Skip to content

The --kubelet-https argument is not set to True

Description

Use https for kubelet connections. Connections from apiserver to kubelets could potentially carry sensitive data such as secrets and keys. It is thus important to use in-transit encryption for any communication between the apiserver and kubelets.

Fix - Buildtime

Kubernetes

  • Kind Pod
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-apiserver
    tier: control-plane
  name: kube-apiserver
  namespace: kube-system
spec:
  containers:
  - command:
+   - kube-apiserver
+   - --kubelet-https=true
    image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
    ...