TF 0271 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure that the --terminated-pod-gc-threshold argument is set as appropriate
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
Description
The Kubernetes Controller Manager is missing the --terminated-pod-gc-threshold argument, which controls the automatic cleanup of terminated pods. Without this setting, old pod resources may accumulate unnecessarily.
Impact
Failure to set an appropriate threshold can lead to resource exhaustion on the control plane due to excessive terminated pods, potentially degrading cluster performance and stability, and increasing management overhead.
Resolution
Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml on the Control Plane node and set the --terminated-pod-gc-threshold to an appropriate threshold.