C-0004 - Resources memory limit and request
Framework
AllControls, DevOpsBest, WorkloadScan
Severity
High
Description of the the issue
This control identifies all Pods for which the memory limit is not set.Note, this control is configurable. See below the details.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
This control identifies all Pods for which the memory limit is not set.
Remediation
Set the memory limit or use exception mechanism to avoid unnecessary notifications.
Configuration
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
memory_request_max
memory_request_max
Ensure memory max requests are set
memory_request_min
memory_request_min
Ensure memory min requests are set
memory_limit_max
memory_limit_max
Ensure memory max limits are set
memory_limit_min
memory_limit_min
Ensure memory min limits are set
Example
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi" #we make sure this is set
cpu: "500m"
Updated 15 days ago