Workload misconfigurations

Kubernetes node’s kubelet make-iptables-util-chains is set false

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The kubelet reads various parameters, including security settings, from a config file. Kubelets can automatically manage the required changes to iptables based on how you choose your networking options for the pods. It is recommended to let kubelets manage the changes to iptables. This ensures that the iptables configuration remains in sync with pods networking configuration. Manually configuring iptables with dynamic pod network configuration changes might hamper the communication between pods/containers and to the outside world. Orca has detected that the MakeIPTablesUtilChains flag is set to false on {K8sNode.Vm}.
  • Recommended Mitigation

    Set {K8sNode}'s Kubelet's makeIPTablesUtilChains to true.