CloudWiki
Rules
Medium

Ensure each Container has a configured memory request

Availability
No items found.
Description

In Kubernetes, memory request is the amount of memory that a container is guaranteed to have available on the node where it runs. If a container exceeds its memory limit and there is no memory available in the node to allocate to it, the container may be terminated. Therefore, it is important to ensure that each container has a configured memory request to prevent unexpected termination due to out of memory errors.

Remediation

To ensure each container has a configured memory request in Kubernetes, you can take the following remediation steps:

1. Update the YAML file for the deployment or pod to include a memory request for each container.

apiVersion: apps/v1
kind: Deployment
metadata:
 name: my-deployment
spec:
 replicas: 1
 selector:
   matchLabels:
     app: my-app
 template:
   metadata:
     labels:
       app: my-app
   spec:
     containers:
     - name: my-container
       image: my-image
       resources:
         requests:
           memory: "256Mi"
           cpu: "250m"

2. Apply the changes to the cluster using the kubectl apply command.

kubectl apply -f deployment.yaml

3. Verify that the changes have been applied by checking the resource utilization of the containers using the kubectl top command.

kubectl top pod my-pod


By configuring memory requests, Kubernetes ensures that there is always enough memory available for the containers to run. If a container exceeds its memory limit, Kubernetes will automatically terminate and restart the container.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.