Profile applicability: Level 1 - Master Node
Configure TLS encryption for the etcd service.
etcd is a highly-available key value store used by Kubernetes deployments for persistent
               storage of all of its REST API objects. These objects are sensitive in nature and
               should be
               encrypted in transit.
|  | NoteBy default, TLS encryption is not set. | 
Impact
Client connections only over TLS would be served.
Audit
Run the following command on the etcd server node:
ps -ef | grep etcd
Verify that the 
--cert-file and the --key-file arguments are
                  set as appropriate.Remediation
Follow the etcd service documentation and configure TLS encryption. Then, edit the
                  etcd pod
                  specification file 
/etc/kubernetes/manifests/etcd.yaml on the master node and
                  set the below parameters.--cert-file=</path/to/ca-file> --key-file=</path/to/key-file>
 
		