When a pod is internet facing via Application Load Balancer (ALB) and does not have CPU/Memory limits, it can lead to several issues like resource contention, instability and potential denial of service attacks. If the pod does not have CPU/Memory limits set, it can lead to excessive usage of CPU/memory resources, which in turn can cause the pod to fail or become unresponsive. Additionally, if the pod is internet-facing, it can become a potential target for attacks. Attackers can use this as an opportunity to launch denial of service (DoS) attacks, which can overload the system with traffic and bring it down. Therefore, it is important to ensure that pods running in a public subnet are always configured with CPU/Memory limits and other security measures, such as Network ACLs, Security Groups and WAF rules, to prevent attacks and ensure the stability of the system.
When a Pod is internet-facing, it is important to limit its CPU and memory usage to prevent resource exhaustion and potential denial of service (DoS) attacks. Here are some remediation steps to ensure that Pods are internet-facing and have CPU/MEM limits:
resources:
limits:
cpu: 1
memory: 512Mi
This will limit the container to using 1 CPU and 512 MB of memory.
By following these remediation steps, you can ensure that your Pods are internet-facing and have CPU/MEM limits, which can help prevent resource exhaustion and potential DoS attacks.