Skip to content

kubelet - Enable Client Certificate Rotation

An XCCDF Rule

Description

To enable the kubelet to rotate client certificates, edit the kubelet configuration file /etc/kubernetes/kubelet/kubelet-config.json on the kubelet node(s) and set the below parameter:

featureGates:
...
  RotateKubeletClientCertificate: true
...

Rationale

Allowing the kubelet to auto-update the certificates ensure that there is no downtime in certificate renewal as well as ensures confidentiality and integrity.

ID
xccdf_org.ssgproject.content_rule_kubelet_enable_client_cert_rotation
Severity
Medium
References
Updated