Best practices

Kubernetes Controller Manager terminated pod garbage collector argument is not set appropriately

Platform(s)

  • Non-platform specific

Compliance Frameworks

CCPA, CPRA, iso_27001_2022, iso_27002_2022, K8s CIS, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, UK Cyber Essentials

Description

It was found that the argument --terminated-pod-gc-threshold in the Controller Manager configuration file is not set appropriately. This argument indicates the number of terminated pods after which garbage collector would be activated. Garbage collector is important to maintain sufficient resource availability and avoid performance issues. When not set in the Controller Manager file, the default is garbage collection after 12,500 terminated pods, which might be too high for system to sustain.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo