Ensure that the Kubelet sets limits on the number of PIDs that can be created by pods running on the node. Rationale: By default pods running in a cluster can consume any number of PIDs, potentially exhausting the resources available on the node. Setting an appropriate limit reduces the risk of a denial of service attack on cluster nodes. Impact: Setting this value will restrict the number of processes per pod. If this limit is lower than the number of PIDs required by a pod it will not operate.
Solution
Decide on an appropriate level for this parameter and set it, either via the --pod-max-pids command line parameter or the PodPidsLimit configuration file setting. Default Value: By default the number of PIDs is not limited.