eks-1.7.0: allow default value for eventRecordQPS rule (#1954)

markusboehme · web-flow · commit 014ac455b57b · 2025-09-26T12:06:18.000+06:00
The CIS Benchmark for Amazon EKS v1.7.0, recommendation 3.2.7 asks to
"Ensure that the --eventRecordQPS argument is set to 0 or a level which
ensures appropriate event capture". The --event-qps option on the
command line and the eventRecordQPS option in the configuration file
both have the same default value of 5, but differ in how they treat the
an explicitly set value of 0:

  - The --event-qps command line option treats 0 as the default
    value of 5 QPS.
  - The eventRecordQPS configuration file option treats 0 as unlimited
    (and the absence of the option as the default value of 5 QPS).

Since setting --event-qps=0, using the default value, is acceptable for
the command line option, using the default value for eventRecordQPS by
not explicitly setting the option should be allowed as well. Note that
this is already the case in the configuration for the generic Kubernetes
CIS Benchmark.
diff --git a/cfg/eks-1.7.0/node.yaml b/cfg/eks-1.7.0/node.yaml
@@ -352,6 +352,10 @@ groups:
               compare:
                 op: gte
                 value: 0
+            - flag: --event-qps
+              path: '{.eventRecordQPS}'
+              set: false
+          bin_op: or
         remediation: |
           If using a Kubelet config file, edit the file to set eventRecordQPS: to an appropriate
           level.
