Question 9
Domain 3: Application Environment, Configuration, and SecurityIn namespace `q16`, what is the correct way to create `resource-pod` so that its container requests/limits fit within the existing ResourceQuota and use `nginx:latest`?
Correct answer: A
Explanation
A Pod must fit within the namespace ResourceQuota, so its container requests and limits must stay below the quota values. Using "nginx:latest" satisfies the image requirement, and setting CPU and memory requests to at least "100m" and "128Mi" ensures the container has defined resource requests while keeping limits within quota.
Why each option is right or wrong
A. Create a Pod named `resource-pod` with one `nginx:latest` container, setting CPU and memory limits to half of the namespace ResourceQuota and requests of at least `100m` CPU and `128Mi` memory.
Under Kubernetes ResourceQuota enforcement, the pod’s summed container requests and limits must not exceed the namespace quota, as defined by the ResourceQuota object in `q16` and enforced at admission time by the API server. The valid creation therefore uses a single `nginx:latest` container and assigns CPU/memory requests of at least `100m` and `128Mi`, while keeping the limits below the quota ceiling so the pod is admitted rather than rejected for exceeding `requests.*` or `limits.*`.
B. Create a Pod named `resource-pod` with `nginx:latest` and set only CPU limits, because ResourceQuota does not require memory requests or limits.
C. Create a Pod named `resource-pod` with `nginx:latest` and set requests equal to limits, since Kubernetes automatically halves them to satisfy the ResourceQuota.
D. Create a Deployment named `resource-pod` with `nginx:latest`; Pods do not need explicit requests or limits when a ResourceQuota exists.