Container CPU and memory limits should be enforced

What does this mean?

This recommendation enforces that all containers define CPU and memory resource limits. Without limits, a single container can consume all available node resources, affecting other workloads and potentially causing node instability.

Benefits of implementation

• Prevents resource exhaustion from runaway containers
• Ensures fair resource distribution across workloads
• Improves cluster stability and predictability

Drawbacks and considerations

• Requires right-sizing limits per workload, which takes effort
• Too-restrictive limits can cause OOMKills or CPU throttling
• Dynamic workloads may need frequent limit adjustments

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.