CIS Kubernetes V1.20 Benchmark V1.0.0 L1 Worker

Details NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance. Supportive Information...

Details Disable anonymous requests to the Kubelet server. Rationale: When enabled, requests that are not rejected by other configured authentication...

Details Do not allow all requests. Enable explicit authorization. Rationale: Kubelets, by default, allow all authenticated requests (even anonymous ones)...

Details Ensure that the certificate authorities file has permissions of 644 or more restrictive. Rationale: The certificate authorities file controls...

Details Enable Kubelet authentication using certificates. Rationale: The connections from the apiserver to the kubelet are used for fetching logs...

Details Ensure that the certificate authorities file ownership is set to root:root. Rationale: The certificate authorities file controls the authorities...

Details Do not override node hostnames. Rationale: Overriding hostnames could potentially break TLS setup between the kubelet and the apiserver....

Details Ensure that the kubelet.conf file ownership is set to root:root. Rationale: The kubelet.conf file is the kubeconfig file for...

Details Ensure that the kubelet.conf file has permissions of 644 or more restrictive. Rationale: The kubelet.conf file is the kubeconfig...

Details Ensure that if the kubelet refers to a configuration file with the –config argument, that file has permissions of...