Back to all scenarios
Scenario #217
Security
K8s v1.20, On-Premise

Inadequate Container Resource Limits Leading to DoS Attacks

A lack of resource limits on containers allowed a denial-of-service (DoS) attack to disrupt services by consuming excessive CPU and memory.

Find this helpful?
What Happened

A container without resource limits was able to consume all available CPU and memory on the node, causing other containers to become unresponsive and leading to a denial-of-service (DoS).

Diagnosis Steps
  • 1Monitored resource usage with kubectl top pods and identified a container consuming excessive resources.
  • 2Inspected the deployment and found that resource limits were not set for the container.
Root Cause

Containers without resource limits allowed resource exhaustion, which led to a DoS situation.

Fix/Workaround
• Set appropriate resource requests and limits in the container specification to prevent resource exhaustion.
• Applied resource quotas to limit the total resource usage for namespaces.
Lessons Learned

Always define resource requests and limits to ensure containers do not overconsume resources and cause instability.

How to Avoid
  • 1Apply resource requests and limits to all containers.
  • 2Monitor resource usage and set appropriate quotas to prevent resource abuse.
Previous ScenarioNext Scenario