Benchmark: Containers should have a memory limit
Description
Containers should have a memory limit which restricts the container to use no more than a given amount of user or system memory.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-kubernetes-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Containers should have a memory limit.
Run this benchmark in your terminal:
powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_network_hardening_memory_limit
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_network_hardening_memory_limit --share
Controls
- CronJob containers should have a memory limit
- DaemonSet containers should have a memory limit
- Deployment containers should have a memory limit
- Job containers should have a memory limit
- Namespaces should have default memory limit in limitRange policy
- Namespaces should be restricted on memory usage with resourceQuota memory limit
- ReplicaSet containers should have a memory limit
- ReplicationController containers should have a memory limit
- StatefulSet containers should have a memory limit