Workload misconfigurations

Kubernetes node’s kubelet streaming-connection-idle-timeout is set 0

Platform(s)
  • Non-platform specific

Compliance Frameworks

AKS CIS, CCPA, CPRA, EKS CIS, GKE CIS, iso_27001_2022, iso_27002_2022, K8s CIS, K8s OWASP Top 10, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, STIG K8s, UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. Setting idle timeouts ensures that you are protected against Denial-of-Service attacks, inactive connections and running out of ephemeral ports. Orca has detected that the StreamingConnectionIdleTimeout is set to 0 on {K8sNode.Vm}.