Skip to content

← Back to all controls

C-0050 - Resources CPU limit and request

Severity

High

Description of the the issue

This control identifies all Pods for which the CPU limit is not set.Note, this control is configurable. See below the details.

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

This control identifies all Pods for which the CPU limit is not set.

Remediation

Set the CPU limit or use exception mechanism to avoid unnecessary notifications.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

cpu_request_max

cpu_request_max Ensure a CPU resource request is set and is under this defined maximum value.

cpu_request_min

cpu_request_min Ensure a CPU resource request is set and is above this defined minimum value.

cpu_limit_max

cpu_limit_max Ensure a CPU resource limit is set and is under this defined maximum value.

cpu_limit_min

cpu_limit_min Ensure a CPU resource limit is set and is above this defined minimum value.

Example

apiVersion: v1
kind: Pod
metadata:
  name: nginx
  namespace: default
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80