C-0071 - Validate Kubelet TLS configuration
Validate Kubelet TLS configuration
Framework
Description of the the issue
Kubelets are the node level orchestrator in Kubernetes control plane. They are publishing service port 10250 where they accept commands from API server which contain sensitive information. The connection between API server and Kubelet must be encrypted and secured.
Related resources
What does this control tests
Reading the kubelet command lines and configuration file looking for client TLS configuration.
Remediation
Start the kubelet with the --tls-cert-file and --tls-private-key-file flags, providing the X509 certificate and its matching private key.
Example
No example
Updated 6 months ago
Did this page help you?