How do you enforce per-pool (tenant) resource quotas for CPU / RAM / disk in Proxmox?

F

Fearless-Grape5584

New Member
Dec 9, 2025
7
1
3
I’m looking for a practical way to enforce tenant-level resource limits in Proxmox.

My current approach is to use Pools + RBAC to isolate tenant resources and delegate operations to a pool admin (create/delete VMs, start/stop, snapshots, backups, etc.) only within their own pool.
However, the obvious problem is that a pool admin can still consume as much CPU / RAM / disk as they want, which can impact other tenants.

What I’m trying to achieve is something like:
  • Enforce hard limits per pool (CPU / RAM / disk), or
  • Prevent VM creation (or require approval) once a pool exceeds its allocated capacity, or
  • Hook into the event before a pool admin spins up VMs (e.g., a pre-create / pre-start guardrail) to enforce policy, or
  • If Proxmox can’t do this natively, what’s the common “real-world” way people handle this?

How do you manage tenant-level capacity in practice? For example:
  • separate clusters per tenant,
  • external guardrails (API / IaC) that check quotas before creating VMs,
  • monitoring + policy / chargeback,
  • any other proven pattern.

Note: I’m not posting the full build steps here because it becomes quite long.
If anyone needs context on the exact setup, I documented the manual build process in my repo (I’m the author):
https://github.com/zelogx/proxmox-msl-setup-basic
The step-by-step instructions are in `build-instruction.md`.

Thanks in advance — this feels like a common multi-tenant pain point, so shared approaches would likely help others as well.
 
Hi,
depending on what you would like to archive, you can try to implement a solution via hookscripts. ( https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_hookscripts )

But a more suitable solution might be the Proxmox Datacenter Manager + multiple Cluster.

From the perspective of provisioning:
CPUs can be used shared,
KSM can save on RAM,
Storage quotas can usually be implemented directly on the storages.
Resource Groups are cluster wide, so usage stats needs to respect that.
Real Multi-tenancy also needs to consider anonymous neighbor tenants, which will be a nasty setup with multiple authentication realms.

BR, Lucas
 
bl1mp said:
Hi,
depending on what you would like to archive, you can try to implement a solution via hookscripts. ( https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_hookscripts )

But a more suitable solution might be the Proxmox Datacenter Manager + multiple Cluster.
Click to expand...
Hi Lucas,

thanks — that’s a very helpful perspective.

I agree that PDM + multiple clusters can be a solid approach when you want to separate tenants at the cluster boundary.

In my case, I’m exploring a different direction: squeezing multi-tenant-style delegation out of a single Proxmox server (or a single cluster) by slicing it with Pools + RBAC, and then adding some kind of preventive guardrail before provisioning.

So your pointer to hookscripts is especially useful for what I’m trying to achieve. I’ll dig into that path.

BR,
Masa
 
Fearless-Grape5584 said:
Prevent VM creation (or require approval) once a pool exceeds its allocated capacity, or
Click to expand...
Storage capacity is easy if the underlying storage supports it. In the end you need a storage for each tenant, so that the configured storagr has the quota. There is (at the moment) no way to configure restrictions just based on some logic in PVE. The pools are not a resource group yet.

A few years back, I also played around with this idea. In a ZFS setup, you just create a new dataset on the CLI that has the quota limit, add it to PVE and assign it to the pool that the tenant should use. RBAC on the pool ensures that you can only create the VM on that storage. The same logic may apply to CEPH, as you can just create a new pool.
 
  • Like
Reactions: Fearless-Grape5584
Yeah, exactly – that’s the point.

Right now I do NOT have any real tenant-level quota for CPU or RAM, and that’s
exactly why I opened this thread.

In my current design I can isolate tenants with Pools + RBAC and separate networks
with SDN, and I can enforce hard limits only on storage (per-tenant LUN/dataset/pool
with quota). But CPU/RAM are still basically “best effort” – if a pool admin creates
too many big VMs, they can still hurt other tenants.

So I’m not presenting a solved setup here, I’m trying to learn how people handle this
gap in real-world Proxmox environments.
 
You must log in or register to reply here.
Top Bottom
Back