We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.
We have noticed an instance of absent resource limit in one of your Kubernetes manifests. Without resource limits Kubernetes installations could be susceptible to DDOS attacks (reff: https://arxiv.org/pdf/2006.15275.pdf).
Dear Colleague,
We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.
We have noticed an instance of absent resource limit in one of your Kubernetes manifests. Without resource limits Kubernetes installations could be susceptible to DDOS attacks (reff: https://arxiv.org/pdf/2006.15275.pdf).
Location:
https://github.com/cloudify-cosmo/cloudify-kubernetes-plugin/blob/5594866e7141aa377d52df953b6cdb9d19a8d55d/examples/resources/pod.yaml#L6
Please fix this misconfiguration by adding requests and limits as shown here (https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.