OSDOCS-6582: CLIOT-28 CPU Usage guidance

Author: GroceryBoyJr

_topic_maps/_topic_map.yml

@@ -3210,6 +3210,8 @@ Topics:
 - Name: Planning your environment according to object maximums
   File: planning-your-environment-according-to-object-maximums
   Distros: openshift-origin,openshift-enterprise
+- Name: Compute Resource Quotas
+  File: compute-resource-quotas
 - Name: Recommended host practices for IBM Z & IBM LinuxONE environments
   File: ibm-z-recommended-host-practices
   Distros: openshift-enterprise

modules/admin-limit-operations.adoc

@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// ../scalability_and_performance/compute-resource-quotas.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="admin-limit-operations_{context}"]
+= Limit range operations
+
+== Creating a limit range
+
+Shown here is an example procedure to follow for creating a limit range.
+
+.Procedure
+
+. Create the object:
++
+[source,terminal]
+----
+$ oc create -f <limit_range_file> -n <project>
+----
+
+== View the limit
+
+You can view any limit ranges that are defined in a project by navigating in the web console to the `Quota` page for the project. You can also use the CLI to view limit range details by performing the following steps:
+
+.Procedure
+
+. Get the list of limit range objects that are defined in the project. For example, a project called `demoproject`:
++
+[source,terminal]
+----
+$ oc get limits -n demoproject
+----
++
+.Example Output
++
+[source,terminal]
+----
+NAME              AGE
+resource-limits   6d
+----
+
+. Describe the limit range. For example, for a limit range called `resource-limits`:
++
+[source,terminal]
+----
+$ oc describe limits resource-limits -n demoproject
+----
++
+.Example Output
++
+[source,terminal]
+----
+Name:                           resource-limits
+Namespace:                      demoproject
+Type                            Resource                Min     Max     Default Request Default Limit   Max Limit/Request Ratio
+----                            --------                ---     ---     --------------- -------------   -----------------------
+Pod                             cpu                     200m    2       -               -               -
+Pod                             memory                  6Mi     1Gi     -               -               -
+Container                       cpu                     100m    2       200m            300m            10
+Container                       memory                  4Mi     1Gi     100Mi           200Mi           -
+openshift.io/Image              storage                 -       1Gi     -               -               -
+openshift.io/ImageStream        openshift.io/image      -       12      -               -               -
+openshift.io/ImageStream        openshift.io/image-tags -       10      -               -               -
+----
+
+== Deleting a limit range
+
+To remove a limit range, run the following command:
++
+[source,terminal]
+----
+$ oc delete limits <limit_name>
+----
+S

