lacework-global-740
Set the --eventrecordqps argument to 5 or higher to ensure appropriate event capture (Automated)
Description
Capture security relevant information. You can use the --eventrecordqps
flag on the Kubelet to limit the rate at which to gather events.
Setting this too low could result in not logging relevant events, with a value of 0
disabling rate limiting. The recommended value is 5 or higher
.
Remediation
If using a Kubelet config file:
Edit the file to set eventRecordQPS
to an appropriate level.
Note: If omitted, the default value is 50
, and setting to 0
disables rate limiting.
If using command line arguments:
Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
on each worker node and set the --event-qps
parameter in KUBELET_SYSTEM_PODS_ARGS
variable.
Note: If --event-qps
is absent or set to 0
, eventRecordQPS
uses the default value of 50
.
Reload the configuration to update it with the changes made using:
systemctl daemon-reload
Finally, restart the kubelet service using:
systemctl restart kubelet.service
References
https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/