diff --git a/defaults/main.yml b/defaults/main.yml
index 938de5d7..8d844eff 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -442,6 +442,16 @@ octavia_ca_private_key_passphrase: "{{ octavia_cert_client_password }}"
 octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem"
 octavia_signing_digest: sha256
 
+# Quotas for the Octavia user - assuming active/passive topology
+octavia_num_instances: 10000 # 5000 LB in active/passive
+octavia_ram: "{{ octavia_num_instances*1024 }}"
+octavia_num_server_groups: "{{ (octavia_num_instances*0.5)|int|abs }}"
+octavia_num_server_group_members: 50
+octavia_num_cores: "{{ octavia_num_instances }}"
+octavia_num_secgroups: "{{ octavia_num_instances*1.5|int|abs}}" # average 3 listener per lb
+octavia_num_ports: "{{ octavia_num_instances*10 }}" # at least instances * 10
+octavia_num_security_group_rules: 100
+
 ## Tunable overrides
 octavia_octavia_conf_overrides: {}
 octavia_api_paste_ini_overrides: {}
diff --git a/releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml b/releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml
new file mode 100644
index 00000000..80d1e0d0
--- /dev/null
+++ b/releasenotes/notes/fix_quota-e3d4bf0b896dc393.yaml
@@ -0,0 +1,12 @@
+---
+features:
+  - |
+    Octavia is creating vms, securitygroups, and other things in its
+    project. In most cases the default quotas are not big enough. This
+    will adjust them to (configurable) reasonable values.
+security:
+  - |
+    Avoid setting the quotas too high for your cloud since this can
+    impact the performance of other servcies and lead to a potential
+    Denial-of-Service attack if Loadbalancer quotas are not set
+    properly or RBAC is not properly set up.
\ No newline at end of file
diff --git a/tasks/octavia_security_group.yml b/tasks/octavia_security_group.yml
index f30d0efa..5e13588a 100644
--- a/tasks/octavia_security_group.yml
+++ b/tasks/octavia_security_group.yml
@@ -24,6 +24,26 @@
     ansible_python_interpreter: >-
       {{ (octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
   block:
+    - name: Setup the service project quota
+      # The os_quota module has a bug that it always requires a
+      # configured cinder service to work, so we use the CLI instead.
+      # TODO(_xgerman):
+      # Use the os_quota module once the issue is resolved.
+      shell: >-
+        openstack quota set
+        --os-cloud default
+        --cores {{ octavia_num_cores }}
+        --instances {{ octavia_num_instances }}
+        --ram {{ octavia_ram }}
+        --server-groups {{ octavia_num_server_groups }}
+        --server-group-members {{ octavia_num_server_group_members }}
+        --secgroups {{ octavia_num_secgroups }}
+        --ports {{ octavia_num_ports }}
+        --secgroup-rules {{ octavia_num_secgroups }}
+        {{ octavia_service_project_name }}
+      tags:
+        - skip_ansible_lint
+
     - name: Create Octavia security group
       os_security_group:
         auth: