PlatformResourcesSign inSign Up

Ensure memory limits are set

Error: Memory limits are not set

Bridgecrew Policy ID: BC_K8S_12
Checkov Check ID: CKV_K8S_13
Severity: LOW

Suggest Edits

Memory limits are not set

Description

The scheduler uses resource request information for containers in a pod to decide which node to place the pod on. The kubelet enforces the resource limits set, so that the running container is not allowed to use more resource than the limit set.

If a process in the container tries to consume more than the allowed amount of memory, the system kernel terminates the process that attempted the allocation, with an out of memory (OOM) error. With no limit set, kubectl allocates more and more memory to the container until it runs out.

Fix - Buildtime

Kubernetes

  • Resource: Container
  • Argument: resources:limits:memory (Optional)
    Defines the memory limit for the container.
apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
  containers:
  - name: <container name>
    image: <image>
    resources:
      limits:
+       memory: <memory limit>

Updated 4 months ago