limit range usage
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The absence of a LimitRange policy in Kubernetes allows containers within a namespace to consume unlimited CPU and memory resources, as there are no enforced defaults or boundaries for resource usage.
Impact#
Without resource limits, a single container or pod could monopolize cluster resources, leading to service degradation or outages for other workloads. This resource exhaustion could be exploited intentionally or accidentally, affecting application stability and availability.
Resolution#
create limit range policy with a default request and limit, min and max request, for each container.