CIS Kubernetes V1.20 Benchmark V1.0.0 L1 Worker

Details Ensure that if the kubelet refers to a configuration file with the –config argument, that file is owned by...

Details Ensure that the Kubelet is configured to only use strong cryptographic ciphers. Rationale: TLS ciphers have had a number...

Details Ensure that the kubelet service file ownership is set to root:root. Rationale: The kubelet service file controls various parameters...

Details Ensure that the kubelet service file has permissions of 644 or more restrictive. Rationale: The kubelet service file controls...

Details Allow Kubelet to manage iptables. Rationale: Kubelets can automatically manage the required changes to iptables based on how you...

Details Protect tuned kernel parameters from overriding kubelet default kernel parameter values. Rationale: Kernel parameters are usually tuned and hardened...

Details Enable kubelet client certificate rotation. Rationale: The –rotate-certificates setting causes the kubelet to rotate its client certificates by creating...

Details Do not disable timeouts on streaming connections. Rationale: Setting idle timeouts ensures that you are protected against Denial-of-Service attacks,...

Details Setup TLS connection on the Kubelets. Rationale: The connections from the apiserver to the kubelet are used for fetching...

Details Setup TLS connection on the Kubelets. Rationale: The connections from the apiserver to the kubelet are used for fetching...