IV.3
Technical protocol — cgroup quotas and Kubernetes namespace in a CI/CD pipeline
A non-bypassable constraint, imposed by the kernel, not by a documented best practice
This protocol formalises the technical implementation of the hard limit announced in IV.2, so that it is verifiable and non-bypassable — answering the methodological requirement set at this thesis's framing stage: an architectural reconquest must produce proof of implementation, not merely a recommendation.
◆ Step 1 — Budget declaration in the deployment manifest
Each service declares, in its Kubernetes manifest, a ResourceQuota object at the level of the namespace hosting it, setting an aggregate compute and memory ceiling for all containers in that namespace, and a LimitRange object defining the default and maximum ceilings applicable to each individual container — both being native Kubernetes API resources, enforced by the cluster's own control plane.
◆ Step 2 — Upstream verification in the CI/CD pipeline
Before any code merge toward the deployment branch, an automated continuous-integration pipeline stage compares the resources requested by the manifest against the ceilings set in IV.1 and IV.2, and fails the build process if this request exceeds the declared budget — turning a capacity overrun into a build failure immediately visible to the development team, before any production deployment.
◆ Step 3 — Kernel-level enforcement via cgroups
Once deployed, each container has its resource limits enforced by the Linux kernel's control groups (cgroups), a mechanism Kubernetes itself relies on for resource isolation between containers. A process exceeding its declared memory limit is terminated by the kernel (OOM Killer, documented elsewhere in this collection of research), deliberately reproducing the hard alert signal documented as having disappeared in Chapter II — not as an accident this time, but as a deliberately reintroduced constraint.
◆ What this protocol guarantees, and what it does not guarantee
This protocol guarantees that an architectural budget overrun produces a hard, immediate technical signal — build failure or process termination — rather than a silent budgetary drift. It does not on its own guarantee that the development team will choose to optimise its code rather than renegotiate its budget upward — the latter option remaining a legitimate organisational decision, which this protocol merely makes visible and deliberate rather than silent and default.