Best practices

K8S API server configuration etcd encryption is not configured

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

etcd is a highly-available key value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should be protected by client authentication. This requires the API server to identify itself to the etcd server using a client certificate and key. Orca has detected that the '--etcd-certfile' or '--etcd-keyfile' are not set to a valid cert and key files.
  • Recommended Mitigation

    It is recommended to set the '--etcd-certfile' and '--etcd-keyfile' parameters in the configuration file to a valid certificate and key files.