kubelet - Allow Automatic Firewall Configuration
An XCCDF Rule
Description
The kubelet has the ability to automatically configure the firewall to allow
the containers required ports and connections to networking resources and destinations
parameters potentially creating a security incident.
To allow the kubelet to modify the firewall, edit the kubelet configuration
file /etc/kubernetes/kubelet/kubelet-config.json
on the kubelet node(s) and set the below parameter:
makeIPTablesUtilChains: true
Rationale
The kubelet should automatically configure the firewall settings to allow access and networking traffic through. This ensures that when a pod or container is running that the correct ports are configured as well as removing the ports when a pod or container is no longer in existence.
- ID
- xccdf_org.ssgproject.content_rule_kubelet_enable_iptables_util_chains
- Severity
- Medium
- Updated