Hardening Guide - Resource Limits

Kubernetes allows setting limits of different kinds through , resource quotas, container resource constraints, LimitRanges, and process id limits

Although using limits provides ceilings in different context, their absence might have different security implications.

Workload Resource Limits

Memory Limits

CPU Limits

Other resources

Types of limits

Resource quota

A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. A ResourceQuota can also limit the quantity of objects that can be created in a namespace by API kind, as well as the total amount of infrastructure resources that may be consumed by API objects found in that namespace.

Setting up Resource quotas ensure a namespace does not exceed provide amount from the resource quota

PID Limits

Limit Ranges