TF 0197 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the admission control plugin EventRateLimit is set
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes API server is not configured with the EventRateLimit admission control plugin, meaning it lacks controls to limit the rate of incoming API requests. This omission leaves the API server susceptible to excessive or abusive request traffic.
Impact
Without request rate limiting, attackers or misconfigured clients could overwhelm the API server with a high volume of requests, potentially leading to degraded performance, denial of service, or unavailability of Kubernetes cluster management operations.
Resolution
Follow the Kubernetes documentation and set the desired limits in a configuration file. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml and set the below parameters.