1.2.9 Ensure that the admission control plugin EventRateLimit is set

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Limit the rate at which the API server accepts requests.


Using EventRateLimit admission control enforces a limit on the number of events that the API Server will accept in a given time slice. A misbehaving workload could overwhelm and DoS the API Server, making it unavailable. This particularly applies to a multi-tenant cluster, where there might be a small percentage of misbehaving tenants which could have a significant impact on the performance of the cluster overall. Hence, it is recommended to limit the rate of events that the API server will accept.

Note: This is an Alpha feature in the Kubernetes 1.15 release.


You need to carefully tune in limits as per your environment.


Follow the Kubernetes documentation and set the desired limits in a configuration file.
Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml and set the below parameters.


Default Value:

By default, EventRateLimit is not set.

See Also