lacework-global-736
Set the --read-only-port argument to 0 (Automated)
Description
Disable the read-only port.
Remediation
Note: Kubernetes deprecated this parameter. Set via the kubelet's --config
flag instead.
If using a Kubelet config file:
Edit the file to set readOnlyPort
to 0
.
If using command line arguments:
Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
on each worker node and set the below parameter in KUBELET_SYSTEM_PODS_ARGS
variable.
--read-only-port=0
Reload the configuration to update it with the changes made using:
systemctl daemon-reload
Then restart the kubelet service using:
systemctl restart kubelet.service
References
https://kubernetes.io/docs/reference/access-authn-authz/node/
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/