PREQUEL-2025-0115

Kubernetes Deployment Memory Limits MissingMedium

PREQUEL-2025-0115View on GitHub

KubernetesDeploymentMemory Limitsresource-managementMemory ExhaustionOOM

Description

• Detects Kubernetes Deployment resources without memory limits configured on containers.
• Monitors deployment specifications where containers lack proper memory limit definitions.
• Identifies resource management violations that can lead to memory exhaustion.
• Tracks deployments that may consume excessive memory resources without bounds.

Cause

• Deployment manifests created without proper memory limit specifications.
• Development teams avoiding memory limits to prevent OOMKilled events.
• CI/CD pipelines deploying applications without memory boundaries.
• Helm charts or templates missing default memory limit configurations.
• Legacy applications requiring unlimited memory access during migration.
• Infrastructure automation scripts lacking memory limit validation.

Mitigation

• Implement admission controllers to enforce memory limit requirements on deployments.
• Establish maximum memory limit values based on node capacity and workload profiles.
• Integrate memory limit validation into CI/CD pipelines before deployment.
• Monitor memory usage patterns to set appropriate and realistic limits.

References

• https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
• https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/
• https://kubernetes.io/docs/concepts/policy/limit-ranges/