Best practices

Kubernetes Controller Manager terminated pod garbage collector argument is not set appropriately

Platform(s)

  • Non-platform specific

Compliance Frameworks
  • CCPA
    • ,
  • CPRA
    • ,
  • iso_27001_2022
    • ,
  • iso_27002_2022
    • ,
  • K8s CIS
    • ,
  • NIST 800-171
    • ,
  • NIST 800-190
    • ,
  • NIST 800-53
    • ,
  • PDPA
    • ,
  • UK Cyber Essentials

Description

It was found that the argument --terminated-pod-gc-threshold in the Controller Manager configuration file is not set appropriately. This argument indicates the number of terminated pods after which garbage collector would be activated. Garbage collector is important to maintain sufficient resource availability and avoid performance issues. When not set in the Controller Manager file, the default is garbage collection after 12,500 terminated pods, which might be too high for system to sustain.
Need help?

Get a free Security Risk Assessment. Start today

Eyebrow option

Demo the Orca Platform

In just 10 minutes, you’ll see how Orca Security can revolutionize your cloud security strategy. Watch a recorded demo from a cloud security expert now.

Get a Demo