C-0050 - Resources CPU limit and request
Framework
AllControls, DevOpsBest, WorkloadScan
Severity
High
Description of the the issue
This control identifies all Pods for which the CPU limit is not set.Note, this control is configurable. See below the details.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
This control identifies all Pods for which the CPU limit is not set.
Remediation
Set the CPU limit or use exception mechanism to avoid unnecessary notifications.
Configuration
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
cpu_request_max
cpu_request_max
Ensure CPU max requests are set
cpu_request_min
cpu_request_min
Ensure CPU min requests are set
cpu_limit_max
cpu_limit_max
Ensure CPU max limits are set
cpu_limit_min
cpu_limit_min
Ensure CPU min limits are set
Example
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
Updated 15 days ago