Information
Use https for kubelet connections.
Rationale:
Connections from apiserver to kubelets could potentially carry sensitive data such as secrets and keys. It is thus important to use in-transit encryption for any communication between the apiserver and kubelets.
Impact:
You require TLS to be configured on apiserver as well as kubelets.
Solution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and remove the --kubelet-https parameter.
Default Value:
By default, kubelet connections are over https.