The --tls-cert-file and --tls-private-key-file arguments are not set appropriately for Kubelety

Description

API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS traffic by setup TLS connection on the API server. By default, --tls-cert-file and --tls-private-key-file arguments are not set.

Fix - Buildtime

Kubernetes

• Kind: Pod

apiVersion: v1
  kind: Pod
  metadata:
    creationTimestamp: null
    labels:
      component: kube-apiserver
      tier: control-plane
    name: kube-apiserver
    namespace: kube-system
  spec:
    containers:
    - command:
       - kube-apiserver
+      - --tls-cert-file=/path/to/cert
+      - --tls-private-key-file=/path/to/key
      image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0
      ...