Deployment Without Resource Limits
Validate a Kubernetes Deployment manifest that is missing CPU and memory resource requests and limits on its containers. Learn why resource limits matter.
Detailed Explanation
Why Resource Limits Matter in Kubernetes
One of the most common Kubernetes misconfigurations is deploying containers without resource requests and limits. When you omit these fields, your containers can consume unlimited CPU and memory on the node, creating "noisy neighbor" problems that degrade other workloads.
Example Manifest with Missing Limits
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
labels:
app: web
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: nginx:1.25
ports:
- containerPort: 80
What the Validator Flags
- Warning: Container 'web' has no resource requests or limits defined
- Warning: No livenessProbe defined
- Info: No readinessProbe defined
- Warning: No securityContext.runAsNonRoot set
The Fix
Add resources to every container:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
Impact of Missing Limits
| Scenario | Without Limits | With Limits |
|---|---|---|
| Memory leak | OOMKills other pods | Only the leaking pod is killed |
| CPU spike | Starves neighboring pods | Throttled to its limit |
| Scheduling | No guaranteed resources | Scheduler places pod correctly |
| Cluster autoscaling | Cannot calculate needed capacity | Accurate scaling decisions |
Setting appropriate requests and limits is essential for production workloads. Requests determine scheduling, while limits prevent resource exhaustion.
Use Case
Reviewing Deployment manifests before applying them to a production cluster to ensure all containers have proper resource constraints. Critical during code review of infrastructure changes.