lacework-global-735

Set the --client-ca-file argument as appropriate (Automated)

Description

Enable Kubelet authentication using certificates.

Remediation

If using a Kubelet config file:

Edit the file to set authentication: x509: clientCAFile to the location of the client CA file.

If using command line arguments:

Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in KUBELET_AUTHZ_ARGS variable:

--client-ca-file=<path/to/client-ca-file>

Reload the configuration to update it with the changes made using:

systemctl daemon-reload

Then restart the kubelet service using:

systemctl restart kubelet.service

References

https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

Set the --client-ca-file argument as appropriate (Automated)​

Description​

Remediation​

References​

Set the --client-ca-file argument as appropriate (Automated)

Description

Remediation

References