lacework-global-740

Set the --eventrecordqps argument to 5 or higher to ensure appropriate event capture (Automated)

Description

Capture security relevant information. You can use the --eventrecordqps flag on the Kubelet to limit the rate at which to gather events. Setting this too low could result in not logging relevant events, with a value of 0 disabling rate limiting. The recommended value is 5 or higher.

Remediation

If using a Kubelet config file:

Edit the file to set eventRecordQPS to an appropriate level.

Note: If omitted, the default value is 50, and setting to 0 disables rate limiting.

If using command line arguments:

Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the --event-qps parameter in KUBELET_SYSTEM_PODS_ARGS variable.

Note: If --event-qps is absent or set to 0, eventRecordQPS uses the default value of 50.

Reload the configuration to update it with the changes made using:

systemctl daemon-reload

Finally, restart the kubelet service using:

systemctl restart kubelet.service

References

https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

Set the --eventrecordqps argument to 5 or higher to ensure appropriate event capture (Automated)​

Description​

Remediation​

References​

Set the --eventrecordqps argument to 5 or higher to ensure appropriate event capture (Automated)

Description

Remediation

References