C-0050 - Resources CPU limit and request

Framework

Severity

High

Description of the the issue

This control identifies all Pods for which the CPU limit is not set.Note, this control is configurable. See below the details.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

This control identifies all Pods for which the CPU limit is not set.

Remediation

Set the CPU limit or use exception mechanism to avoid unnecessary notifications.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

cpu_request_max

cpu_request_max
Ensure a CPU resource request is set and is under this defined maximum value.

cpu_request_min

cpu_request_min
Ensure a CPU resource request is set and is above this defined minimum value.

cpu_limit_max

cpu_limit_max
Ensure a CPU resource limit is set and is under this defined maximum value.

cpu_limit_min

cpu_limit_min
Ensure a CPU resource limit is set and is above this defined minimum value.

Example

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: default
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80