From 7990056c58b6dfea5be123305cb9370ea12cbc8a Mon Sep 17 00:00:00 2001 From: Jordan Liggitt Date: Wed, 27 Nov 2019 12:07:21 -0500 Subject: [PATCH] Update docs for v1 resource quota configuration (#17547) --- .../docs/concepts/policy/resource-quotas.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/content/en/docs/concepts/policy/resource-quotas.md b/content/en/docs/concepts/policy/resource-quotas.md index 3c6bca68a9592..14fde560663a6 100644 --- a/content/en/docs/concepts/policy/resource-quotas.md +++ b/content/en/docs/concepts/policy/resource-quotas.md @@ -537,12 +537,33 @@ With this mechanism, operators will be able to restrict usage of certain high pr To enforce this, kube-apiserver flag `--admission-control-config-file` should be used to pass path to the following configuration file: +{{< tabs name="example1" >}} +{{% tab name="apiserver.config.k8s.io/v1" %}} ```yaml +apiVersion: apiserver.config.k8s.io/v1 +kind: AdmissionConfiguration +plugins: +- name: "ResourceQuota" + configuration: + apiVersion: apiserver.config.k8s.io/v1 + kind: ResourceQuotaConfiguration + limitedResources: + - resource: pods + matchScopes: + - scopeName: PriorityClass + operator: In + values: ["cluster-services"] +``` +{{% /tab %}} +{{% tab name="apiserver.k8s.io/v1alpha1" %}} +```yaml +# Deprecated in v1.17 in favor of apiserver.config.k8s.io/v1 apiVersion: apiserver.k8s.io/v1alpha1 kind: AdmissionConfiguration plugins: - name: "ResourceQuota" configuration: + # Deprecated in v1.17 in favor of apiserver.config.k8s.io/v1, ResourceQuotaConfiguration apiVersion: resourcequota.admission.k8s.io/v1beta1 kind: Configuration limitedResources: @@ -552,6 +573,8 @@ plugins: operator: In values: ["cluster-services"] ``` +{{% /tab %}} +{{< /tabs >}} Now, "cluster-services" pods will be allowed in only those namespaces where a quota object with a matching `scopeSelector` is present. For example: