Resource quota policies control the amount of resources that are available to your users. You define resource quota policies so that you limit the resources that can be consumed by each user, project, or the organization. The use cases in this procedure are an introduction to resource quota policies.
If you do not have any resource quota policies defined, then no governance is applied and users can consume resources until all available resources are used up.
As a cloud administrator, you can create one or more resource quota policies and apply them, for example, at the organization level. As users across the organization request deploy resources, resource quota policies track the consumption of resources to ensure that new deployment requests do not exceed the resource limits defined in the policies.
- If the policy scope is organization, then all resources in your organization are managed based on the defined policies.
- If the policy scope is multiple projects, then the resources that are associated with the specified projects are managed based on the defined policy.
- If the policy scope is a single project, then the resources that are associated with that project are managed based on the defined policy. Other projects are not affected.
When defining resource quotas, you must specify scope level limits for each resource. Level limits provide additional resource governance. For example, if you want to apply a resource quota policy to the whole organization, you can set the scope level to organization limits, or you can define limits for a smaller segment, such as projects or users within that organization.
You can set only one limit for a resource type per scope level in the same policy. For example, you can set a resource quota for storage consumption at the organization level and per user in the same policy. You cannot define two storage quotas at the organization level in the same policy.
Resource quota limits are dependent on the broad policy scope. If you change the scope after you define the resource quota limits, the resource quota settings are deleted and you must start over.
| Option | Description | Available at these policy scope levels |
|---|---|---|
| Organization Limits | Limits the amount of resources that are available for consumption at the organization level. Resource quotas with organization limits are distributed among all users or all projects in the organization. |
|
| Organization User Limits | Limits the total amount of resources that each user can consume within the organization. |
|
| Projects Limits | Limits the amount of resources that are available for consumption at the project level. Resource quotas with project limits are distributed among all users in the specified projects. Project limits are not cumulative. If the policy scope is set to multiple projects, the resource limits are applied per project. |
|
| Projects User Limits | Limits the total amount of resources that each user who belongs to the specified projects can consume at the project level. |
|
- Multiple resource quota policies might be enforceable. The resource quota policies are evaluated, and an enforced policy is applied to the deployment request. When there are multiple policies defined for a resource at the same scope level, the resource quota with the lowest limit value is enforced. The use case in this procedure provides more information about how resource quotas are processed.
- When a resource quota policy is enforced, all existing deployment resources are evaluated against the resource quota, except for deployment requests that are in-progress. Resource use is updated after the deployment request is completed, so in-progress requests are not included in the evaluation.
- When deploying cloud templates, resource quota policies allow over-provisioning of storage because the system does not know the actual storage size of the deployment before the machine is provisioned in the endpoint. After the resource use is updated and the system recognizes that the provisioning resources exceed the resource quota limit, the policy does not allow any subsequent requests.
- Resource quota policies are enforced on the following day 2 actions: Add Disk, Change Owner, Change Project, Resize Machine, Resize Boot Disk, Resize Disk, Update Deployment.
- Resource quota policies support only VMware vSphere, Amazon Web Services, Microsoft Azure and Google Cloud Platform resources created from cloud templates.
- A user requests a catalog item in Service Broker or a cloud template in Cloud Assembly.
- A user changes a deployment or its component resources.
- When you create a new policy or update an existing policy, the system can take up to two minutes to apply the changes. For example, if you create a new deployment within two minutes of updating a policy, the policy updates might not apply to the deployment request.
In this use case, there are three policy definitions that illustrate how you can construct resource quota policies and the results when they are enforced.
Procedure
- Configure Resource Quota Policy 3.
As a cloud administrator, you want to distribute resources at the project and organization level evenly among users.
- Define when the policy is valid.
Setting Sample Value Scope Organization
This policy is applied to the whole organization.
- Define the resource quotas.
Scope Level Resource and Limit Organization Limits CPU = 1000 Organization User Limits CPU = 50 Project User Limits CPU = 3 In this scenario, the resources that are available at each scope level are evaluated and all three policies are enforced. Again, the lowest scope level limits between the three policies are applied.- Projects User Limits in Policy 3 are applied because the defined value is lower than in Policy 1 and Policy 2.
- Organization User Limits in Policy 3 are not applied. Instead, the limit defined in Policy 1 is applied because the value is lower.
- Organization level limits defined in Policy 3 are applied because the value is lower than in Policy 1.
Based on the configuration examples above, the following diagram summarizes how resource quotas across multiple policies are applied.
- Define when the policy is valid.
What to do next
- For more examples of how other policies are processed and enforced, see How are Service Broker policies processed.
- Configure policies that are relevant to your organizations and projects.
- Monitor provisioned resources on the My Resource Usage dashboard. See Learn more about the Service Broker catalog items.
