Nested Quota for Magnum resources

Registered by Vilobh Meshram on 2015-07-31

OpenStack is moving towards support for hierarchical ownership of projects. In this regard, the Keystone will change the organizational structure of Openstack, creating nested projects.

The proposal is to add nested quota support regarding the same in Magnum.

Blueprint information

Status:
Started
Approver:
Adrian Otto
Priority:
Undefined
Drafter:
Vilobh Meshram
Direction:
Approved
Assignee:
Vilobh Meshram
Definition:
New
Series goal:
None
Implementation:
Blocked
Milestone target:
None
Started by
Spyros Trigazis on 2018-03-25

Related branches

Sprints

Whiteboard

Please elaborate more about what quotas we will offer. For example:

Limit total bay creates allowed, and bay creations per hour, minute, second?
Limit rate of resource deletion?
Limit rate of bay updates?
Limit total number of baymodels?

Note that any limits on container creation can be effectively bypassed by using the native API for the bay. Any such limits would only apply to containers created through the magnum API. For example, if I create a Docker Swarm bay, regardless what limits are in OpenStack, I can use the native Docker API in the bay to create containers in that bay that OpenStack does not know about. This is fine, as long as cloud operators do not expect to use limits as a way to control a unit of measure for billing purposes. Say I have a certain fee that allows you to create 100 containers, and expect to enforce that limit using a quota. If they never use the Magnum API to create containers, and simply use the native Docker API, they can create an unlimited number of containers, until resources on the bay hosts are exhausted. For that reason, it might make sense not to have a total container limit on an account, and only limit the rate at which containers can be added through the OpenStack API as a way to prevent DoS use patterns against the shared control plane. --adrian_otto

ML : Where we are discussing Magnum Quotas and Magnum Nested Quotas

http://lists.openstack.org/pipermail/openstack-dev/2015-December/082266.html

(hongbin) Defer to a future release. The contributor told me that he won't be available to work on this in the near future.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.