Ensure the --request-timeout argument is set appropriately
Error: The --request-timeout argument is not set appropriately
Bridgecrew Policy ID: BC_K8S_71
Checkov Check ID: CKV_K8S_95
The --request-timeout argument is not set appropriately
Set global request timeout for API server requests as appropriate. Setting global request timeout allows extending the API server request timeout limit to a duration appropriate to the user's connection speed. By default, it is set to 60 seconds which might be problematic on slower connections making cluster resources inaccessible once the data volume for requests exceeds what can be transmitted in 60 seconds. But, setting this timeout limit to be too large can exhaust the API server resources making it prone to Denial-of-Service attack. Hence, it is recommended to set this limit as appropriate and change the default limit of 60 seconds only if needed.
Fix - Buildtime
- Kind: Pod
apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: + - kube-apiserver + - --request-timeout=2m3s image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0 ...
Updated 4 months ago