Configure the "client-ca-file" argument to organizational standards.

Back

CONTROL ID
14585

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Configure "Kubernetes" to organizational standards., CC ID: 14528

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Ensure that the --client-ca-file argument is set as appropriate Description: Setup TLS connection on the API server. Rationale: API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS traffic. If `--client-ca-file` … (1.2.31, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
Ensure that the --client-ca-file argument is set as appropriate Description: Enable Kubelet authentication using certificates. Rationale: The connections from the apiserver to the kubelet are used for fetching logs for pods, attaching (through kubectl) to running pods, and using the kubelet's port-f… (4.2.3, The Center for Internet Security Kubernetes Level 1 Worker Node Benchmark, v 1.6.0)
Ensure that the --client-ca-file argument is set as appropriate Description: Setup TLS connection on the API server. Rationale: API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS traffic. If `--client-ca-file` … (1.2.31, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)
Ensure that the --client-ca-file argument is set as appropriate Description: Enable Kubelet authentication using certificates. Rationale: The connections from the apiserver to the kubelet are used for fetching logs for pods, attaching (through kubectl) to running pods, and using the kubelet's port-f… (4.2.3, The Center for Internet Security Kubernetes Level 2 Worker Node Benchmark, v 1.6.0)