1.1.4 Ensure that the --kubelet-https argument is set to true

Information

Use https for kubelet connections.

Rationale:

Connections from apiserver to kubelets could potentially carry sensitive data such as secrets and keys. It is thus important to use in-transit encryption for any communication between the apiserver and kubelets.

Solution

Edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' on the master node and remove the '--kubelet-https' parameter.

See Also

https://workbench.cisecurity.org/files/2421

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv6|14.2, CSCv7|14.4

Plugin: Unix

Control ID: 0030269c5fd4bacd066a1742ae2a5cecc1dbe9d1b20cb2b82a8f9d3711482f04