Best practices

Kubernetes Controller Manager RotateKubeletServerCertificate argument is not set to true

Risk Level

Informational (4)

  • N/A


It was found that the argument RotateKubeletServerCertificate under --feature-gate in the Controller Manager configuration file is not set to true. In case Kubelets get their certificates from the API server, this argument helps both requesting a serving certificate after bootstrapping and rotate their client credentials.
  • Recommended Mitigation

    It is recommended to edit the Controller Manager configuration file on the master node and set the value ""True"" to the --feature-gates=RotateKubeletServerCertificate argument.