Explicit request-timeout not set
ID |
api_server_request_timeout |
Severity |
low |
Vendor |
Kubernetes |
Resource |
kube-apiserver |
Tags |
reachable |
Description
--request-timeout establish the length of time to wait before giving up on a single server request
By default, it is set to 1 minute, but it is recommended to make this limit explicit as appropriate.
Examples
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: weak
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver (1)
- --authorization-mode=RBAC,Node
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0| 1 | Default --request-timeout is 60 seconds. |
Mitigation / Fix
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: good
namespace: kube-system
spec:
containers:
- command:
- kube-apiserver
- --authorization-mode=RBAC,Node
- --request-timeout=1m30s (1)
image: gcr.io/<image>| 1 | Increase `--request-timeout' when requests exceed the default 60 seconds or decrease to avoid resource exhaustion. |