Memory limits are not set
Description
The scheduler uses resource request information for containers in a pod to decide which node to place the pod on. The kubelet enforces the resource limits set, so that the running container is not allowed to use more resource than the limit set. If a process in the container tries to consume more than the allowed amount of memory, the system kernel terminates the process that attempted the allocation, with an out of memory (OOM) error. With no limit set, kubectl allocates more and more memory to the container until it runs out.
Code Example
yaml
apiVersion: v1
kind: Pod
metadata:
name: <name>
spec:
containers:
- name: <container name>
image: <image>
resources:
limits:
+ memory: <memory limit>Remediation
Kubernetes
- Resource: Container
- Arguments: resources:limits:memory (Optional)
Defines the memory limit for the container.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1091 |
| Severity | LOW |
| IaC Type | Kubernetes |
| Frameworks | Kubernetes, |
| Checkov ID | CKV_K8S_13 |