C-0144 - Ensure that the Controller Manager --terminated-pod-gc-threshold argument is set as appropriate

Framework

cis-v1.23-t1.0.1

Severity

Medium

Description of the the issue

Garbage collection is important to ensure sufficient resource availability and avoiding degraded performance and availability. In the worst case, the system might crash or just be unusable for a long period of time. The current setting for garbage collection is 12,500 terminated pods which might be too high for your system to sustain. Based on your system resources and tests, choose an appropriate threshold value to activate garbage collection.

Related resources

Pod

What does this control test

Activate garbage collector on pod termination, as appropriate.

How to check it manually

Run the following command on the Control Plane node:

ps -ef | grep kube-controller-manager

Verify that the --terminated-pod-gc-threshold argument is set as appropriate.

Remediation

Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml on the Control Plane node and set the --terminated-pod-gc-threshold to an appropriate threshold, for example:

--terminated-pod-gc-threshold=10

Impact Statement

None

Default Value

By default, --terminated-pod-gc-threshold is set to 12500.

Example

No example