We identified the usage of a combination of configuration parameters:

Undefined runAsUser  
Undefined runAsNonRoot  
Undefined readOnlyRootFilesystem  
[missing] resources.limits  

If parameters are undefined, Kubernetes will apply default values

This combination may result in resource exhaustion (CPU/memory) and privileged container execution, which can crash pods or destabilize the node (Denial of Service). Malicious or misbehaving containers can consume excessive resources or manipulate the filesystem, leading to unplanned outages or degraded performance.

We provide supporting evidence from https://madhuakula.com/kubernetes-goat/docs/scenarios/scenario-13/denial-of-service-memory-and-cpu-resources-in-kubernetes-cluster which demonstrates how missing resource constraints and running as root can be abused to perform DoS attacks on nodes.

Even though the feature defaults to enabled: false, users who enable it without configuring resources or securityContext risk node-level DoS and privileged container execution.

Expected Behavior:
Containers should be deployed with defined resource requests and limits to enforce fair CPU/memory usage.
The securityContext should not rely on defaults.

Location: