PREQUEL-2025-0113

Kubernetes Deployment CPU Limits MissingMedium

PREQUEL-2025-0113View on GitHub

KubernetesDeploymentCPU Limitsresource-managementResource ExhaustionPerformance

Description

- Detects Kubernetes Deployment resources without CPU limits configured on containers.\n- Monitors deployment specifications where containers lack proper CPU limit definitions.\n- Identifies resource management violations that can lead to resource exhaustion.\n- Tracks deployments that may consume excessive CPU resources without bounds.\n

Mitigation

- Implement admission controllers to enforce CPU limit requirements on deployments.\n- Establish maximum CPU limit values based on node capacity and workload profiles.\n- Integrate resource limit validation into CI/CD pipelines before deployment.\n- Monitor CPU usage patterns to set appropriate and realistic limits.\n

References

• https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
• https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/
• https://kubernetes.io/docs/concepts/policy/limit-ranges/