Best practices

Kubernetes Controller Manager terminated pod garbage collector argument is not set appropriately

Risk Level

Informational (4)

Platform(s)

  • N/A

Compliance Frameworks

Description

It was found that the argument --terminated-pod-gc-threshold in the Controller Manager configuration file is not set appropriately. This argument indicates the number of terminated pods after which garbage collector would be activated. Garbage collector is important to maintain sufficient resource availability and avoid performance issues. When not set in the Controller Manager file, the default is garbage collection after 12,500 terminated pods, which might be too high for system to sustain.

  • Recommended Mitigation

    It is recommended to edit the Controller Manager configuration file and set a threshold value that meets your system needs for garbage collection by setting the --terminated-pod-gc-threshold argument.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.