API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS traffic. If
--client-ca-file argument is set, any request presenting a client certificate signed by one of the authorities in the
client-ca-file is authenticated with an identity corresponding to the CommonName of the client certificate.
Setup TLS connection on the API server.
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the
--client-ca-file argument exists and it is set as appropriate.
Follow the Kubernetes documentation and set up the TLS connection on the apiserver. Then, edit the API server pod specification file
/etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the client certificate authority file.
TLS and client certificate authentication must be configured for your Kubernetes cluster deployment.
--client-ca-file argument is not set.
Updated 12 days ago