Medium

Ensure each container has a configured CPU request

Availability
No items found.
Description

The Kubernetes scheduler relies on resource requests and limits to determine which nodes can schedule containers. Without proper resource requests, the scheduler may over-allocate resources and negatively impact performance and stability of the cluster. Ensuring that each container has a configured CPU request is important to optimize resource allocation and avoid potential issues.

Remediation

To ensure each container has a configured CPU request, you can follow these remediation steps:

  1. Open the YAML file that defines the Kubernetes deployment or pod for the container you want to configure.
  2. Add the resources section under the spec section for the container.
  3. Under the resources section, add the requests section with the cpu field specified.
  4. Set the value of cpu to the minimum amount of CPU the container requires to function correctly.
  5. Save the changes to the YAML file.
  6. Apply the changes to the Kubernetes cluster using kubectl apply -f <filename>.yaml.

Here's an example YAML snippet that sets a CPU request of 0.5 CPU units for a container:

apiVersion: v1
kind: Pod
metadata:
 name: my-pod
spec:
 containers:
 - name: my-container
   image: nginx
   resources:
     requests:
       cpu: "0.5"

By configuring a CPU request, Kubernetes will ensure that the container has access to the requested amount of CPU resources, which can help prevent resource contention and ensure reliable performance.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.