Skip to content

kubelet - Enable Server Certificate Rotation

An XCCDF Rule

Description

To enable the kubelet to rotate server certificates, edit the kubelet configuration file /etc/kubernetes/kubelet.conf on the kubelet node(s) and set the below parameter:

featureGates:
...
  RotateKubeletServerCertificate: true
...

Rationale

Allowing the kubelet to auto-update the certificates ensure that there is no downtime in certificate renewal as well as ensures confidentiality and integrity.

ID
xccdf_org.ssgproject.content_rule_kubelet_enable_server_cert_rotation_master
Severity
Medium
References
Updated