Quota policy examples

The following policy examples demonstrate how to enforce quota limits on cluster resources.

Basic quota example

The following is a basic quota policy that limits package size, RAM, disk, and network resources for the sandboxed namespace. Without such policy, a user has unrestricted use of resources.

quota::/sandbox/sam {
  { max.package.size 2GB }
  { total.package.size 6GB }
  { total.memory 5GB }
  { total.disk 15GB }
  { total.network 1Gbps }
}

Namespace quota example

The following policy block limits the maximum amount of resources individual jobs and job instances in the /dev namespace may consume.

quota::/dev {
  { max.job.cpu 200 }
  { max.instance.cpu 100 }
  { max.job.memory 64GB }
  { max.instance.memory 32GB }
  { max.job.disk 50TB }
  { max.instance.disk 25TB }
  { max.job.network 10Mbps }
  { max.instance.network 5Mbps }
}

In the above example, cpu is CPU time in milliseconds per second. Thus, for max.instance.cpu, if the container instance consumes more that 200 milliseconds of CPU per second it exceeds the quota.

Namespace quota example 2

The following policy block limits the total amount of resources all jobs in the /prod/website namespace may consume.

quota::/prod/website {
  { total.cpu 1000 }
  { total.memory 100GB }
  { total.disk 10TB }
  { total.network 250Gbps }
}

Namespace quota example 3

The following policy block limits the maximum memory and disk space individual all job instances in the /prod namespace may consume, and the maximum memory and disk space each job instance in the /prod namespace may consume.

quota::/prod {
  { max.instance.memory 256MB }
  { total.memory 20GB }
  { max.instance.disk 5GB }
  { total.disk 100GB }
}

Namespace quota example 4

You can use templating with the quota realm as follows:

quota::/sandbox/[name] {
  if (LDAP->name == [name])
    { 
      total.package.size 2GB
      total.memory 8GB
      total.disk 20GB
      total.network 1Gbps
    }
}

Quota job instance limit example

The following example limits the number of instances you can create for an individual job. Note that in this case you specify the complete FQN (namespace and local name) to indicate the job to which the limit applies:

quota::/sandbox/user::my-job {
  { max.instances 3 }
}

With this example, you can create up to 3 instances of the specified job. However, if you try to create more than that, such as 4, you get the following error:

Application instances updated from 3 to 4 successfully.
Applying update... error
Error: Max instance quota of 3 on "quota::/sandbox/user::my-job" exceeded