PREQUEL-2025-0115

Kubernetes Deployment Memory Limits MissingMedium

PREQUEL-2025-0115View on GitHub

KubernetesDeploymentMemory Limitsresource-managementMemory ExhaustionOOM

Description

- Detects Kubernetes Deployment resources without memory limits configured on containers.\n- Monitors deployment specifications where containers lack proper memory limit definitions.\n- Identifies resource management violations that can lead to memory exhaustion.\n- Tracks deployments that may consume excessive memory resources without bounds.\n

Mitigation

- Implement admission controllers to enforce memory limit requirements on deployments.\n- Establish maximum memory limit values based on node capacity and workload profiles.\n- Integrate memory limit validation into CI/CD pipelines before deployment.\n- Monitor memory usage patterns to set appropriate and realistic limits.\n

References

• https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
• https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/
• https://kubernetes.io/docs/concepts/policy/limit-ranges/