Kubernetes Controller Manager terminated pod garbage collector argument is not set appropriately

Best practices

Kubernetes Controller Manager terminated pod garbage collector argument is not set appropriately

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCPA
CPRA
ISO/IEC 27001
K8s CIS
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

It was found that the argument --terminated-pod-gc-threshold in the Controller Manager configuration file is not set appropriately. This argument indicates the number of terminated pods after which garbage collector would be activated. Garbage collector is important to maintain sufficient resource availability and avoid performance issues. When not set in the Controller Manager file, the default is garbage collection after 12,500 terminated pods, which might be too high for system to sustain.

Recommended Mitigation

It is recommended to edit the Controller Manager configuration file and set a threshold value that meets your system needs for garbage collection by setting the --terminated-pod-gc-threshold argument.

Kubernetes Controller Manager terminated pod garbage collector argument is not set appropriately

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS