Looking at the design docs for Resource Quotas, it appears they can be set on a namespace level. That makes sense, to limit total resource usage of a Namespace.
In my organization, there are many teams, each working on their own microservice. The microservices need to communicate with one another, so I want them all to be in the same namespace, for ease of service discovery. However, I'd like to put some protections in place so that one of the microservices doesn't accidentally take over all the resources in the namespace.
I was planning on giving each microservice its own Service Account. Ideally, I would like to be able to set resource quotas on those service accounts. But I can't find any way in the documentation to do that.
Is that possible? If not, is something like this planned for the future?
Thanks.
Quota is per namespace. I don't think it is likely to be updated to subdivide a namespace by user (or service account). Right now, resources don't have the concept of an "owner", so it isn't possible to attribute a pod in a namespace to a particular creator. It gets even muddier when replication controllers create pods automatically. If one person creates a replication controller and another person scales it up, which one of them "owns" those pods? Those are the sorts of questions that would need clear answers before ownership could factor into quota.