Cluster Resource Quotas are OpenShift specific resources that are not applicable as-is on a Kubernetes cluster. These aggregate quotas at a multiple namespace level. To apply quotas to a kubernetes cluster, you can convert these into individual namespace level resource quotas. You will have to manually decide on how much quota to allocate for individual namespaces.
You can get the list of ClusterResourceQuotas by running
oc get clusterresourcequotas
Removing all extraneous values, if you want to list a specific cluster resource quotas, you can check it by running:
CLUSTER_QUOTA_NAME=<<clusterquotaname>>
oc get clusterresourcequota $CLUSTER_QUOTA_NAME -o yaml | \
yq e 'del(.metadata.creationTimestamp)' - \
| yq e 'del(.metadata.generation)' - \
| yq e 'del(.metadata.managedFields)' - \
| yq e 'del(.metadata.annotations.*)' - \
| yq e 'del(.metadata.labels)' - \
| yq e 'del(.metadata.resourceVersion)' - \
| yq e 'del(.metadata.selfLink)' - \
| yq e 'del(.metadata.uid)' -
The following script will generate two files for each ClusterResourceQuota.
- Original ClusterResourceQuota that you can use to decide the namespaces this quota applies to. This is a manual decision.
- A template for Kubernetes ResourceQuota. The quota values are retained at the cluster resource quota level. You can copy and edit this file to split up the ClusterResourceQuotas into ResourceQuotas for specific namespaces. This requires a little manual editing once you decide quota for each namespace.
The files will be saved in the folder clusterconfigs/to-review/cluster-resource-quotas
mkdir -p clusterconfigs/to-review/cluster-resource-quotas
for i in $(oc get clusterresourcequota -o jsonpath='{.items[*].metadata.name}'); do \
echo "Exporting Cluster Resource Quota:" $i; \
oc get clusterresourcequota $i -o yaml | \
yq e 'del(.metadata.creationTimestamp)' - \
| yq e 'del(.metadata.generation)' - \
| yq e 'del(.metadata.managedFields)' - \
| yq e 'del(.metadata.annotations.*)' - \
| yq e 'del(.metadata.labels)' - \
| yq e 'del(.metadata.resourceVersion)' - \
| yq e 'del(.metadata.selfLink)' - \
| yq e 'del(.metadata.uid)' - > clusterconfigs/to-review/cluster-resource-quotas/$i.original; \
oc get clusterresourcequota $i -o yaml | \
yq e '.apiVersion |= "v1"' - \
| yq e '.kind |= "ResourceQuota"' - \
| yq e 'del(.metadata.creationTimestamp)' - \
| yq e 'del(.metadata.generation)' - \
| yq e 'del(.metadata.managedFields)' - \
| yq e 'del(.metadata.annotations.*)' - \
| yq e 'del(.metadata.labels)' - \
| yq e 'del(.metadata.resourceVersion)' - \
| yq e 'del(.metadata.selfLink)' - \
| yq e 'del(.metadata.uid)' - \
| yq e 'del(.spec.selector)' - \
| yq e '.metadata.namespace |= "CHANGEME"' - > clusterconfigs/to-review/cluster-resource-quotas/$i.yaml
done
The above command will generate two files for each ClusterResourceQuota as shown below:
$ cat clusterconfigs/to-review/cluster-resource-quotas/for-name.original
apiVersion: quota.openshift.io/v1
kind: ClusterResourceQuota
metadata:
name: for-name
spec:
quota:
hard:
pods: "10"
secrets: "20"
selector:
annotations: null
labels:
matchLabels:
name: frontend
$ cat clusterconfigs/to-review/cluster-resource-quotas/for-name.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: for-name
namespace: CHANGEME
spec:
quota:
hard:
pods: "10"
secrets: "20"
Note the selection criteria in the original file. You can use that to determine the openshift projects impacted by the ClusterResourceQuota. You may have to split this quota among multiple namespaces in the target kubernetes cluster.
Once you decide the specific ResourceQuotas to apply to individual namespaces, copy the second file as clusterconfigs/namespaces/NAMESPACE/quota.yaml and change the quota values, the value for namespace (namespace: CHANGEME) and save the file. This changed quota would be applied to the target kubernetes cluster.