LimitRanges

A LimitRange enforces minimum and maximum resource constraints on a per-pod or per-container basis within a namespace. It also sets default requests and limits for containers that do not specify their own.

Creating a LimitRange

apiVersion: v1
kind: LimitRange
metadata:
  name: resource-constraints
  namespace: development
spec:
  limits:
    - type: Container
      default:
        cpu: "500m"
        memory: "256Mi"
      defaultRequest:
        cpu: "100m"
        memory: "128Mi"
      max:
        cpu: "2"
        memory: "1Gi"
      min:
        cpu: "50m"
        memory: "64Mi"

kubectl apply -f limitrange.yaml
kubectl get limitrange -n development

How It Works

When a pod is created in the namespace without resource specifications:

• default values are applied as limits
• defaultRequest values are applied as requests
• min/max are enforced -- pods requesting resources outside the range are rejected

Viewing Active LimitRanges

kubectl describe limitrange resource-constraints -n development

The output shows all constraint types, defaults, and min/max boundaries.

Pod-Level Limits

You can also constrain total resources per pod:

spec:
  limits:
    - type: Pod
      max:
        cpu: "4"
        memory: "4Gi"

Testing the Constraints

# This pod will get default requests and limits
kubectl run test-pod --image=nginx -n development

# Verify defaults were applied
kubectl get pod test-pod -n development -o jsonpath='{.spec.containers[0].resources}'

If you try to create a container exceeding the max or below the min, the API server rejects the request with a validation error. LimitRanges protect namespaces from pods that accidentally omit resource specifications or request excessive resources.