The container must have resource request limits set.
An XCCDF Rule
Description
Setting a container resource request limit allows the container platform to determine the best location for the container to execute. The container platform looks at the resources available and finds the location that will require the minimum resources for the container to execute. Examples of resources that can be specified are CPU, memory, and storage.
- ID
- SV-270875r1050646_rule
- Version
- SRG-APP-000247-CTR-000330
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the container platform to restrict the ability of users or other systems to launch denial-of-service (DoS) attacks from the container platform components by setting resource limits on resources such as memory, storage, and CPU utilization.