Set Pod Lifetime for the Deschedulers
An XCCDF Rule
Description
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. No pod should run for more than 24 hours. The availability of the applications in the pod should be ensured.
Rationale
If there is an increased risk of external influences and a very high need for protection, pods should be stopped and restarted regularly. With this an attacker who gained control over a pod loses it and the pod gets restarted from a known good state (the image).
- ID
- xccdf_org.ssgproject.content_rule_kube_descheduler_podlifetime
- Severity
- Medium
- References
- Updated