1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMaps

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Limit the rate at which the API server accepts requests.

Rationale:

Using EventRateLimit admission control enforces a limit on the number of events that the API Server will accept in a given time slice. A misbehaving workload could overwhelm and DoS the API Server, making it unavailable. This particularly applies to a multi-tenant cluster, where there might be a small percentage of misbehaving tenants which could have a significant impact on the performance of the cluster overall. Hence, it is recommended to limit the rate of events that the API server will accept.

Note: This is an Alpha feature in the Kubernetes 1.15 release.

Impact:

None, as the OpenShift kubelet has been fixed to send fewer requests.

Solution

No remediation is required.

Default Value:

By default, the OpenShift kubelet has been fixed to send fewer requests.

See Also

https://workbench.cisecurity.org/files/4260