iCompaas Support

Profile Applicability:

• Level 1
  

Description:

The --profiling argument controls whether profiling is enabled in the Kubernetes API server. Profiling is a diagnostic feature that allows for the collection of performance metrics for debugging and performance analysis. By setting --profiling to false, you disable this feature, thereby reducing the risk of exposing sensitive performance data or unnecessary resource consumption in production environments.

Rationale:

Disabling profiling in production clusters is a best practice to enhance security and performance. Enabling profiling could expose performance data, potentially including sensitive information, and can also add overhead to the API server. Keeping it disabled ensures that no unnecessary diagnostic data is being generated or exposed.

Impact:

• Pros:
  

  • Reduces the risk of exposing sensitive performance data that could be exploited by attackers.
    

  • Decreases overhead on the API server, improving performance and security.
    

• Cons:
  

  • Disabling profiling means that detailed performance metrics cannot be collected for debugging and troubleshooting, which could be valuable during development or for diagnosing production issues.
    

Default Value:

By default, --profiling is set to true, which enables profiling.

Pre-requisites:

• Ensure that no performance-related diagnostics are required for debugging the cluster in production environments.
  

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to your EKS Cluster.
   

3. Go to the API server configuration settings and verify that the --profiling argument is set to false in the configuration.
   

Using AWS CLI:

Run the following AWS CLI command to describe your EKS cluster's configuration:

aws eks describe-cluster --name <cluster-name> --query "cluster.config"

1. Verify that the --profiling argument is set to false in the configuration.
   

Implementation Plan

Using AWS Console:

1. Navigate to the EKS cluster in the AWS Console.
   

2. Under the Cluster Configuration section, modify the API server settings.
   

3. Set the --profiling argument to false.
   

4. Save the configuration and apply the changes.
   

Using AWS CLI:

Update the --profiling argument to false:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --set-profiling false

Backout Plan

Using AWS Console:

1. Navigate to the EKS cluster's API server configuration.
   

2. If necessary, revert the --profiling argument to true for debugging or performance analysis.
   

3. Save the configuration and redeploy the cluster.
   

Using AWS CLI:

If issues occur, revert the change using:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --set-profiling true

References:

• Kubernetes API Server Command-Line Flags
  

• EKS Cluster Management