Ensure Kubelet Client Certificate And Kubelet Client Key Are Set
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
The Kubernetes API server is not configured with the –kubelet-client-certificate and –kubelet-client-key flags, meaning it does not use client certificates to authenticate to kubelets. This weakens the security of communication between the API server and node kubelets.
Impact#
Without certificate-based authentication, the connection between the API server and kubelets could be vulnerable to unauthorized access or man-in-the-middle attacks, potentially allowing attackers to intercept or manipulate sensitive node operations and compromise cluster integrity.
Resolution#
Follow the Kubernetes documentation and set up the TLS connection between the apiserver and kubelets.