amazon-eks-ami Kubebench report - Ensure that the --tls-cert-file and --tls-private-key-file arguments in EKS are set as appropriate

Kubebench report - Ensure that the --tls-cert-file and --tls-private-key-file arguments in EKS are set as appropriate

Open KR411-prog opened this issue 4 years ago • 3 comments

I am getting "Ensure that the --tls-cert-file and --tls-private-key-file arguments in EKS are set as appropriate" issue in Kubebench report for my EKS cluster.

I could find the Kubelet server certificates under /var/lib/kubelet/pki .They are default certs and valid for 1 year.

As per kubelet config ,looks like the cert rotation RotateKubeletServerCertificate is enabled by default.Does this mean the rotation of the certs automatically happens before the certs expiry?

Also I have not set --tls-cert-file and --tls-private-key-file arguments in kubelet config.But I guess by default the certs are passed from cert-dir default path /var/lib/kubelet/pki.Does this mean Kubelet serves HTTPS API requests using this certs by default?

Environment: Test

AWS Region:us-west-2
Kubernetes version : 1.15

May 21 '20 19:05 KR411-prog

amazon-eks-ami amazon-eks-ami copied to clipboard

Kubebench report - Ensure that the --tls-cert-file and --tls-private-key-file arguments in EKS are set as appropriate

amazon-eks-ami
amazon-eks-ami copied to clipboard