lacework-global-743
Set the RotateKubeletServerCertificate argument to true (Automated)
Description
Enable kubelet server certificate rotation.
Remediation
Edit the kubelet service file /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
on each worker node and set the below parameter in KUBELET_CERTIFICATE_ARGS
variable:
--feature-gates=RotateKubeletServerCertificate=true
Reload the configuration to update it with the changes made using:
systemctl daemon-reload
Finally, restart the kubelet service using:
systemctl restart kubelet.service
References
https://kubernetes.io/docs/tasks/tls/certificate-rotation/
https://kubernetes.io/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#certificate-rotation