Details
Use https for kubelet connections.
Rationale:
Connections from apiserver to kubelets could potentially carry sensitive data such as secrets and keys. It is thus important to use in-transit encryption for any communication between the apiserver and kubelets.
Impact:
You require TLS to be configured on apiserver as well as kubelets.
Solution
Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and remove the –kubelet-https parameter.
Default Value:
By default, kubelet connections are over https.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.