kubelet - Enable Client Certificate Rotation
An XCCDF Rule
Description
To enable the kubelet to rotate client certificates, edit the kubelet configuration
file /etc/kubernetes/kubelet/kubelet-config.json
on the kubelet node(s) and set the below parameter:
featureGates: ... RotateKubeletClientCertificate: true ...
Rationale
Allowing the kubelet to auto-update the certificates ensure that there is no downtime in certificate renewal as well as ensures confidentiality and integrity.
- ID
- xccdf_org.ssgproject.content_rule_kubelet_enable_client_cert_rotation
- Severity
- Medium
- Updated