Skip to content

Commit

Permalink
Merge pull request #42051 from sybereal/fix-crossnamespacepodaffinity
Browse files Browse the repository at this point in the history
Fix example errors for CrossNamespacePodAffinity
  • Loading branch information
k8s-ci-robot authored Oct 10, 2023
2 parents 329af06 + cfb6309 commit 4233c52
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions content/en/docs/concepts/policy/resource-quotas.md
Original file line number Diff line number Diff line change
Expand Up @@ -465,7 +465,7 @@ from getting scheduled in a failure domain.
Using this scope operators can prevent certain namespaces (`foo-ns` in the example below)
from having pods that use cross-namespace pod affinity by creating a resource quota object in
that namespace with `CrossNamespaceAffinity` scope and hard limit of 0:
that namespace with `CrossNamespacePodAffinity` scope and hard limit of 0:
```yaml
apiVersion: v1
Expand All @@ -478,11 +478,12 @@ spec:
pods: "0"
scopeSelector:
matchExpressions:
- scopeName: CrossNamespaceAffinity
- scopeName: CrossNamespacePodAffinity
operator: Exists
```

If operators want to disallow using `namespaces` and `namespaceSelector` by default, and
only allow it for specific namespaces, they could configure `CrossNamespaceAffinity`
only allow it for specific namespaces, they could configure `CrossNamespacePodAffinity`
as a limited resource by setting the kube-apiserver flag --admission-control-config-file
to the path of the following configuration file:

Expand All @@ -497,12 +498,13 @@ plugins:
limitedResources:
- resource: pods
matchScopes:
- scopeName: CrossNamespaceAffinity
- scopeName: CrossNamespacePodAffinity
operator: Exists
```
With the above configuration, pods can use `namespaces` and `namespaceSelector` in pod affinity only
if the namespace where they are created have a resource quota object with
`CrossNamespaceAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
`CrossNamespacePodAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.

## Requests compared to Limits {#requests-vs-limits}

Expand Down

0 comments on commit 4233c52

Please sign in to comment.