Kubernetes node's kubelet's rotateCertificates is set to false

Workload misconfigurations

Kubernetes node’s kubelet’s rotateCertificates is set to false

Platform(s)

Compliance Frameworks

AKS CIS
CCPA
CPRA
EKS CIS
GKE CIS
iso_27001_2022
iso_27002_2022
K8s CIS
K8s OWASP Top 10
NIST 800-171
NIST 800-190
NIST 800-53
PDPA
UK Cyber Essentials

Description

The kubelet reads various parameters, including security settings, from a config file. The --rotate-certificates setting causes the kubelet to rotate its client certificates by creating new CSRs as its existing credentials expire. This automated periodic rotation ensures that the there is no downtime due to expired certificates and thus addressing availability in the CIA security triad. Orca has detected that the rotateertificate flag is set to false on {K8sNode.Vm}.

Kubernetes node’s kubelet’s rotateCertificates is set to false

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS