Best practices

Kubernetes Controller Manager RotateKubeletServerCertificate argument is not set to true

Platform(s)

  • Non-platform specific

Compliance Frameworks

CCPA, CPRA, iso_27001_2022, iso_27002_2022, K8s CIS, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, UK Cyber Essentials

Description

It was found that the argument RotateKubeletServerCertificate under --feature-gate in the Controller Manager configuration file is not set to true. In case Kubelets get their certificates from the API server, this argument helps both requesting a serving certificate after bootstrapping and rotate their client credentials.
Need help?

Get a free Security Risk Assessment. Start today

A screenshot of the Orca platform dashboard summarizing all of your cloud security risks

Personalized Demo

See Orca Security in Action

Gain visibility, achieve compliance, and prioritize risks with the Orca Cloud Security Platform.

Get a Demo