Workload misconfigurations

Kubernetes node’s kubelet eventRecordQPS is greater than 5

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The kubelet reads various parameters, including security settings, from a config file. The --eventRecordQPS flag on the Kubelet can be used to limit the rate at which events are gathered. It is important to capture all events and not restrict event creation. Events are an important source of security information and analytics that ensure that your environment is consistently monitored using the event data. Orca has detected that the eventRecordQPS parameter is set to a value greater than 5 on {K8sNode.Vm}.
  • Recommended Mitigation

    Set {K8sNode}'s Kubelet's eventRecordQPS to a value smaller or equal to 5.