ResourcesMore Than Filled IconManaging Kubernetes Resources for Containers

Managing Kubernetes Resources for Containers

Managing Kubernetes Resources for Containers

You should set resource limits!

Managing resources for containers in a Kubernetes cluster is very important.

The thing is, it can be a very tedious job, as every service might have different requirements.

A service might be a generic micro-service that serves data from a database and requires 4GB of ram. While another service could be doing complex AI computations and requires 40GB of RAM.

Setting a system wide memory/CPU limit just doesn’t make the cut.

Here is how you can set limits

Each container of a pod can specify one or more of the following limits:

	
    spec.containers[].resources.limits.cpu
    spec.containers[].resources.limits.memory
    spec.containers[].resources.requests.cpu
    spec.containers[].resources.requests.memory
	

Example of usage:

apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: images.my-company.example/app:v4
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
  - name: log-aggregator
    image: images.my-company.example/log-aggregator:v6
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"

Scanning and Enforcing

Here's how you can search your existing files and verify if they have resource limits and requests configured.

Configuring those steps as mandatory checking during the CI/CD process is highly recommended.

Here are two ways in which you can check if the Kubernetes manifests have the limits sets.

Scripting

Scan files to find if they have resource limits and requests using yq.

brew install yq
yq eval-all '.spec.containers[].resources.requests' file.yml fileN.yml
yq run results

Using Datree

You can use Datree scan Kubernetes manifest files in order to see if they have limits and resources set (and much more).

curl https://get.datree.io | /bin/bash
datree test deployment.yml


Bonus: Helm

But what if I manage my Kubernetes resources using Helm?

Here's how you can render your Helm charts into YAML manifests and apply the tests: 

helm pull bitnami/redis
helm template redis*.tgz > manifests.yaml
datree test manifests.yaml


Shimon Tolts
Co-founder and CEO
Datree

Test your first config files to prevent misconfiguration

Try it now!

Prevent Kubernetes Misconfigurations NOW!