Configure the "tls-cert-file" argument to organizational standards.

Back

CONTROL ID
14588

CONTROL TYPE
Configuration

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Configure "Kubernetes" to organizational standards., CC ID: 14528

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate Description: Setup TLS connection on the API server. Rationale: API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS tra… (1.2.30, The Center for Internet Security Kubernetes Level 1 Master Node Benchmark, v 1.6.0)
Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate Description: Setup TLS connection on the Kubelets. Rationale: The connections from the apiserver to the kubelet are used for fetching logs for pods, attaching (through kubectl) to running pods, and using the … (4.2.10, The Center for Internet Security Kubernetes Level 1 Worker Node Benchmark, v 1.6.0)
Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate Description: Setup TLS connection on the API server. Rationale: API server communication contains sensitive parameters that should remain encrypted in transit. Configure the API server to serve only HTTPS tra… (1.2.30, The Center for Internet Security Kubernetes Level 2 Master Node Benchmark, v 1.6.0)
Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate Description: Setup TLS connection on the Kubelets. Rationale: The connections from the apiserver to the kubelet are used for fetching logs for pods, attaching (through kubectl) to running pods, and using the … (4.2.10, The Center for Internet Security Kubernetes Level 2 Worker Node Benchmark, v 1.6.0)