lacework-global-741
Set the --tls-cert-file and --tls-private-key-file arguments as appropriate (Automated)
Description
Setup Transport Layer Security (TLS) connection on the Kubelets.
Remediation
If using a Kubelet config file:
Edit the file to set tlsCertFile
to the location of the certificate file to use to identify this Kubelet, and tlsPrivateKeyFile
to the location of the corresponding private key file.
If using command line arguments:
Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
on each worker node and set the below parameters in KUBELET_CERTIFICATE_ARGS
variable:
--tls-cert-file=<path/to/tls-certificate-file> --tls-private-key-file=<path/to/tls-key-file>
Reload the configuration to update it with the changes made using:
systemctl daemon-reload
Then restart the kubelet service using:
systemctl restart kubelet.service
References
https://github.com/kelseyhightower/docker-kubernetes-tls-guide
https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/
https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/