Workload misconfigurations

Kubernetes node’s kubelet configuration file owner is not root

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The kubeconfig file for kubelet controls various parameters for the kubelet service in the worker node. Orca has detected that the kubelet's kubeconfig file owner on {K8sNode.Vm} is set to {Vm.K8sKubeletKubeConfigs.ConfigFile.Group}:{Vm.K8sKubeletKubeConfigs.ConfigFile.User}. The file should be owned by root:root.
  • Recommended Mitigation

    Set {K8sNode}'s Kubelet kubeconfig file owner to the root user.