# Kubernetes ResourceQuota for Provisioning Namespace # Limits total resource consumption per deployment mode # Mode-specific overrides: # - Solo: 4 CPU, 8GB RAM, 5 storage, 10 pods max # - MultiUser: 8 CPU, 16GB RAM, 20 storage, 20 pods max # - CI/CD: 16 CPU, 32GB RAM, 50 storage, 50 pods max (ephemeral workloads) # - Enterprise: Unlimited (define via other means) # # Usage: # nickel eval --format json resource-quota.yaml.ncl | yq -P > resource-quota.yaml # kubectl apply -f resource-quota.yaml { apiVersion = "v1", kind = "ResourceQuota", metadata = { name = "provisioning-quota", namespace = "provisioning", labels = { component = "provisioning-platform", }, }, spec = { # Hard limits for resources hard = { # CPU quota "requests.cpu" = "8", # Total CPU requests "limits.cpu" = "16", # Total CPU limits # Memory quota "requests.memory" = "16Gi", # Total memory requests "limits.memory" = "32Gi", # Total memory limits # Storage quota "requests.storage" = "200Gi", # Total persistent storage requests # Pod quota pods = "20", # Maximum number of pods "replicationcontrollers" = "10", # ReplicationControllers limit "deployments.apps" = "10", # Deployments limit "statefulsets.apps" = "5", # StatefulSets limit "jobs.batch" = "10", # Jobs limit "cronjobs.batch" = "5", # CronJobs limit # Service quota services = "10", # Maximum services "services.nodeports" = "2", # Maximum NodePort services # Persistent volume claims "persistentvolumeclaims" = "20", # Maximum PVCs # Secrets and ConfigMaps secrets = "50", # Maximum secrets "configmaps" = "50", # Maximum ConfigMaps # Ingress quota "ingresses.networking.k8s.io" = "5", # Maximum ingresses }, # Scoped quotas (apply only to pods matching scope selectors) scopeSelector = { matchExpressions = [ { operator = "In", scopeName = "PriorityClass", values = ["high", "medium"], }, ], }, }, }