Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WEB][42108] Kubernetes deployment: limit huge gap between limits/requests #34

Open
JulienBertrand opened this issue Apr 6, 2023 · 0 comments
Open

[WEB][42108] Kubernetes deployment: limit huge gap between limits/requests #34

JulienBertrand opened this issue Apr 6, 2023 · 0 comments
Labels
ecoCode-CI/CD

Comments

@JulienBertrand
Copy link

\newpage

Sustainable Kubernetes deployment: limit huge gap between limits/requests

Platform

OS OS version Langage
- - Kubernetes (yaml)

Main caracteristics

ID Title Category Sub-category
CRKUB004 limit limits/requests huge gaps Deployment Sustainable deploy

Severity / Remediation Cost

Severity Remediation Cost
Minor Minor

Rule short description

In a Kubernetes deployment file, define huge gaps between requests/limits values for cpu or ram indicate a problem in resource management.

Rule complete description

Text

When you specify a Pod, you can optionally specify how much of each resource a container needs. The most common resources to specify are CPU and memory (RAM); there are others.

When you specify the resource request for containers in a Pod, the kube-scheduler uses this information to decide which node to place the Pod on. When you specify a resource limit for a container, the kubelet enforces those limits so that the running container is not allowed to use more of that resource than the limit you set. The kubelet also reserves at least the request amount of that system resource specifically for that container to use.

the values are define like this:

  • spec.containers[].resources.limits.cpu
  • spec.containers[].resources.limits.memory
  • spec.containers[].resources.requests.cpu
  • spec.containers[].resources.requests.memory

HTML

<p>Defining the yaml file
    <code>---
apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: images.my-company.example/app:v4
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"</code> as example to define ram and cpu limits/requests.</p>
<p>Limit gap between request/limit for ram and cpu to a maximum of x3</p>
<h2>Noncompliant Code Example</h2>
<pre>
    <code>---
apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: images.my-company.example/app:v4
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "320Mi"
        cpu: "2500m"</code>
</pre>
<h2>Compliant Solution</h2>
<pre>
    <code>---
apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: images.my-company.example/app:v4
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"</code>
</pre>

Implementation principle

  • Inspect yaml file and find 'kind: Pod'

  • Inspect the found file and find:

    requests:
    memory: "64Mi"
    cpu: "250m"
    limits:
    memory: "128Mi"
    cpu: "500m"

  • Compare the requests values and limits values for ram and cpu. Calculate the ratio.

  • If the found ratio is above the limit, report the line
@JulienBertrand JulienBertrand changed the title [WEB][DRAFT][42108] Kubernetes deployment: limit huge gap between limits/requests [WEB][42108] Kubernetes deployment: limit huge gap between limits/requests Apr 6, 2023
@jhertout jhertout transferred this issue from green-code-initiative/creedengo-challenge May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ecoCode-CI/CD
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JulienBertrand @jhertout