Ensure the --streaming-connection-idle-timeout argument is not set to 0

Error: The --streaming-connection-idle-timeout argument is set to 0

Bridgecrew Policy ID: BC_K8S_99
Checkov Check ID: CKV_K8S_143
Severity: LOW

The --streaming-connection-idle-timeout argument is set to 0

Description

Do not disable timeouts on streaming connections.
Setting idle timeouts ensures that you are protected against Denial-of-Service attacks, inactive connections and running out of ephemeral ports.
By default, --streaming-connection-idle-timeout is set to 4 hours which might be too high for your environment. Setting this as appropriate would addition
ally ensure that such streaming connections are timed out after serving legitimate use cases.

Fix - Buildtime

Kubernetes

  • Kind: Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kubelet
    tier: control-plane
  name: kubelet
  namespace: kube-system
spec:
  containers:
  - command:
+   - kubelet
+   - --streaming-connection-idle-timeout=1
    image: gcr.io/google_containers/kubelet-amd64:v1.6.0
    ...