Detections
Analytics

Ensure that the admission control plugin EventRateLimit is set

MEDIUM

Description

Description:

Limit the rate at which the API server accepts requests.

Rationale:

Using 'EventRateLimit' admission control enforces a limit on the number of events that the API Server will accept in a given time slice. A misbehaving workload could overwhelm and DoS the API Server, making it unavailable. This particularly applies to a multi-tenant cluster, where there might be a small percentage of misbehaving tenants which could have a significant impact on the performance of the cluster overall. Hence, it is recommended to limit the rate of events that the API server will accept.

Note: This is an Alpha feature in the Kubernetes 1.15 release.

You need to carefully tune in limits as per your environment.

Remediation

Follow the Kubernetes documentation and set the desired limits in a configuration file.

Then, edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' and set the below parameters.

--enable-admission-plugins=...,EventRateLimit,...
--admission-control-config-file=<path/to/configuration/file>
.

Policy Details

Rule Reference ID: AC_K8S_0019
CSP: Kubernetes
Remediation Available: No
Domain: Compliance Validation
Resource: kubernetes_pod
Resource Category: Compute
Resource Type: Pod

Frameworks