise the request is denied. The LimitRanger admission controller can provide default values for Pods that omit these fields.

Example ResourceQuota definition:

apiVersion: v1
kind: ResourceQuota
metadata:
  name: backend-storage-quota
spec:
  hard:
    persistentvolumeclaims: "2"
    requests.storage: "1Gi"
---
apiVersion: v1
kind: ResourceQuota
metadata:
  name: backend-namespace-quota
spec:
  hard:
    request.cpu: 400m
    request.memory: 9600Mi
    limits.cpu: 1200m
    limits.memory: 11600Mi

Apply the quota with:

kubectl apply -f resource-quota.yaml --namespace backend

Limit Ranges: Configuring Default CPU Requests and Limits

If a namespace has a quota, setting default memory limits is helpful.

Adding a LimitRange to a namespace not only caps CPU and memory but also enforces minimum and maximum storage sizes for PersistentVolumeClaims.

apiVersion: v1
kind: LimitRange
metadata:
  name: backend-limit-range
spec:
  limits:
  - default:
      memory: 110Mi
      cpu: 500m
    defaultRequest:
      memory: 20Mi
      cpu: 100m
    type: Container
---
apiVersion: v1
kind: LimitRange
metadata:
  name: backend-storage-limits
spec:
  limits:
  - type: PersistentVolumeClaim
    max:
      storage: 5Gi
    min:
      storage: 2Gi

Apply the limit range similarly with kubectl apply -f limit-range.yaml.

Tools for Managing Kubernetes CPU and Memory

Popeye – scans clusters for configuration, resource, and network issues and generates detailed reports.

Goldilocks – scans Pods for resource limits and provides recommendation reports.

Kube‑advisor – Azure‑team tool that scans containers for missing resources and suggests requests.

K9s + benchmark – CLI that simplifies management, monitoring, and benchmarking of clusters.

These tools can be combined with Datadog, Grafana + Prometheus, or Azure Monitor for enhanced observability.

Summary

Set resource requests to obtain CPU and memory usage information for specific applications/containers.

Set resource limits and run load tests to detect container behavior under high load.

Monitor container CPU and memory usage.

Monitor persistent volume usage.

Check whether LimitRanges can be applied to enforce resource constraints.

Use ResourceQuota (generally not recommended for production environments).

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeKubernetesCPUMemoryLimitRangeResourceQuota
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment