Kubelet_pod_pids_limit and LimitMEMLOCK in kubelet configuration for production cluster

Anusha_Ruwanpathiran · May 7, 2025, 2:21pm

We are finalizing security configurations for our production Kubernetes cluster and would appreciate your review of the following proposed kubelet settings:

Proposed Configuration

PID Limits

pod_pids_limit: -1 (Unlimited) for all nodes

Memory Locking (mlock) Limits

Worker & Control Plane Nodes: LimitMEMLOCK=512M
etcd Nodes: LimitMEMLOCK=1G

Does this align with production security best practices?
Are there any risks with pod_pids_limit=-1 we should mitigate?

Topic		Replies	Views
Process ID Limiting for Stability Improvements in Kubernetes 1.14 General Discussions development , security	3	1608	May 29, 2020
Kubernetes.io Blog: Process ID Limiting for Stability Improvements in Kubernetes 1.14 General Discussions k8s-blog	0	672	April 15, 2019
Why a limit of 110 pods by worker? General Discussions	1	867	May 16, 2019
Specify fault domain microk8s	1	624	June 10, 2021
Process ID (PIDs) Limits are not set General Discussions kubernetes-custom-resources	2	708	August 10, 2021

Kubelet_pod_pids_limit and LimitMEMLOCK in kubelet configuration for production cluster

Proposed Configuration

Related topics