Resource Quotas not working

What kind of request is this (question/bug/enhancement/feature request): BUG

Steps to reproduce (least amount of steps as possible):

  • Assign a resource quota to a project and to the namespace. The namespace has 0 pods running.
  • Resource Quotas values are:

Resource Type: CPU Limit
Project Limit: 2000 milli CPUs
Namespace Limit: 500 mili CPUs.

(I have also tried using higher values like Project Limit: 10000 and Namespace Limit: 5000 but nothing changes)

Result: I cannot start even a single pod. In the Rancher Server logs I see:

2018-11-28T08:52:54.423947842Z 2018/11/28 08:52:54 [ERROR] NamespaceController backend [secretsController] failed with : secrets “#####-nl” is forbidden: exceeded quota: default-wcxcn, requested: secrets=1, used: secrets=4, limited: secrets=0
2018-11-28T08:52:54.430439658Z 2018/11/28 08:52:54 [ERROR] NamespaceController backend [secretsController] failed with : secrets “default-token-7j8zg” is forbidden: exceeded quota: default-wcxcn, requested: secrets=1, used: secrets=4, limited: secrets=0

I have set Resource Quotas just for the CPU but I get the error regarding the secrets which I did not limit anywhere and it is totally unrelated to the CPU limits. I have 4 secrets created for the Project and I did not define any Secrets limits in the Resource Quotas anywhere but I get this error that prevents even launching a single pod. I have tried also adding a Secret Limits in the Resource Quotas section like it follows:

Resource Type: Secrets
Project Limit: 100
Namespace Limit: 50

If I do this I get the following error when trying to launch a pod:

Updating
Pods “######-######-eu-west-1-7c5b778687-b7cpw” is forbidden: failed quota: default-wcxcn: must specify limits.cpu; Deployment does not have minimum availability.

Of course as soon as I remove the Resource Quotas for the Project it starts working again and I can launch pods.

Environment information

  • Rancher version: rancher/rancher:latest
  • Installation option : Single Instance

Cluster information

  • Cluster type : Custom
  • Machine type (cloud/VM/metal) and specifications (CPU/memory): Cloud AWS t2.medium
  • Kubernetes version (use kubectl version ): 1.11.3-rancher1-1

Lets see the manifest where you declare the limits and requests.

Do you set cluster/ns wide defaults also (LimitRange) ?