Skip to content

Commit

Permalink
Merge pull request #398 from yktakaha4/fix-broken-link
Browse files Browse the repository at this point in the history 
fix broken link
  • Loading branch information
@jicowan
jicowan authored Oct 16, 2023
2 parents 7936769 + e3f38d3 commit c1046f5
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions content/security/docs/pods.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ If limits and requests are not set, the pod is configured as _best-effort_ (lowe
| Burstable | medium | limit != request != 0 | Can be killed if exceed request memory |
| Best-Effort| lowest | limit & request Not Set | First to get killed when there's insufficient memory |

For additional information about resource QoS, please refer to the [Kubernetes documentation](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/resource-qos.md).
For additional information about resource QoS, please refer to the [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/).

You can force the use of requests and limits by setting a [resource quota](https://kubernetes.io/docs/concepts/policy/resource-quotas/) on a namespace or by creating a [limit range](https://kubernetes.io/docs/concepts/policy/limit-range/). A resource quota allows you to specify the total amount of resources, e.g. CPU and RAM, allocated to a namespace. When it’s applied to a namespace, it forces you to specify requests and limits for all containers deployed into that namespace. By contrast, limit ranges give you more granular control of the allocation of resources. With limit ranges you can min/max for CPU and memory resources per pod or per container within a namespace. You can also use them to set default request/limit values if none are provided.

Expand Down Expand Up @@ -482,4 +482,4 @@ Policy-as-code and Pod Security Standards can be used to enforce this behavior.
+ A collection of common OPA and Kyverno [policies](https://github.com/aws/aws-eks-best-practices/tree/master/policies) for EKS.
+ [Policy based countermeasures: part 1](https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-1/)
+ [Policy based countermeasures: part 2](https://aws.amazon.com/blogs/containers/policy-based-countermeasures-for-kubernetes-part-2/)
+ [Pod Security Policy Migrator](https://appvia.github.io/psp-migration/) a tool that converts PSPs to OPA/Gatekeeper, KubeWarden, or Kyverno policies
+ [Pod Security Policy Migrator](https://appvia.github.io/psp-migration/) a tool that converts PSPs to OPA/Gatekeeper, KubeWarden, or Kyverno policies

0 comments on commit c1046f5

Please sign in to comment.