Workload misconfigurations

Kubernetes node’s kubelet eventRecordQPS is greater than 5

Platform(s)
  • Non-platform specific

Compliance Frameworks
  • AKS CIS
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • EKS CIS
  • ,
  • GKE CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • K8s CIS
  • ,
  • K8s OWASP Top 10
  • ,
  • NIST 800-171
  • ,
  • NIST 800-190
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. The --eventRecordQPS flag on the Kubelet can be used to limit the rate at which events are gathered. It is important to capture all events and not restrict event creation. Events are an important source of security information and analytics that ensure that your environment is consistently monitored using the event data. Orca has detected that the eventRecordQPS parameter is set to a value greater than 5 on {K8sNode.Vm}.