Ensure that the –tls-key-file argument are set as appropriate
| Property | |
|---|---|
| Language |  |
| Severity |  |
Description#
Kubelet instances are running without a properly configured –tls-key-file argument, meaning communication with the Kubelet may occur without TLS encryption. This exposes sensitive node traffic to interception and tampering.
Impact#
Without TLS key configuration, attackers could intercept or manipulate data exchanged between Kubernetes nodes and the control plane, potentially gaining access to credentials, workloads, or cluster management functions, leading to cluster compromise or data breaches.
Resolution#
If using a Kubelet config file, edit the file to set tlskeyFile to the location