Ensure That The kubelet Server Key Is Correctly Set

An XCCDF Rule

Description

To ensure the kubelet TLS private server key certificate is configured, edit the kubelet configuration file /etc/kubernetes/kubelet.conf and configure the kubelet private key file.

tlsPrivateKeyFile: /path/to/TLS/private.key

Note that this particular rule is only valid for OCP releases up to and
including 4.8

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the /api/v1/namespaces/openshift-kube-apiserver/configmaps/config API endpoint to the local /api/v1/namespaces/openshift-kube-apiserver/configmaps/config file.

Rationale

Without cryptographic integrity protections, information can be altered by unauthorized users without detection.

ID: xccdf_org.ssgproject.content_rule_kubelet_configure_tls_key_pre_4_9
Severity: Medium
References: SC-8 SC-8(1) SC-8(2)

4.2.10

CCE-90542-2
Updated: about 1 year ago