Profile applicability: Level 1 - Master Node
Setup TLS connection on the API server.
API server communication contains sensitive parameters that should remain encrypted
in transit.
Configure the API server to serve only HTTPS traffic.
 |
NoteBy default,
--tls-cert-file and --tls-private-key-file are
presented and created for use. |
Impact
TLS and client certificate authentication must be configured for your Kubernetes cluster
deployment.
Audit
Run the following command on the Control Plane node:
ps -ef | grep kube-apiserver
Verify that the
--tls-cert-file and --tls-private-key-file
arguments exist and they are set as appropriate.Remediation
Follow the Kubernetes documentation and set up the TLS connection on the apiserver.
Then, edit
the API server pod specification file
/etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the
TLS certificate and private key file parameters.--tls-cert-file=<path/to/tls-certificate-file> --tls-private-key-file=<path/to/tls-key-file>