C-0004 - Resources memory limit and request
Framework
Severity
High
Description of the the issue
This control identifies all Pods for which the memory limit is not set.Note, this control is configurable. See below the details.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
This control identifies all Pods for which the memory limit is not set.
Remediation
Set the memory limit or use exception mechanism to avoid unnecessary notifications.
Configuration
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
memory_request_max
memory_request_max
Ensure a memory resource request is set and is under this defined maximum value.
memory_request_min
memory_request_min
Ensure a memory resource request is set and is above this defined minimum value.
memory_limit_max
memory_limit_max
Ensure a memory resource limit is set and is under this defined maximum value.
memory_limit_min
memory_limit_min
Ensure a memory resource limit is set and is under this defined maximum value.
Example
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi" #we make sure this is set
cpu: "500m"
Updated 3 months ago