modules/admin-quota-limits.adoc

@@ -0,0 +1,295 @@
+// Module included in the following assemblies:
+//
+// ../scalability_and_performance/compute-resource-quotas.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="admin-quota-limits_{context}"]
+= Setting limit ranges
+
+A limit range, defined by a `LimitRange` object, defines compute resource constraints at the pod, container, image, image stream, and persistent volume claim level. The limit range specifies the amount of resources that a pod, container, image, image stream, or persistent volume claim can consume.
+
+All requests to create and modify resources are evaluated against each `LimitRange` object in the project. If the resource violates any of the enumerated constraints, the resource is rejected. If the resource does not set an explicit value, and if the constraint supports a default value, the default value is applied to the resource.
+
+For CPU and memory limits, if you specify a maximum value but do not specify a minimum limit, the resource can consume more CPU and memory resources than the maximum value.
+
+
+ifdef::openshift-online[]
+[IMPORTANT]
+====
+For {product-title} Pro, the maximum pod memory is 3Gi. The minimum pod or container memory that you can specify is 100Mi.
+
+For {product-title} Starter, the maximum pod memory is 1Gi. The minimum pod or container memory that you can specify is 200Mi.
+====
+endif::[]
+
+.Core limit range object definition
+
+[source,yaml]
+----
+apiVersion: "v1"
+kind: "LimitRange"
+metadata:
+  name: "core-resource-limits" <1>
+spec:
+  limits:
+    - type: "Pod"
+      max:
+        cpu: "2" <2>
+        memory: "1Gi" <3>
+      min:
+        cpu: "200m" <4>
+        memory: "6Mi" <5>
+    - type: "Container"
+      max:
+        cpu: "2" <6>
+        memory: "1Gi" <7>
+      min:
+        cpu: "100m" <8>
+        memory: "4Mi" <9>
+      default:
+        cpu: "300m" <10>
+        memory: "200Mi" <11>
+      defaultRequest:
+        cpu: "200m" <12>
+        memory: "100Mi" <13>
+      maxLimitRequestRatio:
+        cpu: "10" <14>
+----
+<1> The name of the limit range object.
+<2> The maximum amount of CPU that a pod can request on a node across all containers.
+<3> The maximum amount of memory that a pod can request on a node across all containers.
+<4> The minimum amount of CPU that a pod can request on a node across all containers. If you do not set a `min` value or you set `min` to `0`, the result is no limit and the pod can consume more than the `max` CPU value.
+<5> The minimum amount of memory that a pod can request on a node across all containers. If you do not set a `min` value or you set `min` to `0`, the result is no limit and the pod can consume more than the `max` memory value.
+<6> The maximum amount of CPU that a single container in a pod can request.
+<7> The maximum amount of memory that a single container in a pod can request.
+<8> The minimum amount of CPU that a single container in a pod can request. If you do not set a `min` value or you set `min` to `0`, the result is no limit and the pod can consume more than the `max` CPU value.
+<9> The minimum amount of memory that a single container in a pod can request. If you do not set a `min` value or you set `min` to `0`, the result is no limit and the pod can consume more than the `max` memory value.
+<10> The default CPU limit for a container if you do not specify a limit in the pod specification.
+<11> The default memory limit for a container if you do not specify a limit in the pod specification.
+<12> The default CPU request for a container if you do not specify a request in the pod specification.
+<13> The default memory request for a container if you do not specify a request in the pod specification.
+<14> The maximum limit-to-request ratio for a container.
+
+
+.{product-title} Limit range object definition
+
+[source,yaml]
+----
+apiVersion: "v1"
+kind: "LimitRange"
+metadata:
+  name: "openshift-resource-limits"
+spec:
+  limits:
+    - type: openshift.io/Image
+      max:
+        storage: 1Gi <1>
+    - type: openshift.io/ImageStream
+      max:
+        openshift.io/image-tags: 20 <2>
+        openshift.io/images: 30 <3>
+    - type: "Pod"
+      max:
+        cpu: "2" <4>
+        memory: "1Gi" <5>
+        ephemeral-storage: "1Gi" <6>
+      min:
+        cpu: "1" <7>
+        memory: "1Gi" <8>
+----
+<1> The maximum size of an image that can be pushed to an internal registry.
+<2> The maximum number of unique image tags as defined in the specification for the image stream.
+<3> The maximum number of unique image references as defined in the specification for the image stream status.
+<4> The maximum amount of CPU that a pod can request on a node across all containers.
+<5> The maximum amount of memory that a pod can request on a node across all containers.
+<6> The maximum amount of ephemeral storage that a pod can request on a node across all containers.
+<7> The minimum amount of CPU that a pod can request on a node across all containers. See the Supported Constraints table for important information.
+<8> The minimum amount of memory that a pod can request on a node across all containers. If you do not set a `min` value or you set `min` to `0`, the result` is no limit and the pod can consume more than the `max` memory value.
+
+You can specify both core and {product-title} resources in one limit range object.
+
+== Container limits
+
+*Supported Resources:*
+
+* CPU
+* Memory
+
+.Supported Constraints
+
+Per container, the following must hold true if specified:
+
+*Container*
+[cols="3a,8a",options="header"]
+|===
+
+|Constraint |Behavior
+
+|`Min`
+|`Min[<resource>]` less than or equal to `container.resources.requests[<resource>]` (required) less than or equal to `container/resources.limits[<resource>]` (optional)
