An XCCDF Group - A logical subset of the XCCDF Benchmark
/etc/kubernetes/kubelet/kubelet-config.json
authentication: ... anonymous: enabled: false ...
authorization
Webhook
authorization: mode: Webhook ...
authentication: ... x509: clientCAFile: /etc/kubernetes/pki/ca.crt ...
... rotateCertificates: true ...
featureGates: ... RotateKubeletClientCertificate: true ...
makeIPTablesUtilChains: true
Protect tuned kernel parameters from being overwritten by the kubelet.
serverTLSBootstrap: true
streamingConnectionIdleTimeout
KubeletConfig
apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig metadata: name: kubelet-config-$pool spec: machineConfigPoolSelector: matchLabels: pools.operator.machineconfiguration.openshift.io/$pool_name: "" kubeletConfig: streamingConnectionIdleTimeout:
streamingConnectionIdleTimeout: