C-0004 - Resources memory limit and request

Framework

AllControls, DevOpsBest, WorkloadScan

Severity

High

Description of the the issue

This control identifies all Pods for which the memory limit is not set.Note, this control is configurable. See below the details.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

This control identifies all Pods for which the memory limit is not set.

Remediation

Set the memory limit or use exception mechanism to avoid unnecessary notifications.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

memory_request_max

memory_request_max
Ensure memory max requests are set

memory_request_min

memory_request_min
Ensure memory min requests are set

memory_limit_max

memory_limit_max
Ensure memory max limits are set

memory_limit_min

memory_limit_min
Ensure memory min limits are set

Example

apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: images.my-company.example/app:v4
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"    #we make sure this is set
        cpu: "500m"