kubelet - Do Not Disable Streaming Timeouts
An XCCDF Rule
Description
Timeouts for streaming connections should not be disabled as they help to prevent
denial-of-service attacks.
To configure streaming connection timeouts, edit the kubelet configuration
file /etc/kubernetes/kubelet.conf
on the kubelet node(s) and set the below parameter:
streamingConnectionIdleTimeout:
Rationale
Ensuring connections have timeouts helps to protect against denial-of-service attacks as well as disconnect inactive connections. In addition, setting connections timeouts helps to prevent from running out of ephemeral ports.
- ID
- xccdf_org.ssgproject.content_rule_kubelet_enable_streaming_connections_deprecated
- Severity
- Medium
- Updated