💼 4.2 Kubelet

• ID: /frameworks/cis-gke-v1.0.0/04/02

Description

This section contains recommendations for kubelet configuration. Kubelet settings may be configured using arguments on the running kubelet executable, or they may be taken from a Kubelet config file. If both are specified, the executable argument takes precedence. To find the Kubelet config file, run the following command: ps -ef | grep kubelet | grep config If the --config argument is present, this gives the location of the Kubelet config file. This config file could be in JSON or YAML format depending on your distribution.

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 4.2.1 Ensure that the --anonymous-auth argument is set to false (Scored)					no data
💼 4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow (Scored)					no data
💼 4.2.3 Ensure that the --client-ca-file argument is set as appropriate (Scored)					no data
💼 4.2.4 Ensure that the --read-only-port argument is set to 0 (Scored)					no data
💼 4.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Scored)					no data
💼 4.2.6 Ensure that the --protect-kernel-defaults argument is set to true (Scored)					no data
💼 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true (Scored)					no data
💼 4.2.8 Ensure that the --hostname-override argument is not set (Scored)					no data
💼 4.2.9 Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture (Scored)					no data
💼 4.2.10 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Scored)					no data
💼 4.2.11 Ensure that the --rotate-certificates argument is not set to false (Scored)					no data
💼 4.2.12 Ensure that the RotateKubeletServerCertificate argument is set to true (Scored)					no data
💼 4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Not Scored)					no data