CPU Requests Not Set
- Query id: ca469dd4-c736-448f-8ac1-30a642705e0a
- Query name: CPU Requests Not Set
- Platform: Kubernetes
- Severity: Low
- Category: Resource Management
- CWE: 400
- URL: Github
Description¶
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: "64Mi"
limits:
memory: "128Mi"
cpu: "500m"
- name: log-aggregator
image: images.my-company.example/log-aggregator:v6
resources:
limits:
memory: "128Mi"
cpu: "500m"
---
apiVersion: serving.knative.dev/v1
kind: Configuration
metadata:
name: dummy-config
namespace: knative-sequence
spec:
template:
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: "64Mi"
limits:
memory: "128Mi"
cpu: "500m"
- name: log-aggregator
image: images.my-company.example/log-aggregator:v6
resources:
limits:
memory: "128Mi"
cpu: "500m"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
name: frontend
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
- name: log-aggregator
image: images.my-company.example/log-aggregator:v6
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
---
apiVersion: serving.knative.dev/v1
kind: Configuration
metadata:
name: dummy-config
namespace: knative-sequence
spec:
template:
spec:
containers:
- name: app
image: images.my-company.example/app:v4
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
- name: log-aggregator
image: images.my-company.example/log-aggregator:v6
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"