+
+If the configuration defines a `min` CPU, the request value must be greater than the CPU value. If you do not set a `min` value or you set `min` to `0`, the result is no limit and the pod can consume more of the resource than the `max` value.
+
+|`Max`
+|`container.resources.limits[<resource>]` (required) less than or equal to `Max[<resource>]`
+
+If the configuration defines a `max` CPU, you do not need to define a CPU request value. However, you must set a limit that satisfies the maximum CPU constraint that is specified in the limit range.
+
+|`MaxLimitRequestRatio`
+|`MaxLimitRequestRatio[<resource>]` less than or equal to (`container.resources.limits[<resource>]` / `container.resources.requests[<resource>]`)
+
+If the limit range defines a `maxLimitRequestRatio` constraint, any new containers must have both a `request` and a `limit` value. Additionally, {product-title} calculates a limit-to-request ratio by dividing the `limit` by the `request`. The result should be an integer greater than 1.
+
+For example, if a container has `cpu: 500` in the `limit` value, and `cpu: 100` in the `request` value, the limit-to-request ratio for `cpu` is `5`. This ratio must be less than or equal to the `maxLimitRequestRatio`.
+|===
+
+*Supported Defaults:*
+
+`Default[<resource>]`:: Defaults `container.resources.limit[<resource>]` to specified value if none.
+`Default Requests[<resource>]`:: Defaults `container.resources.requests[<resource>]` to specified value if none.
+
+
+== Pod limits
+
+*Supported Resources:*
+
+* CPU
+* Memory
+
+*Supported Constraints:*
+
+Across all containers in a pod, the following must hold true:
+
+.Pod
+[cols="3a,8a",options="header"]
+|===
+
+|Constraint |Enforced Behavior
+
+|`Min`
+|`Min[<resource>]` less than or equal to `container.resources.requests[<resource>]` (required) less than or equal to `container.resources.limits[<resource>]`. If you do not set a `min` value or you set `min` to `0`, the result is no limit and the pod can consume more of the resource than the `max` value.
+
+|`Max`
+|`container.resources.limits[<resource>]` (required) less than or equal to `Max[<resource>]`.
+
+|`MaxLimitRequestRatio`
+|`MaxLimitRequestRatio[<resource>]` less than or equal to (`container.resources.limits[<resource>]` / `container.resources.requests[<resource>]`).
+
+|===
+
+== Image limits
+
+Supported Resources:
+
+* Storage
+
+Resource type name:
+
+- `openshift.io/Image`
+
+Per image, the following must hold true if specified:
+
+.Image
+[cols="3a,8a",options="header"]
+|===
+|Constraint |Behavior
+
+|`Max`
+|`image.dockerimagemetadata.size` less than or equal to `Max[<resource>]`
+|===
+
+[NOTE]
+====
+To prevent blobs that exceed the limit from being uploaded to the registry, the registry must be configured to enforce quota. The `REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA` environment variable must be set to `true`. By default, the environment variable is set to `true` for new deployments.
+====
+
+== Image stream limits
+
+*Supported Resources:*
+
+* `openshift.io/image-tags`
+* `openshift.io/images`
+
+*Resource type name:*
+
+- `openshift.io/ImageStream`
+
+Per image stream, the following must hold true if specified:
+
+.ImageStream
+[cols="3a,8a",options="header"]
+|===
+|Constraint |Behavior
+
+|`Max[openshift.io/image-tags]`
+|`length( uniqueimagetags( imagestream.spec.tags ) )` less than or equal to `Max[openshift.io/image-tags]`
+
+`uniqueimagetags` returns unique references to images of given spec tags.
+
+|`Max[openshift.io/images]`
+|`length( uniqueimages( imagestream.status.tags ) )` less than or equal to `Max[openshift.io/images]`
+
+`uniqueimages` returns unique image names found in status tags. The name is equal to the digest for the image.
+
+|===
+
+== Counting of image references
+
+The `openshift.io/image-tags` resource represents unique stream limits. Possible references are an `ImageStreamTag`, an `ImageStreamImage`, or a `DockerImage`. Tags can be created by using the `oc tag` and `oc import-image` commands or by using image streams. No distinction is made between internal and external references. However, each unique reference that is tagged in an image stream specification is counted just once. It does not restrict pushes to an internal container image registry in any way, but is useful for tag restriction.
+
+The `openshift.io/images` resource represents unique image names that are recorded in image stream status. It helps to restrict several images that can be pushed to the internal registry. Internal and external references are not distinguished.
+
+
+== PersistentVolumeClaim limits
+
+*Supported Resources:*
+
+* Storage
+
+*Supported Constraints:*
+
+Across all persistent volume claims in a project, the following must hold true:
+
+.Pod
+[cols="3a,8a",options="header"]
+|===
+
+|Constraint |Enforced Behavior
+
+|`Min`
+|Min[<resource>] +<=+ claim.spec.resources.requests[<resource>] (required)
+
+|`Max`
+|claim.spec.resources.requests[<resource>] (required) +<=+ Max[<resource>]
+|===
+
+[[limit-range-obj-def]]
+
+.Limit Range Object Definition
+
+[source,json]
+----
+{
+  "apiVersion": "v1",
+  "kind": "LimitRange",
+  "metadata": {
+    "name": "pvcs" <1>
+  },
+  "spec": {
+    "limits": [{
+        "type": "PersistentVolumeClaim",
+        "min": {
+          "storage": "2Gi" <2>
+        },
+        "max": {
+          "storage": "50Gi" <3>
+        }
+      }
+    ]
+  }
+}
+----
+<1> The name of the limit range object.
+<2> The minimum amount of storage that can be requested in a persistent volume claim.
+<3> The maximum amount of storage that can be requested in a persistent volume claim.
+