Kubernetes Engine support for resource leak protection

OCI Kubernetes Engine now helps to maintain the stability of a cluster's control plane by creating a validating admission webhook. Kubernetes Engine creates the oke-resource-leak-protection.cluster.com webhook by default in new and existing clusters that have ten or fewer worker nodes.

The webhook prevents the creation of new objects of a given type, if creating such objects would breach an internal limit for objects of that type. The webhook:

• rejects requests to create additional pods, if the total number of pods in the cluster would exceed 10,000
• rejects requests to create additional secrets, if the total number of secrets in the cluster would exceed 2,000

You have the option to disable, and subsequently re-enable, the oke-resource-leak-protection.cluster.com web hook.

For more information, see Protecting Kubernetes Clusters from Resource Leaks.