lacework-global-743

Set the RotateKubeletServerCertificate argument to true (Automated)

Description

Enable kubelet server certificate rotation.

Remediation

Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf on each worker node and set the below parameter in KUBELET_CERTIFICATE_ARGS variable:

--feature-gates=RotateKubeletServerCertificate=true

Reload the configuration to update it with the changes made using:

systemctl daemon-reload

Finally, restart the kubelet service using:

systemctl restart kubelet.service

References

https://kubernetes.io/docs/tasks/tls/certificate-rotation/
https://kubernetes.io/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#certificate-rotation

Set the RotateKubeletServerCertificate argument to true (Automated)​

Description​

Remediation​

References​

Set the RotateKubeletServerCertificate argument to true (Automated)

Description

Remediation

References