Ensure CPU limits are set

Error: CPU limits are not set

Bridgecrew Policy ID: BC_K8S_10
Checkov Check ID: CKV_K8S_11
Severity: LOW

CPU limits are not set

Description

Kubernetes allows administrators to set CPU quotas in namespaces, as hard limits for resource usage. Containers cannot use more CPU than the configured limit. Provided the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests.

CPU quotas are used to ensure adequate utilization of shared resources. A system without managed quotas could eventually collapse due to inadequate resources for the tasks it bares.

Fix - Buildtime

Kubernetes

  • Resource: Container
  • Argument: resources:limits:cpu (Optional)
    Defines the CPU limit for the container.
apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
  containers:
  - name: <container name>
    image: <image>
    resources:
      limits:
+       cpu: <cpu limit>