C-0050 - Resources CPU limit and request

Framework

AllControls, DevOpsBest, WorkloadScan

Severity

High

Description of the the issue

This control identifies all Pods for which the CPU limit is not set.Note, this control is configurable. See below the details.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

This control identifies all Pods for which the CPU limit is not set.

Remediation

Set the CPU limit or use exception mechanism to avoid unnecessary notifications.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

cpu_request_max

cpu_request_max
Ensure CPU max requests are set

cpu_request_min

cpu_request_min
Ensure CPU min requests are set

cpu_limit_max

cpu_limit_max
Ensure CPU max limits are set

cpu_limit_min

cpu_limit_min
Ensure CPU min limits are set

Example

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: default
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80