Run Kubescape with host sensor (see here)
cis-aks-t1.2.0, cis-eks-t1.2.0, cis-v1.23-t1.0.1
Overriding hostnames could potentially break TLS setup between the kubelet and the apiserver. Additionally, with overridden hostnames, it becomes increasingly difficult to associate logs with a particular node and process them for security analytics. Hence, you should setup your kubelet nodes with resolvable FQDNs and avoid overriding the hostnames with IPs.
Do not override node hostnames.
Run the following command on each node:
ps -ef | grep kubelet
--hostname-override argument does not exist.
Note This setting is not configurable via the Kubelet config file.
Edit the kubelet service file
/etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and remove the
--hostname-override argument from the
Based on your system, restart the
kubelet service. For example:
systemctl daemon-reload systemctl restart kubelet.service
Some cloud providers may require this flag to ensure that hostname matches names issued by the cloud provider. In these environments, this recommendation should not apply.
--hostname-override argument is not set.
Updated 28 days ago