lacework-global-741

Set the --tls-cert-file and --tls-private-key-file arguments as appropriate (Automated)

Description

Setup Transport Layer Security (TLS) connection on the Kubelets.

Remediation

If using a Kubelet config file:

Edit the file to set tlsCertFile to the location of the certificate file to use to identify this Kubelet, and tlsPrivateKeyFile to the location of the corresponding private key file.

If using command line arguments:

Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameters in KUBELET_CERTIFICATE_ARGS variable:

--tls-cert-file=<path/to/tls-certificate-file> --tls-private-key-file=<path/to/tls-key-file>

Reload the configuration to update it with the changes made using:

systemctl daemon-reload

Then restart the kubelet service using:

systemctl restart kubelet.service

References

https://github.com/kelseyhightower/docker-kubernetes-tls-guide
https://jvns.ca/blog/2017/08/05/how-kubernetes-certificates-work/
https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/
https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/

Set the --tls-cert-file and --tls-private-key-file arguments as appropriate (Automated)​

Description​

Remediation​

References​

Set the --tls-cert-file and --tls-private-key-file arguments as appropriate (Automated)

Description

Remediation

References