Details
Activate garbage collector on pod termination, as appropriate.
Rationale:
Garbage collection is important to ensure sufficient resource availability and avoiding degraded performance and availability. In the worst case, the system might crash or just be unusable for a long period of time. The current setting for garbage collection is 12,500 terminated pods which might be too high for your system to sustain. Based on your system resources and tests, choose an appropriate threshold value to activate garbage collection.
Solution
Edit the Controller Manager pod specification file ‘/etc/kubernetes/manifests/kube-controller-manager.yaml’ on the master node and set the ‘–terminated-pod-gc-threshold’ to an appropriate threshold, for example:
–terminated-pod-gc-threshold=10
Impact:
None
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.