kubelet - Enable Server Certificate Rotation
An XCCDF Rule
Description
To enable the kubelet to rotate server certificates, edit the kubelet configuration
file /etc/kubernetes/kubelet.conf
on the kubelet node(s) and set the below parameter:
featureGates: ... RotateKubeletServerCertificate: true ...
Rationale
Allowing the kubelet to auto-update the certificates ensure that there is no downtime in certificate renewal as well as ensures confidentiality and integrity.
- ID
- xccdf_org.ssgproject.content_rule_kubelet_enable_server_cert_rotation_master
- Severity
- Medium
- Updated