You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Reject creating objects in a namespace that is undergoing termination.
Rationale:
Setting admission control policy to NamespaceLifecycle ensures that objects cannot be
created in non-existent namespaces, and that namespaces undergoing termination are
not used for creating the new objects. This is recommended to enforce the integrity of
the namespace termination process and also for the availability of the newer objects.
Impact:
None
Audit:
Run the following command on the Control Plane node: ps -ef | grep kube-apiserver
Verify that the --disable-admission-plugins argument is set to a value that does not
include NamespaceLifecycle.
Default Value:
By default, NamespaceLifecycle is set.
Profile Applicability:
• Level 1 - Master Node
Description:
Reject creating objects in a namespace that is undergoing termination.
Rationale:
Setting admission control policy to NamespaceLifecycle ensures that objects cannot be
created in non-existent namespaces, and that namespaces undergoing termination are
not used for creating the new objects. This is recommended to enforce the integrity of
the namespace termination process and also for the availability of the newer objects.
Impact:
None
Audit:
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the --disable-admission-plugins argument is set to a value that does not
include NamespaceLifecycle.
Default Value:
By default, NamespaceLifecycle is set.
References:
The text was updated successfully, but these errors were encountered: