Intelligent resource overcommit management for Kubernetes clusters
π Quick Start β’ π Documentation β’ π€ Contributing β’ π License
The k8s-overcommit Operator is a Kubernetes operator designed to intelligently manage resource overcommit on pod resource requests. It automatically adjusts CPU and memory requests based on configurable overcommit classes, enabling better cluster resource utilization while maintaining workload performance.
- ποΈ Flexible Overcommit Classes: Define different overcommit policies for different workload types
- π·οΈ Label-Based Configuration: Apply overcommit using pod or namespace labels
- π‘οΈ Namespace Exclusions: Protect critical namespaces from overcommit policies
- π Default Policies: Fallback overcommit values when no specific class is defined
- π Admission Webhooks: Seamless integration with Kubernetes admission controllers
- π Resource Optimization: Improve cluster resource utilization efficiency
Clone the repository to your local machine:
git clone https://github.com/InditexTech/k8s-overcommit-operator.git
cd k8s-overcommit-operatorEdit the values.yaml file to customize your deployment. Below is an example configuration:
# Example configuration
deployment:
image:
registry: ghcr.io
image: inditextech/k8s-overcommit-operator
tag: 1.0.0Install the operator using Helm:
helm install k8s-overcommit-operator chartFor OpenShift or clusters with OLM installed, apply the catalog source:
kubectl apply -f https://raw.githubusercontent.com/InditexTech/k8s-overcommit-operator/refs/heads/main/deploy/catalog_source.yamlApply the operator group configuration:
kubectl apply -f https://raw.githubusercontent.com/InditexTech/k8s-overcommit-operator/refs/heads/main/deploy/operator_group.yamlYou can create your own subscription or use the default subscription.yaml. Below is an example:
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: k8s-overcommit-operator
namespace: operators
spec:
channel: alpha
name: k8s-overcommit-operator
source: community-operators
sourceNamespace: olmApply the subscription:
kubectl apply -f https://raw.githubusercontent.com/InditexTech/k8s-overcommit-operator/refs/heads/main/deploy/subscription.yamlAfter installation, validate that the operator is running:
kubectl get pods -n k8s-overcommitImportant
It's a singleton CRD: only can exist one, and it has to be called cluster
First, deploy the main Overcommit resource named "cluster":
apiVersion: overcommit.inditex.dev/v1alpha1
kind: Overcommit
metadata:
name: cluster
spec:
overcommitLabel: inditex.com/overcommit-class
labels:
environment: production
annotations:
description: "Main overcommit configuration"Define overcommit classes for different workload types:
apiVersion: overcommit.inditex.dev/v1alpha1
kind: OvercommitClass
metadata:
name: high
spec:
cpuOvercommit: 0.2 # 20% of limits as requests
memoryOvercommit: 0.8 # 80% of limits as requests
excludedNamespaces: ".*(^(openshift|k8s-overcommit|kube).*).*"
isDefault: true
labels:
workload-type: batch
annotations:
description: "High-density workloads with aggressive overcommit"- Pod Level: Check if pod has the overcommit class label
- Namespace Level: If not found, check namespace labels
- Default Class: Apply default overcommit class if configured
Original Pod Specification:
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
inditex.com/overcommit-class: high
spec:
resources:
limits:
cpu: "2"
memory: "2Gi"With OvercommitClass (cpuOvercommit: 0.2, memoryOvercommit: 0.8):
apiVersion: v1
kind: Pod
metadata:
name: test
labels:
inditex.com/overcommit-class: high
spec:
resources:
limits:
cpu: "2" # Unchanged
memory: "2Gi" # Unchanged
requests:
cpu: "400m" # 2 * 0.2 = 0.4 cores
memory: "1638Mi" # 2Gi * 0.8 = 1.6GiBProtect critical namespaces using regex patterns:
excludedNamespaces: ".*(^(openshift|k8s-overcommit|kube).*).*"This excludes:
openshift-*k8s-overcommit-*kube-*
| Topic | Description | Link |
|---|---|---|
| ποΈ Architecture | Detailed architecture overview | Architecture Guide |
| π§ͺ E2E Testing | End-to-end testing guide | E2E Testing |
| π― Helm Configuration | Helm chart configuration options | Helm Values |
| π€ Contributing | How to contribute to the project | Contributing Guide |
| π Code of Conduct | Community guidelines | Code of Conduct |
We welcome contributions! Please see our Contributing Guide for details on how to:
- π Report bugs
- π‘ Request features
- π§ Submit pull requests
- π Improve documentation
# Generate the manifests
make generate manifests
# Install the CRDs
make install
# Run locally
make run
# Run tests
make test
# Build image
make docker-buildTilt is a tool that streamlines Kubernetes development by automating build, deploy, and live-update workflows.
./hack/tilt/run_tilt.shThis project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- Built with β€οΈ by the Inditex Tech team
- Powered by Operator SDK
- Inspired by Kubernetes community best practices
β Star this project if you find it useful!
Made with β€οΈ for the Kubernetes community
flowchart LR
subgraph "Main Flow"
A[π API Request] --> B[π§ API HTTP Handler]
B --> C[π Authentication & Authorization]
C --> D[π Mutating Admission]
D --> E[β
Object Schema Validation]
E --> F[π‘οΈ Validating Admission]
F --> G[πΎ Persisted to etcd]
end
subgraph "Mutating Webhooks"
direction LR
D --> MW1[π Overcommit Webhook]
D --> MW2[π Other Webhooks]
end
subgraph "Validating Webhooks"
direction LR
F --> VW1[β
Validation Webhook 1]
F --> VW2[β
Validation Webhook 2]
F --> VW3[β
Validation Webhook 3]
end