Best practices

Kubernetes Controller Manager RotateKubeletServerCertificate argument is not set to true

Platform(s)
  • Non-platform specific

Compliance Frameworks

CCPA, CPRA, iso_27001_2022, iso_27002_2022, K8s CIS, NIST 800-171, NIST 800-190, NIST 800-53, PDPA, UK Cyber Essentials

Description

It was found that the argument RotateKubeletServerCertificate under --feature-gate in the Controller Manager configuration file is not set to true. In case Kubelets get their certificates from the API server, this argument helps both requesting a serving certificate after bootstrapping and rotate their client credentials.