You should set resource limits!
Managing resources for containers in a Kubernetes cluster is very important.
The thing is, it can be a very tedious job, as every service might have different requirements.
A service might be a generic micro-service that serves data from a database and requires 4GB of ram. While another service could be doing complex AI computations and requires 40GB of RAM.
Setting a system wide memory/CPU limit just doesn’t make the cut.
Here is how you can set limits
Each container of a pod can specify one or more of the following limits:
Example of usage:
Scanning and Enforcing
Here's how you can search your existing files and verify if they have resource limits and requests configured.
Configuring those steps as mandatory checking during the CI/CD process is highly recommended.
Here are two ways in which you can check if the Kubernetes manifests have the limits sets.
Scan files to find if they have resource limits and requests using yq.
You can use Datree scan Kubernetes manifest files in order to see if they have limits and resources set (and much more).
But what if I manage my Kubernetes resources using Helm?
Here's how you can render your Helm charts into YAML manifests and apply the tests: