PREQUEL-2025-0113

Kubernetes Deployment CPU Limits MissingMedium

PREQUEL-2025-0113View on GitHub

KubernetesDeploymentCPU Limitsresource-managementResource ExhaustionPerformance

Description

• Detects Kubernetes Deployment resources without CPU limits configured on containers.
• Monitors deployment specifications where containers lack proper CPU limit definitions.
• Identifies resource management violations that can lead to resource exhaustion.
• Tracks deployments that may consume excessive CPU resources without bounds.

Cause

• Deployment manifests created without proper resource limit specifications.
• Development teams prioritizing performance over resource governance.
• CI/CD pipelines deploying applications without resource boundaries.
• Helm charts or templates missing default CPU limit configurations.
• Legacy applications requiring unlimited CPU access during migration.
• Infrastructure automation scripts lacking resource limit validation.

Mitigation

• Implement admission controllers to enforce CPU limit requirements on deployments.
• Establish maximum CPU limit values based on node capacity and workload profiles.
• Integrate resource limit validation into CI/CD pipelines before deployment.
• Monitor CPU usage patterns to set appropriate and realistic limits.

References

• https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
• https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/
• https://kubernetes.io/docs/concepts/policy/limit-ranges/