Managing Resource Usage

Page last updated:

Warning: This feature is a beta component and is intended for evaluation and test purposes only. Do not use this feature in a production environment. Product support and future availability are not guaranteed for beta components.

This topic describes how to manage and monitor resource utilization in Enterprise Pivotal Container Service (Enterprise PKS) using the PKS API.

As a Enterprise PKS administrator, you can set a maximum limit on each user’s total VM resource allocation.

PKS API quota commands provide a way for you to restrict a user’s total allocated VM memory size and CPU count. Using the PKS API you can create rules, review rules and review users’ current total utilization.

Note: Quota limitations affect only non-admin user accounts. A quota applied to an admin user account is ignored.

Warning: This feature is a beta component and is intended for evaluation and test purposes only. Do not use this feature in a production environment. Product support and future availability are not guaranteed for beta components.

Set up Your API Access Token

The PKS Quota and Resource API commands in this topic use an access token environment variable.

  1. To export your access token into an environment variable, run the following command:

    pks login -a PKS-API -u USER-ID -p 'PASSWORD' -k; \
    export YOUR-ACCESS-TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
    

    Where:

    • PKS-API is the FQDN of your PKS API endpoint. For example, api.pks.example.com.
    • USER-ID is your Enterprise PKS user ID.
    • PASSWORD is your Enterprise PKS password.
    • YOUR-ACCESS-TOKEN is the name of your access token environment variable.

    For example:

    $ pks login -a pks.my.lab -u alana -p 'psswrdabc123...!' -k; \
    export my_token=$(bosh int ~/.pks/creds.yml --path /access_token)
    

    Note: If your operator has configured Enterprise PKS to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in PKS CLI. For information about configuring SAML, see Configure SAML as an Identity Provider in the Installing topic for your IaaS.

Manage Quota Limitations

This section describes how to add, modify and delete user quotas.

Add a Quota

To enforce a quota on a specific user, run the following command:

curl -k -X POST \
-H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d \
'{ 
    "owner": "USER-ID",
    "limit": { 
      "cpu": MAX-CPU, 
      "memory": MAX-MEM 
      } 
    }' \
https://PKS-API:9021/v1beta1/quotas

Where:

  • YOUR_ACCESS_TOKEN is your access token environment variable.
  • USER-ID is the user account ID to enforce the quota restriction on.
  • MAX-CPU is the maximum total amount of CPU resources the user can allocate to containers and pods.
  • MAX-MEM is the maximum total amount of memory, in gigabytes, the user can allocate to containers and pods.
  • PKS-API is the FQDN of your PKS API endpoint.

For example:

$ user=exampleuser
$ pks login -a pks.my.lab -u $user -p 'psswrdabc123...!' -k; export TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
$ curl -k -X POST \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d \
'{
    "owner": "cody",
    "limit": {
        "cpu": 4,
        "memory": 5
    }
  }' \
https://example.com:9021/v1beta1/quotas

Modify an Existing Quota

To modify a specific user’s existing quota, run the following command:

curl -k -X PATCH  \ 
-H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d \
'{ 
    "owner": "USER-ID", 
    "limit": { 
      "cpu": MAX-CPU, 
      "memory": MAX-MEM 
      } 
    }' \
https://PKS-API:9021/v1beta1/quotas/USER-ID

Where:

  • YOUR_ACCESS_TOKEN is your access token environment variable.
  • USER-ID is the user account ID to enforce the quota restriction on.
  • MAX-CPU is the maximum total amount of CPU resources the user can allocate to containers and pods.
  • MAX-MEM is the maximum total amount of memory, in gigabytes, the user can allocate to containers and pods.
  • PKS-API is the FQDN of your PKS API endpoint. For example, api.pks.example.com.

For example:

$ user=exampleuser
$ pks login -a pks.my.lab -u $user -p 'psswrdabc123...!' -k; export TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
$ curl -k -X PATCH \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d \
'{ 
    "owner": "cody", 
    "limit": {
"cpu": 4, "memory": 5 } }' \ https://example.com:9021/v1beta1/quotas/$user

Delete a Quota

To delete a specific user’s existing quota, run the following command:

curl -k -X DELETE -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
https://PKS-API:9021/v1beta1/quotas/USER-ID

Where:

  • YOUR_ACCESS_TOKEN is your access token environment variable.
  • PKS-API is the FQDN of your PKS API endpoint.
  • USER-ID is the user account ID to enforce the quota restriction on.

For example:

$ user=exampleuser
$ pks login -a pks.my.lab -u $user -p 'psswrdabc123...!' -k; export TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
$ curl -k -X DELETE -H "Authorization: Bearer $TOKEN" https://example.com:9021/v1beta1/quotas/$user
$ curl -k -X DELETE -H "Authorization: Bearer $TOKEN" https://example.com:9021/v1beta1/quotas/$user
{
  "body":"The quota owner named: \"exampleuser\" not found."
}

View Quotas

The PKS API quotas command reports resource utilization quotas as JSON.

To list the resource quota restrictions currently applied to a single user, run the following command:

curl -k -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
https://PKS-API:9021/v1beta1/quotas/USER-ID

Where:

  • YOUR_ACCESS_TOKEN is your access token environment variable.
  • PKS-API is the FQDN of your PKS API endpoint.
  • USER-ID is the user account ID to report on.

For example:

$ user=exampleuser
$ pks login -a pks.my.lab -u $user -p 'psswrdabc123...!' -k; export TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
$ curl -k -H "Authorization: Bearer $TOKEN" \
https://example.com:9021/v1beta1/quotas/$user 
{
  "owner":"cody",
  "limit":{
      "cpu":2,
      "memory":1.0
  }
}

To list all current resource quota restrictions, run the following command:

curl -k -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
https://PKS-API:9021/v1beta1/quotas

Where:

  • YOUR_ACCESS_TOKEN is your access token environment variable.
  • PKS-API is the FQDN of your PKS API endpoint.

For example:

$ user=exampleuser
$ pks login -a pks.my.lab -u $user -p 'psswrdabc123...!' -k; export TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
$ curl -k -H "Authorization: Bearer $TOKEN" \
https://example.com:9021/v1beta1/quotas
[
  {
    "owner":"cody",
    "limit":{
        "cpu":2,
        "memory":1.0
    }
  }
]

View Usage

The PKS API usages command reports resource utilization as JSON.

To list the current resource utilization for a single user, run the following command:

curl -k -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" https://PKS-API:9021/v1beta1/usages/USER-ID

Where:

  • YOUR_ACCESS_TOKEN is your access token environment variable.
  • PKS-API is the FQDN of your PKS API endpoint.
  • USER-ID is the user account ID whose resource utilization you want to view.

To list the current resource utilization for all users, run the following command:

curl -k -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
https://PKS-API:9021/v1beta1/usages

Where:

  • YOUR_ACCESS_TOKEN is your authentication token environment variable.
  • PKS-API is the FQDN of your PKS API endpoint.

For example:

$ user=exampleuser
$ pks login -a pks.my.lab -u $user -p 'psswrdabc123...!' -k; export TOKEN=$(bosh int ~/.pks/creds.yml --path /access_token)
$ curl -k -H "Authorization: Bearer $TOKEN" \
https://example.com:9021/v1beta1/usages
[
  {
    "owner": "cody",
    "totals": {
      "cpu": 20,
      "memory": 52
    },
    "clusters": [
      {
        "name": "vsp1",
        "cpu": 12,
        "memory": 36
      }
    ]
  }
]


Please send any feedback you have to pks-feedback@pivotal.io.