K8S API server configuration not using --etcd-cafile parameter

Best practices

K8S API server configuration not using –etcd-cafile parameter

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCPA
CPRA
ISO/IEC 27001
K8s CIS
K8s OWASP Top 10
Mitre ATT&CK
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

etcd is a highly-available key value store used by Kubernetes deployments for persistent storage of all of its REST API objects. These objects are sensitive in nature and should be protected by client authentication. This requires the API server to identify itself to the etcd server using a SSL Certificate Authority file. Orca has detected that the '--etcd-cafile' parameter is not set.

Recommended Mitigation

It is recommended to set the '--etcd-cafile' parameter in the configuration file to a valid file.

K8S API server configuration not using –etcd-cafile parameter

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS