Kubelet - Ensure Event Creation Is Configured

An XCCDF Rule

Description

Security relevant information should be captured. The eventRecordQPS Kubelet option can be used to limit the rate at which events are gathered. Setting this too low could result in relevant events not being logged, however the unlimited setting of 0 could result in a denial of service on the kubelet. Processing and storage systems should be scaled to handle the expected event load. To set the eventRecordQPS option for the kubelet, create a KubeletConfig option along these lines:

apiVersion: machineconfiguration.openshift.io/v1
kind: KubeletConfig
metadata:
   name: kubelet-config-$pool
spec:
    machineConfigPoolSelector:
        matchLabels:
            pools.operator.machineconfiguration.openshift.io/$pool_name: ""
    kubeletConfig:
        eventRecordQPS:

warning alert: Functionality Warning

The MachineConfig Operator does not merge KubeletConfig objects, the last object is used instead. In case you need to set multiple options for kubelet, consider putting all the custom options into a single KubeletConfig object.

Rationale

It is important to capture all events and not restrict event creation. Events are an important source of security information and analytics that ensure that your environment is consistently monitored using the event data.

ID: xccdf_org.ssgproject.content_rule_kubelet_configure_event_creation_worker
Severity: Medium
References: CIP-003-8 R6 CIP-004-6 R3 CIP-007-3 R6.1

CM-6 CM-6(1)

SRG-APP-000516-CTR-001325

4.2.9
Updated: about 1 year ago