Classification:
compliance
Framework:
cis-kubernetes
Control:
1.3.2
Set up the kubernetes integration.
Disable profiling, if not needed.
Profiling allows for the identification of specific performance bottlenecks. It generates a significant amount of program data that could potentially be exploited to uncover system and program details. If you are not experiencing any bottlenecks and do not need the profiler for troubleshooting purposes, it is recommended to turn it off to reduce the potential attack surface.
Run the following command on the master node:
ps -ef | grep kube-controller-manager
Verify that the --profiling
argument is set to false
.
Edit the Controller Manager pod specification file /etc/kubernetes/manifests/kube-controller-manager.yaml
on the master node and set the below parameter:
--profiling=false
Profiling information would not be available.
By default, profiling is enabled.
Version 6.14 Controlled Access Based on the Need to Know
Version 7.4 Controlled Use of Administrative Privileges