Memory requests are not set
Description
Memory resources can be defined using values from bytes to petabytes, it is common to use mebibytes. If you configure a memory request that is larger than the amount of memory on your nodes, the pod will never be scheduled. When specifying a memory request for a container, include the resources:requests field in the container's resource manifest. To specify a memory limit, include resources:limits. Setting memory requests enforces a memory limit for a container. A container is guaranteed to have as much memory as it requests, but is not allowed to use more memory than the limit set. This configuration may save resources and prevent an attack on an exploited container.
Code Example
yaml
apiVersion: v1
kind: Pod
metadata:
name: <name>
spec:
containers:
- name: <container name>
image: <image>
resources:
requests:
+ memory: <memory request>Remediation
Kubernetes
- Resource: Container
- Arguments: resources:requests:memory (Optional)
Defines the memory request size for the container.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1090 |
| Severity | LOW |
| IaC Type | Kubernetes |
| Frameworks | Kubernetes, |
| Checkov ID | CKV_K8S_12 |