Ensure that the LifecycleAndUtilization Profile for the Kube Descheduler Operator is Enabled
An XCCDF Rule
Description
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. No pod should run for more than 24 hours. The availability of the applications in the pod should be ensured.
warning alert: Warning
This rule's check operates on the cluster configuration dump.
Therefore, you need to use a tool that can query the OCP API, retrieve the following:
-
/apis/operator.openshift.io/v1/kubedeschedulersAPI endpoint, filter with with thejqutility using the following filter[ .items[].spec | if any(.profiles[]; . =="LifecycleAndUtilization") and .deschedulingIntervalSeconds <= {{.kube_descheduler_interval}} and .mode == "Automatic" then true else false end]and persist it to the local
Rationale
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly.
- ID
- xccdf_org.ssgproject.content_rule_kube_descheduler_lifecycle_policy
- Severity
- Medium
- References
- Updated