Network misconfigurations

K8S API server configuration without certificate authority

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the API server configuration parameter '--kubelet-certificate-authority'. Without it, the server does not validate the kubelet serving certificate which make the connection vulnerable to man-in-the-middle attack.
  • Recommended Mitigation

    It is recommended to set the '--kubelet-certificate-authority' configuration parameter.