Enforces that every container has an appropriate memory requests defined.
Note that this policy is part of the following security standards:
bsi/containerization
: BSI IT-Grundschutz "Containerisierung": Section: SYS.1.6.A15apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
resources:
requests:
cpu: "100m"
+ memory: "1G"
limits:
cpu: "500m"
securitytower.io/policy.exclusion.enforcememoryrequest
as on the example below.
apiVersion: apps/v1 kind: Deployment metadata: name: your-deployment annotations: securitytower.io/policy.exclusion.enforcememoryrequest: |- The performance tests are not finished. So we have no information which resources are required by this deployment. ...