Ensure the --kubelet-https argument is set to True
Error: The --kubelet-https argument is not set to True
Bridgecrew Policy ID: BC_K8S_49
Checkov Check ID: CKV_K8S_71
Bridgecrew Severity: CRITICAL
Prisma Cloud Severity: HIGH
The --kubelet-https argument is not set to True
Description
Use https for kubelet connections. Connections from apiserver to kubelets could potentially carry sensitive data such as secrets and keys. It is thus important to use in-transit encryption for any communication between the apiserver and kubelets.
Fix - Buildtime
Kubernetes
- Kind Pod
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver
namespace: kube-system
spec:
containers:
- command:
+ - kube-apiserver
+ - --kubelet-https=true
image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
...
Updated 12 months ago