Whe there is no specification of resources in the Kubernetes manifests and not applied limit ranges for the containers. As an attacker we can consume all the resources where the pod/deployment running and starve other resources and cause a DoS for the environment.
- To get started with the scenario, navigate to http://127.0.0.1:1236
- This deployment pod has not set any resource limits in the Kubernetes manifests. So we can easily perform the bunch of operations which can consume resources
- In this pod we have installed and ready to use utility called
stress-ng --vm 2 --vm-bytes 2G --timeout 30s
- You can see the differece between while running
kubectl top pod hunger-check-deployment-xxxxxxxxxx-xxxxx
This attack may not work in some cases like autoscaling, resources restrictions, etc.