Information
Ensure that Kubernetes PKI certificate files have permissions of 644 or more restrictive.
Rationale:
Kubernetes makes use of a number of certificate files as part of the operation of its components. The permissions on these files should be set to 644 or more restrictive to protect their integrity.
Impact:
None
Solution
Run the below command (based on the file location on your system) on the master node. For example,
chmod -R 644 /etc/kubernetes/pki/*.crt
Default Value:
By default, the certificates used by Kubernetes are set to have permissions of 644