eks-anywhere icon indicating copy to clipboard operation
eks-anywhere copied to clipboard
verified publisher icon aws

vSphere Bottlerocket EKSA unable to pass CIS Benchmark at 4.2.13 - Ensure that a limit is set on pod PIDs

Open macintoshme opened this issue 1 year ago • 0 comments

What happened:

We are currently seeing the default settings result in clusters allowing 4M pids. According to kubernetes documentation, this is a setting you pass to kubelet.

https://kubernetes.io/docs/concepts/policy/pid-limiting/#pod-pid-limits

What you expected to happen:

However those tunables aren't available to EKSA Configs: https://anywhere.eks.amazonaws.com/docs/getting-started/vsphere/vsphere-spec/

We anticipate it would be located under kubernetes options here: https://anywhere.eks.amazonaws.com/docs/getting-started/optional/hostosconfig/#kubernetes

However, it is not listed.

How to reproduce it (as minimally and precisely as possible): See Above

Anything else we need to know?: Case ID 170619344001280

macintoshme avatar Feb 20 '24 13:02 macintoshme