Profile applicability: Level 1 - Master Node
Explicitly set a service account private key file for service accounts on the controller
               manager.
To ensure that keys for service account tokens can be rotated as needed, a separate
               public/private key pair should be used for signing service account tokens. The private
               key should
               be specified to the controller manager with 
--service-account-private-key-file
               as appropriate.|  | NoteBy default,  --service-account-private-key-fileit not set. | 
Impact
You would need to securely maintain the key file and rotate the keys based on your
                  organization's key rotation policy.
Audit
Run the following command on the Control Plane node:
ps -ef | grep kube-controller-manager
Verify that the 
--service-account-private-key-file argument is set as
                  appropriate.Remediation
Edit the Controller Manager pod specification file
                  
/etc/kubernetes/manifests/kube-controller-manager.yaml on the Control Plane
                  node and set the --service-account-private-key-file parameter to the private
                  key file for service accounts.--service-account-private-key-file=<filename>
 
		