Check: SRG-APP-000247-CTR-000330
Container Platform SRG:
SRG-APP-000247-CTR-000330
(in version v2 r2)
Title
The container must have resource request limits set. (Cat II impact)
Discussion
Setting a container resource request limit allows the container platform to determine the best location for the container to execute. The container platform looks at the resources available and finds the location that will require the minimum resources for the container to execute. Examples of resources that can be specified are CPU, memory, and storage.
Check Content
Review the container platform configuration to determine that resource limits are set. If the container platform does not enforce resource limits, this is a finding.
Fix Text
Configure the container platform to restrict the ability of users or other systems to launch denial-of-service (DoS) attacks from the container platform components by setting resource limits on resources such as memory, storage, and CPU utilization.
Additional Identifiers
Rule ID: SV-270875r1050646_rule
Vulnerability ID: V-270875
Group Title: SRG-APP-000247
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001095 |
Manage capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service attacks. |
Controls
| Number | Title |
|---|---|
| SC-5(2) |
Excess Capacity / Bandwidth / Redundancy |